Privacy Policy
Last updated: June 2026. OrderPoint ("the app") is operated by Toolster ("we"). This policy describes what data the app touches when you install it on your Shopify store, and what we do with it.
What we store
- Catalog aggregates: product and variant titles, SKUs, inventory levels, and per-variant sales totals over the trailing 90 days (counts only — never who bought).
- Your purchasing data: suppliers you create (name, email, lead times, costs), purchase orders, and receiving history.
- Settings: reorder defaults and, if you enable digests, the email address you choose to receive them at.
- Authentication: the offline access token Shopify issues the app, stored encrypted at rest on our hosting provider.
What we deliberately do not store
No customer names, emails, addresses, or payment details. Order webhooks are reduced to per-product quantity counts at ingestion; the customer portion of the payload is discarded immediately.
Where it lives
Data is hosted with our infrastructure provider (Fly.io) and, if you use email features, supplier emails and digests are delivered via Resend. These sub-processors only receive what is necessary to provide the service.
Deletion
Uninstalling the app revokes its access immediately. Shopify sends us a redaction request 48 hours after uninstall, at which point all stored data for your shop — suppliers, purchase orders, caches, settings — is permanently deleted. You can also request immediate deletion at any time via the contact below.
GDPR & compliance webhooks
The app implements Shopify's mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact). Because we hold no customer-level data, customer requests resolve to an empty set; shop-level redaction purges everything described above.
Contact
Questions or deletion requests: orderpoint@toolster.io.