SupplierSafe Privacy Policy

Overview

SupplierSafe (“the App”) is built and operated by Bytefeed. It helps Shopify merchants validate and clean supplier product files before importing them into Shopify. This policy explains what data we collect, how we use it, and your rights regarding that data.

File Processing

Supplier CSV and Excel files are processed entirely in your browser. File contents are never uploaded to SupplierSafe or Bytefeed servers. No product, supplier, or pricing data from your files is transmitted to or stored by us.

Data We Collect

When you install SupplierSafe, Shopify OAuth provides us with a session token that identifies your store. We store this session data (your shop domain and access token) to keep the app installed and authenticated inside Shopify Admin. We do not request, access, or store any customer data, order data, product data, or financial information from your Shopify store.

We do not use your store information for marketing, profiling, or advertising. It is used solely to operate and secure the App.

Data Retention

Session data is retained for as long as the app remains installed on your store. When you uninstall SupplierSafe, or when we receive a data deletion request from Shopify, your session data is deleted from our database promptly in compliance with Shopify's data protection requirements.

Third-Party Services

The App is hosted on Vercel (vercel.com). Session data is stored in a Neon Postgres database (neon.tech). Both providers operate under their own privacy policies and maintain industry-standard security practices. No data is shared with any other third parties.

Cookies

The App runs embedded inside Shopify Admin and uses Shopify's App Bridge. Shopify may set cookies necessary for authentication and session management. We do not set any additional tracking or advertising cookies.

GDPR & Your Rights

If you are located in the European Economic Area, you have the right to access, correct, or delete the personal data we hold about you. For SupplierSafe, “personal data” is limited to your Shopify store's domain name and the authentication token required to keep the app connected to your store. To exercise these rights, contact us at the address below. We will respond within 30 days.

Changes to This Policy

If we add features that require new data access, this policy will be updated before those features are released. Continued use of the App after changes constitutes acceptance of the updated policy.

Governing Law

This policy is governed by the laws of the United States and applicable data protection laws in your region.

Contact

For privacy questions, data requests, or concerns, contact Bytefeed at hi@bytefeed.io.