Privacy Policy

Last updated: March 2026  ·  Questions: privacy@goodsin.app

GoodsIn ("we", "us", "our") is a Shopify embedded app developed by Ripen Studio. This policy explains what data we collect, how we use it, and your rights as a merchant or end user.

1. Who this policy applies to

This policy applies to Shopify merchants who install GoodsIn, and to any staff members who use the app on their behalf. GoodsIn is a business-to-business tool — we do not sell to or collect data from consumers directly.

2. What data we collect

When you install and use GoodsIn, we collect and store the following:

• Shop data: Your Shopify store domain, access token (encrypted), and billing plan information — required to operate the app and process billing via Shopify.
• Receive delivery data: The contents of your receiving deliveries — SKUs, barcodes, product names, variant titles, and quantities (ordered, received, rejected, backordered). This data is entered by you and stored so you can resume deliveries and reprint labels.
• CSV mapping preferences: Your column mapping configuration, saved so you don't have to re-map columns on every import.
• Label templates: The label template configurations you create (fields, font sizes, barcode types).
• Product data from Shopify: When you search for products or match SKUs, we query the Shopify Admin GraphQL API to retrieve product titles, variant titles, and barcodes. We do not store a full copy of your product catalogue — we only store the product data that appears in your receiving deliveries.

We do not collect personal data about your customers. We do not access your Shopify storefront, orders, or customer records.

3. How we use your data

• To operate the app — save and retrieve receiving deliveries, generate labels, and produce discrepancy reports.
• To remember your preferences — column mappings and label templates.
• To manage your subscription via Shopify Billing.
• To send operational alerts to our development team if the PO Autofill browser extension detects a compatibility issue (these alerts contain no merchant data — only a notification that a health check failed).

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

4. Third-party services

• Shopify: GoodsIn is embedded in Shopify and uses the Shopify Admin API and Shopify Billing API. Shopify's own privacy policy governs your relationship with Shopify.
• Railway: Our hosting provider (Railway.app) hosts the application and database on infrastructure in the United States.
• Resend: Used to send operational alert emails to Ripen Studio developers. No merchant data is included in these emails.

5. Data retention

Receive delivery data is retained according to your plan:

• Starter: 30 days of delivery history
• Growth: 90 days of delivery history
• Pro: Full history retained for the duration of your subscription

When you uninstall GoodsIn, we retain your data for 30 days in case you reinstall, after which it is permanently deleted. You may request immediate deletion at any time by emailing privacy@goodsin.app.

6. GDPR & Shopify data compliance

GoodsIn complies with Shopify's mandatory GDPR webhooks:

• Shop data erasure (SHOP_REDACT): When a merchant uninstalls and requests data erasure, all records associated with their shop are permanently deleted.
• Customer data erasure (CUSTOMERS_REDACT): GoodsIn does not store consumer personal data, so this webhook has no effect.
• Customer data request (CUSTOMERS_DATA_REQUEST): GoodsIn does not hold consumer personal data and will respond accordingly.

7. Security

Shopify access tokens are encrypted at rest. All data is transmitted over HTTPS. Our database is hosted on Railway's managed PostgreSQL infrastructure with access restricted to application credentials only.

8. Your rights

As a merchant using GoodsIn, you may at any time:

• Request a copy of the data we hold about your shop
• Request correction of any inaccurate data
• Request deletion of all your data

To exercise any of these rights, email us at privacy@goodsin.app. We will respond within 30 days.

9. Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. Continued use of GoodsIn after changes are posted constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or requests: privacy@goodsin.app

GoodsIn is developed and operated by Ripen Studio. ripenstudio.com