Privacy Policy

SalePilot - Sale and Discount — last updated 11 June 2026

This Privacy Policy explains what data the SalePilot - Sale and Discount app (the “App”, provided by WebStarStudio) accesses, why, and how it is handled when you install it on your Shopify store. By installing the App you agree to this policy.

1. Data we access

With your authorization (Shopify scope write_products), the App accesses, through the Shopify Admin API:

• Product and variant data: titles, prices, compare-at prices, images, tags, collections.
• Your store domain and the offline access token Shopify issues at install.

The App does not access, collect, or store your customers’ personal data (no names, emails, addresses, or orders).

2. Data we store

• Your store domain and OAuth access token (to make authorized API calls on your behalf).
• The discount/sale configurations you create (name, discount, targets, schedule).
• Snapshots of product prices taken before a sale is applied, used to restore the original prices exactly when the sale ends.
• If you use the in-app contact form, the name, email and message you submit.

3. Why we process this data

Solely to provide the App’s functionality: scheduling and applying discounts, setting compare-at (strikethrough) prices, restoring original prices, and editing prices in bulk. We do not use your data for advertising and we never sell it.

4. Where data is stored & sub-processors

• Supabase (PostgreSQL database, EU region) — stores the data in section 2.
• Vercel — hosting of the App’s servers.
• Brevo — only when you submit the contact form, to deliver your message to our support inbox.

5. Data retention & deletion

When you uninstall the App, Shopify notifies us and we delete all data associated with your store. We implement Shopify’s mandatory privacy webhooks:

• customers/data_request and customers/redact — the App holds no customer personal data, so there is nothing to return or erase.
• shop/redact — we permanently delete your store’s data (sessions, sale configurations and price snapshots), normally within 48 hours of uninstall.

6. Security

Data is transmitted over HTTPS and stored on managed, access-controlled infrastructure. Access tokens are used only server-side to call the Shopify Admin API.

7. Your rights

You can request access to, correction of, or deletion of your store’s data at any time by contacting us. Uninstalling the App triggers automatic deletion as described above.

8. Changes to this policy

We may update this policy; the “last updated” date above reflects the latest version. Material changes will be communicated through the App or the App Store listing.

9. Contact

Questions about this policy or your data? Email us at app@webstarstudio.it.