Privacy Policy
1. Introduction
This Privacy Policy describes how WEDO Inc ("we," "us," or "our") collects, uses, stores, and protects information when you install and use WEDO Inventory (the "App") through the Shopify App Store. The App is available at wedoinventory.app and is designed for Shopify merchants to manage inventory, bills of materials, and purchasing workflows.
By installing the App, you agree to the practices described in this Policy.
2. Who we are
WEDO Inc is the developer and operator of WEDO Inventory. We are based in North Carolina, USA. Email: hello@wedoworldwide.com. Website: wedoinventory.app.
For merchants located in the European Union or United Kingdom, we act as a data processor with respect to any Shopify store data we handle, and you (the merchant) act as the data controller.
3. Scope and audience
The App is a business-to-business (B2B) tool. Our direct customers are Shopify merchants. We do not collect, access, or process data belonging to your end customers (shoppers). This Policy covers information we receive through your store's Shopify integration and information you enter directly into the App.
4. What we collect
Store identity and authentication. Your Shopify shop domain (e.g., yourstore.myshopify.com) and your Shopify API access token, encrypted at rest using AES-256-GCM.
Shopify product data (read from Shopify). Product IDs (numeric), product titles, and SKUs, used for display and refreshed from Shopify on demand.
Order webhook data (orders/create). When an order is created we extract and store only: line item product ID, line item variant ID, line item quantity, line item title. We do not store, log, or retain customer-identifying fields from order webhooks. Customer names, emails, phone numbers, billing addresses, and shipping addresses are not requested and not stored.
Merchant-entered inventory data. Components (SKU, name, supplier reference, stock counts, unit cost), suppliers (name, contact info you enter, lead time), bills of materials, purchase orders, production runs, and stock transaction audit log entries.
Technical and usage data. Vercel runtime request logs (HTTP method, path, status, response time, timestamp). Retained for 24 hours per Vercel's Pro plan retention policy. We do not log request bodies, headers, or cookies.
5. What we do not collect
- Customer names, email addresses, phone numbers, or physical addresses
- Payment card details or financial information (all billing handled by Shopify Managed Billing)
- Browser cookies or persistent tracking identifiers
- Analytics or behavioral tracking data beyond standard server request logs
- Any data fields covered by Shopify's Protected Customer Data policy tiers 1–3
WEDO Inventory operates at Level 0 of Shopify's Protected Customer Data framework — we declared to Shopify that we do not access protected customer data.
6. How we use your information
- Service delivery — authenticate your store, display your products, power inventory tracking, BOM, and purchasing features
- Order-driven inventory — automatically decrement component stock on order webhooks
- Audit and traceability — maintain stock transaction logs
- Support — diagnose and resolve technical issues when you contact us
- Security — detect and prevent unauthorized access
We do not sell your data. We do not use your data for advertising or marketing. We share data only with the sub-processors below.
7. Sub-processors
| Sub-processor | Role | Location |
|---|---|---|
| Vercel, Inc. | Application hosting and serverless compute | United States |
| Supabase, Inc. | Managed PostgreSQL database | United States (US East) |
| Shopify Inc. | Platform integration and billing | Canada / Global |
All sub-processors are bound by data processing agreements and applicable data protection law. Data is hosted in the United States.
8. International data transfers
If you are based in the European Economic Area or the United Kingdom, your store data is transferred to and processed in the United States when you use the App. We rely on Standard Contractual Clauses as incorporated into our sub-processors' data processing agreements.
9. Data retention
| Data category | Retention period |
|---|---|
| Shop domain and access token | While installed; deleted within 30 days of uninstall or on shop/redact webhook |
| Product IDs, titles, SKUs | Refreshed on demand; deleted on shop redact |
| Order line item data | Life of installation; deleted on shop redact |
| Merchant inventory data | Life of installation; deleted on shop redact |
| Stock transaction audit log | Life of installation; deleted on shop redact |
| Vercel runtime request logs | 24 hours (Pro plan retention) |
When you uninstall, we process Shopify's shop/redact webhook and cascade-delete all records associated with your store from our database.
10. Security
- Shopify access tokens encrypted at rest using AES-256-GCM
- All data in transit protected by TLS 1.2 or higher
- Database access restricted by role-based permissions within Supabase
- No production credentials stored in source code or version control
11. Your rights
For EU and UK merchants (GDPR / UK GDPR). You have the right to access, correct, request deletion, object to or restrict processing, receive your data in a portable format, and lodge a complaint with your supervisory authority.
For California merchants (CCPA). As a business entity, you are generally outside CCPA's consumer-facing provisions. For supplier contact information you have entered, you have the right to know what is collected, request deletion, and opt out of sale (we do not sell data).
Shopify GDPR webhooks. We handle Shopify's mandatory webhooks:
customers/data_request— we respond with confirmation. We do not store Shopify customer data.customers/redact— we respond with confirmation. No customer data exists in our systems to redact.shop/redact— we delete all data associated with the requesting shop.
To exercise data rights, contact hello@wedoworldwide.com. We respond within 30 days.
12. Cookies
The App does not use cookies for tracking or advertising. Any session-related cookies set within the embedded Shopify admin context are Shopify-controlled.
13. Changes to this policy
We may update this Policy from time to time. Material changes are reflected in the "Last Updated" date. Continued use after the effective date constitutes acceptance.
14. Contact
Email: hello@wedoworldwide.com
Website: wedoinventory.app
WEDO Inc, North Carolina, USA