HomeSolutionsAboutDocumentation

Privacy Policy

Last updated: May 26, 2026

Effective: May 26, 2026

This Privacy Policy explains how Zapstra LLC (“Zapstra,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects information in connection with our websites, software, Shopify apps, APIs, integrations, automations, beta products, design-partner programs, support, consulting, custom-development services, and related offerings.

This Privacy Policy applies to information we collect through our website, applications, integrations, support channels, forms, beta programs, design-partner programs, Shopify apps, APIs, and related services.

This Privacy Policy does not apply to third-party websites, platforms, or services that we do not control, including Shopify, Stripe, Google, Twilio, SendGrid, or other third-party services. Their own terms and privacy policies apply.

1. How to Read This Policy

Zapstra provides business-to-business software and services. In many cases, our customer is a merchant or business, and we process information on that business’s behalf.

Depending on the context and applicable law:

  1. Zapstra may act as a service provider, processor, contractor, or subprocessor when processing data on behalf of a merchant or business customer; and
  2. Zapstra may act as an independent controller for information we process for our own business purposes, such as account administration, billing, security, analytics, marketing, support, and legal compliance.

If you are a customer of a merchant that uses Zapstra, the merchant’s privacy policy may also apply to the processing of your information. You should contact the merchant directly for questions about the merchant’s privacy practices.

2. Information We Collect

Information You Provide Directly

We may collect information you provide directly, including:

  1. name;
  2. email address;
  3. phone number;
  4. company name;
  5. job title;
  6. Shopify shop URL;
  7. billing information;
  8. account registration information;
  9. user profile information;
  10. support messages;
  11. feedback;
  12. feature requests;
  13. design-partner submissions;
  14. beta-program submissions;
  15. workflow descriptions;
  16. screenshots;
  17. exports;
  18. CSVs;
  19. files;
  20. sample data;
  21. call recordings or transcripts, if created with consent;
  22. implementation materials;
  23. custom-development materials;
  24. survey responses;
  25. testimonials or case-study materials, if separately approved; and
  26. any other information you choose to provide.

Information from Shopify and Other Integrated Platforms

When you install, connect, authorize, or use Zapstra with Shopify or another integrated platform, we may receive information from that platform depending on the permissions granted, app functionality, and your configuration.

This may include:

  1. store name;
  2. store URL;
  3. store settings;
  4. merchant account information;
  5. staff/user information;
  6. product data;
  7. variant data;
  8. inventory data;
  9. location data;
  10. order data;
  11. draft order data;
  12. fulfillment data;
  13. shipping data;
  14. refund data;
  15. transaction-related data;
  16. customer data;
  17. supplier or vendor data;
  18. purchase order data;
  19. metafields;
  20. webhooks;
  21. API responses;
  22. app installation status;
  23. permission scopes;
  24. billing status;
  25. app usage events; and
  26. other information made available through authorized APIs or integrations.

The exact information collected depends on the Services you use and the permissions you approve.

Protected Customer Data

Some Shopify data may be protected customer data or personal information, such as customer names, email addresses, phone numbers, addresses, order information, shipping information, fulfillment information, or similar records.

We aim to process only the information reasonably necessary to provide the applicable Services, operate integrations, support merchants, troubleshoot issues, secure the Services, comply with legal obligations, and improve Zapstra.

Automatically Collected Information

We may automatically collect information when you use our website, apps, APIs, or Services, including:

  1. IP address;
  2. device identifiers;
  3. browser type;
  4. operating system;
  5. referring URLs;
  6. pages viewed;
  7. session information;
  8. feature interactions;
  9. app events;
  10. clickstream data;
  11. API requests;
  12. webhook events;
  13. logs;
  14. authentication events;
  15. error reports;
  16. performance metrics;
  17. security events;
  18. approximate location derived from IP address;
  19. cookie identifiers; and
  20. analytics data.

Information from Service Providers and Partners

We may receive information from service providers, payment processors, analytics providers, hosting providers, authentication providers, communication tools, business partners, and other third parties as needed to operate our business and provide the Services.

Information from Communications

If you contact us by email, form, chat, text message, phone, support channel, or social media, we may collect the content of your communication and related metadata.

3. How We Use Information

We use information to:

  1. provide, operate, maintain, and improve the Services;
  2. create and manage accounts;
  3. authenticate users;
  4. install, connect, and operate Shopify apps and integrations;
  5. process workflows, automations, forecasts, reorder points, purchase plans, recommendations, and other operational outputs;
  6. provide APIs, webhooks, and integrations;
  7. provide customer support;
  8. troubleshoot, debug, and resolve issues;
  9. provide onboarding, implementation, training, consulting, and custom-development services;
  10. process payments, billing, subscriptions, invoices, and taxes;
  11. monitor usage, performance, reliability, and security;
  12. detect, prevent, and investigate fraud, abuse, security incidents, and policy violations;
  13. communicate with you about Services, updates, security, support, billing, and administrative matters;
  14. send marketing communications where permitted;
  15. manage beta, pilot, early-access, and design-partner programs;
  16. summarize feedback and generate product specifications;
  17. develop, test, and improve products, modules, workflows, integrations, and documentation;
  18. create aggregated, anonymized, or de-identified information;
  19. enforce terms and policies;
  20. comply with legal obligations;
  21. respond to lawful requests;
  22. protect rights, safety, and property; and
  23. perform other purposes disclosed at the time of collection.

4. AI-Assisted Tools

We may use AI-assisted tools to support internal operations, including summarizing feedback, drafting product specifications, analyzing support issues, improving documentation, assisting with development, troubleshooting, and improving the Services.

We do not intentionally use non-public merchant data, protected customer data, store data, or customer personal information to train general-purpose AI models unless we provide additional notice or obtain appropriate permission.

Where we use AI-assisted third-party tools, we aim to use them in a manner consistent with our confidentiality, privacy, and security commitments.

You should avoid sending Zapstra unnecessary sensitive personal information, highly confidential information, payment card information, health information, government identifiers, or other data not needed for the Services or support request.

5. Cookies and Similar Technologies

We may use cookies, pixels, local storage, analytics tools, and similar technologies to operate our website and Services, remember preferences, authenticate users, understand usage, improve performance, and support security.

You may be able to control cookies through your browser settings or through cookie settings made available on our website. Disabling cookies may affect functionality.

Third-party services may also use cookies or similar technologies according to their own policies.

6. How We Share Information

We may share information with the following categories of recipients.

Service Providers and Subprocessors

We may share information with vendors and service providers who help us operate our business and provide the Services, including:

  1. cloud hosting providers;
  2. database and infrastructure providers;
  3. authentication providers;
  4. payment processors;
  5. analytics providers;
  6. logging and monitoring providers;
  7. email and communication providers;
  8. support tools;
  9. development tools;
  10. security tools;
  11. AI-assisted tools;
  12. contractors;
  13. consultants;
  14. professional advisors; and
  15. other operational service providers.

These providers may access information only as needed to perform services for us and are subject to contractual, confidentiality, or use restrictions where appropriate.

Shopify and Other Integrated Platforms

We may share information with Shopify or other integrated platforms as necessary to provide the Services, operate apps and integrations, process permissions, respond to platform requirements, support billing, or comply with platform rules.

Payment Processors

Payment information may be processed by Shopify, Stripe, or other payment processors. Zapstra does not intentionally store full payment card numbers.

Professional Advisors

We may share information with attorneys, accountants, auditors, insurers, bankers, and other professional advisors.

Legal, Safety, and Compliance

We may disclose information if we believe disclosure is necessary or appropriate to:

  1. comply with law;
  2. respond to lawful requests;
  3. enforce our Terms;
  4. protect rights, property, and safety;
  5. detect or prevent fraud, abuse, or security incidents;
  6. investigate violations;
  7. respond to disputes; or
  8. comply with Shopify or other platform requirements.

Business Transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction.

With Your Direction or Permission

We may share information when you direct us to do so, approve an integration, grant access, request support, approve a case study, authorize collaborator/admin access, or otherwise provide permission.

Aggregated or De-Identified Information

We may use and share aggregated, anonymized, or de-identified information that does not reasonably identify you, your store, your customers, or another individual.

7. Public Use of Names, Logos, Testimonials, and Case Studies

We do not publicly use your name, logo, trademark, testimonial, quote, case study, or merchant-specific operational details without appropriate permission.

We may use aggregated or anonymized metrics, examples, or insights that do not reasonably identify you, your store, or your customers.

If you provide a testimonial, endorsement, quote, review, performance claim, or case study after receiving free access, discounted access, beta access, early access, design-partner benefits, or other benefits, we may disclose that relationship in connection with public use.

8. Data Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information, including measures such as access controls, encryption in transit, encryption at rest where appropriate, monitoring, logging, and restricted access to production systems.

No method of transmission, processing, or storage is completely secure. We cannot guarantee absolute security.

You are responsible for securing your own accounts, devices, passwords, Shopify permissions, third-party accounts, API keys, credentials, exports, and local copies of data.

9. Data Retention

We retain information for as long as reasonably necessary to provide the Services, maintain accounts, operate integrations, provide support, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and operate our business.

Retention periods vary based on the type of data and purpose. For example:

  1. account and billing records may be retained while your account is active and for a period afterward for legal, tax, accounting, and business purposes;
  2. logs and security records may be retained for security, debugging, and compliance purposes;
  3. support communications may be retained to provide ongoing support and improve Services;
  4. beta, design-partner, and feedback materials may be retained for product-development and business purposes;
  5. backups may retain information for a limited period before being overwritten or deleted;
  6. aggregated or de-identified information may be retained indefinitely; and
  7. data subject to legal hold, dispute, investigation, or compliance obligations may be retained as needed.

When a Shopify app is uninstalled or a valid deletion request is received, we will delete, de-identify, or restrict relevant personal information as required by applicable law, Shopify requirements, and our retention practices, subject to legal, security, backup, fraud-prevention, and legitimate business needs.

10. Shopify Data Requests and Compliance Mechanisms

Where required for Shopify apps, Zapstra may receive and respond to Shopify-provided privacy or compliance webhooks, including customer data access requests, customer redaction requests, and shop redaction requests.

If you are a customer of a merchant using Zapstra and you want to exercise privacy rights related to your order, customer profile, or store interaction, you should contact the merchant directly. We may need to coordinate with the merchant or Shopify to process certain requests.

11. International Transfers

Zapstra is based in the United States. Information may be processed in the United States and other countries where Zapstra or its service providers operate.

If information is transferred from the European Economic Area, United Kingdom, Switzerland, or another jurisdiction with data-transfer restrictions, we rely on appropriate safeguards where required, which may include Standard Contractual Clauses, adequacy decisions, contractual measures, or other lawful transfer mechanisms.

12. Your Choices

Depending on your relationship with Zapstra and applicable law, you may have choices including:

  1. accessing, correcting, or updating account information;
  2. deleting certain account information;
  3. opting out of marketing emails;
  4. controlling cookies through browser or cookie settings;
  5. uninstalling an app;
  6. revoking Shopify or third-party permissions;
  7. requesting deletion of certain data;
  8. requesting access to certain personal information;
  9. objecting to or restricting certain processing;
  10. requesting portability of certain information; and
  11. appealing or complaining to a regulator where applicable.

You may continue to receive service, transactional, security, legal, or administrative communications even if you opt out of marketing communications.

13. Regional Privacy Rights

Depending on your location, you may have additional rights under privacy laws, such as rights to access, correct, delete, restrict, object, port, or withdraw consent.

To exercise rights, contact us at support@zapstra.com. We may need to verify your identity and authority before fulfilling a request.

If you are a customer of a merchant using Zapstra, we may direct you to the merchant because the merchant may control the relevant data.

14. California and U.S. State Privacy Disclosures

Zapstra provides business-to-business services. We do not sell personal information in the traditional sense.

We do not knowingly share personal information for cross-context behavioral advertising where we understand such sharing to be restricted by applicable law, unless we provide required notices and choices.

Depending on applicable law, the categories of personal information we may collect include identifiers, commercial information, internet or network activity information, geolocation approximated from IP address, professional or business information, inferences, and other information you provide or that is processed through the Services.

We use and disclose these categories for the business and commercial purposes described in this Privacy Policy.

15. Children’s Information

The Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16.

If you believe a child has provided personal information to us, contact us at support@zapstra.com.

16. Marketing Communications

We may send marketing communications where permitted by law. You may opt out of marketing emails by using the unsubscribe link or contacting us.

Opting out of marketing communications does not opt you out of service-related, transactional, security, legal, or administrative communications.

17. Third-Party Links and Services

The Services may link to or integrate with third-party websites, platforms, apps, or services. We are not responsible for the privacy practices of third parties.

You should review the privacy policies and terms of third-party services before using them.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

If changes are material, we may provide notice by posting the updated Privacy Policy, emailing you, displaying notice in the Services, or using another reasonable method.

The “Last Updated” date shows when this Privacy Policy was last revised.

Data Processing Addendum

Where Zapstra processes personal data on behalf of a customer, such processing is governed by Zapstra’s Data Processing Addendum.

19. Contact

Questions or requests about this Privacy Policy may be sent to:

Zapstra LLC
500 East McBee Ave, Suite 100, #1173
Greenville, SC 29601
Email: support@zapstra.com

For EU/UK privacy inquiries, include “GDPR Request” in the subject line.