Privacy Policy

MarginMate ("we", "our", or "the app") is a Shopify embedded application built by Creatix. This policy explains what data we collect when you install MarginMate on your Shopify store, how we use it, and your rights regarding that data.

When you install MarginMate, we collect and store:

• Store information — your shop domain, store name, and owner email address provided by Shopify during installation.
• Product and variant data — product titles, variant names, SKUs, and inventory item IDs synced from your Shopify catalog.
• Cost data you enter — materials, overhead items, labour costs, and cost-of-goods figures you create inside the app.
• Session tokens — OAuth access tokens required to communicate with the Shopify API on your behalf. These are encrypted at rest.
• Billing status — your subscription plan and trial status, managed via the Shopify Billing API. We do not store payment details.

• Your customers' personal information (names, emails, addresses, or order history)
• Payment card or banking information
• Data from any store other than your own

• To sync your products and variants and display them inside the app
• To calculate and store cost-of-goods figures for your products
• To write the cost of goods back to Shopify's inventory cost field on your behalf
• To manage your subscription and enforce plan limits
• To send transactional emails related to your account (billing, important notices)

We do not sell, rent, or share your data with third parties for marketing purposes.

MarginMate uses the following sub-processors to operate the service:

• Supabase — database hosting (US West region). Your store and cost data is stored here. See Supabase's Privacy Policy.
• Vercel — application hosting (global edge network). See Vercel's Privacy Policy.
• Shopify — OAuth authentication and billing. Your use of Shopify is governed by Shopify's Privacy Policy.
• PostHog — anonymous product analytics on the marketing site (marginmate.app). No personally identifiable information is sent. See PostHog's Privacy Policy.

Your data is retained for as long as MarginMate is installed on your store. When you uninstall the app, we receive a Shopify app/uninstalled webhook and delete your store record and associated session tokens within 48 hours. Cost data (materials, products, overhead) is retained for 30 days after uninstall to allow reinstallation without data loss, then permanently deleted.

MarginMate is compliant with Shopify's mandatory privacy webhook requirements:

• Customer data requests — we respond to customers/data_request webhooks. MarginMate does not store customer personal data, so these requests return an empty data set.
• Customer data erasure — we respond to customers/redact webhooks. As we hold no customer data, no erasure action is required.
• Shop data erasure — we respond to shop/redact webhooks and permanently delete all store data within 10 business days of receipt.

Depending on your location, you may have rights including access, correction, deletion, and portability of your data. To exercise any of these rights, contact us at the email below and we will respond within 30 days.

All data is transmitted over HTTPS. OAuth access tokens are encrypted at rest. Access to production data is restricted to authorised Creatix personnel only. We follow Shopify's security best practices for embedded app development.

We may update this policy from time to time. Material changes will be communicated via the email address associated with your Shopify store. Continued use of the app after changes constitutes acceptance of the updated policy.

Questions about this policy? Email us at hello@marginmate.app.

Creatix · Los Angeles, CA