Privacy Policy
This Privacy Policy explains how Omnify ("Omnify", "we", "us", or "our") collects, uses, stores, and protects personal data when merchants use the Omnify Shopify application and related services (the "Services").
Scope of this policy
This policy applies to:
- The Omnify Shopify embedded app
- Omnify-hosted services at https://omnify.cpg-labs.io
- All features including Local Delivery, Retail Expansion, and Analytics
Omnify acts primarily as a data processor on behalf of merchants.
Personal data we process
Merchant and app data
- Shopify shop identifier
- App installation metadata
- Session and authentication tokens
Order and customer data (via Shopify API)
- Order identifiers
- Order totals and line items
- Fulfillment method and delivery tags
- Customer city, postal code, and country
- Delivery address coordinates (derived via geocoding)
Location and mapping data
- Fulfillment location coordinates
- Retail candidate locations entered by merchants
- Influence radius and geographic analytics
Technical and usage data
- IP address
- Browser and device metadata
- Application logs and error reports
Omnify does not collect payment card numbers or sensitive personal data.
How we use data
Personal data is processed strictly to:
- Enable local delivery route planning and visualization
- Analyze customer geography for retail expansion decisions
- Compute sales, revenue, and performance analytics
- Operate, secure, and improve the Services
- Comply with legal obligations
Data is never used for advertising or resold.
Data storage and persistence
Data is stored using:
- AWS RDS PostgreSQL for app configuration and analytics
- Shopify order tags for route assignment persistence
- JSON storage for cached retail expansion analytics
- AWS CloudWatch for logs
Data is hosted in us-east-1.
Legal bases for processing
We process personal data under the following legal bases:
- Performance of a contract with merchants
- Legitimate interest in operating and improving the Services
- Compliance with legal obligations
- Consent where required by law
International transfers
Personal data may be transferred and processed outside the user's jurisdiction, including in the United States. Omnify applies appropriate safeguards such as contractual protections and security controls.
Data retention
- Order and customer analytics are retained while the merchant account is active
- Cached analytics data is periodically refreshed and overwritten
- Logs are retained for a limited operational period
- Data is deleted or anonymized upon app uninstallation, subject to legal requirements
Security measures
Omnify applies:
- TLS encryption in transit
- Encrypted storage at rest
- Role-based access controls
- Secure secret management via AWS SSM
- Continuous monitoring and logging
User rights
Depending on jurisdiction (LGPD, GDPR, CCPA/CPRA), users may request:
- Access to personal data
- Correction or deletion
- Data portability
- Restriction or objection to processing
- Withdrawal of consent
Requests can be made via the contact details below.
Children's privacy
Omnify does not knowingly process personal data of children under 13 (or under 16 where applicable).
Changes to this policy
This Privacy Policy may be updated periodically. Continued use of the Services indicates acceptance of the updated version.
Contact
Email: lucas@cpg-labs.io