Privacy Policy

Information we collect from Shopify

When a merchant installs or opens the app, we collect the Shopify store information and API data needed to provide the app, including:

• Store identifiers and settings, such as shop domain, shop name, locale, time zone, app installation state, and subscription state.
• Product and variant information used for matching purchase order lines to Shopify catalog items, such as product titles, variant titles, SKUs, barcodes, inventory-related signals, and catalog identifiers.
• Customer information used for review, matching, and Draft Order creation, such as customer names, company names, email addresses, phone numbers, addresses, tags, and customer identifiers.
• Draft Order information created or updated through the app, such as draft identifiers, names, line items, customer details, addresses, notes, tags, invoice links, status, and Shopify update events.

Information merchants provide to the app

Merchants may provide information directly to the app when they use order intake, review, support, or feedback features. This may include:

• Purchase order files and attachments, including PDFs, spreadsheets, CSV files, documents, images, and text files.
• Order text pasted into the app or forwarded through the app inbound email workflow, including email sender, recipient, subject, body, and attachments when applicable.
• Extracted order details, review decisions, matching results, correction history, rule signals, source evidence, processing statuses, and retry history.
• Support requests, feedback messages, reply email addresses, and optional screenshots or attachments submitted for support.

Customer and buyer information in purchase orders

Purchase orders and related source files may contain personal data about customers, buyers, recipients, or business contacts. This may include names, company names, email addresses, phone numbers, billing or shipping addresses, order references, requested items, quantities, shipping instructions, and notes.

We use this information only to provide order extraction, review, matching, Draft Order creation, support, security, and compliance functions. We do not use this information to advertise to customers of the merchant.

How we use information

We use collected information to:

• Authenticate merchants and provide the embedded Shopify app.
• Extract order details from purchase order files, emails, and pasted text.
• Match extracted order lines to Shopify products and variants, and match extracted customer details to Shopify customers.
• Apply AI-assisted extraction, deterministic checks, and rule-based logic to help merchants review unclear order details.
• Learn from merchant corrections and review outcomes to improve future extraction and matching for that store.
• Create and update Shopify Draft Orders, invoice links, and related draft metadata.
• Provide source traceability, audit logs, retry handling, support, billing limits, troubleshooting, security monitoring, and legal compliance.

AI and automated processing

POMate uses AI and document processing providers to read purchase order content and return structured order data for merchant review. Source files, extracted text, embedded images, and relevant order context may be sent to these providers only as needed to provide extraction and review features.

The app does not treat AI output as automatically final. Merchants can review extracted details, and the app keeps source files and evidence so teams can trace where details came from.

Service providers and subprocessors

We use service providers to operate the app. These may include Shopify, hosting providers, database providers, file storage providers, inbound email providers, email delivery providers, AI/OCR providers, monitoring providers, and support tooling. These providers process information only as needed to provide, secure, and support the app.

Data storage and retention

We retain store data, order intake records, source files, extracted order data, Draft Order sync records, usage records, audit logs, and support records for as long as needed to provide the app, support merchants, maintain source traceability, meet security and compliance obligations, and resolve disputes.

When a merchant uninstalls the app or requests deletion, we delete or redact applicable store, customer, order, source file, and support data unless we are required to retain limited records for legal, security, billing, or compliance reasons.

Privacy requests and deletion

Merchants can contact us to request access, correction, export, or deletion of data associated with their store. We also respond to Shopify mandatory privacy compliance webhooks:

• customers/data_request: requests access to stored customer data.
• customers/redact: requests deletion or redaction of customer personal data.
• shop/redact: requests deletion or redaction of shop data after app uninstall.

Cookies and storefront tracking

POMate is an embedded Shopify Admin app. It does not add storefront pixels, customer-facing tracking scripts, or advertising cookies to an online store. The app may use necessary cookies, session tokens, and platform security mechanisms required to authenticate merchants and operate inside Shopify Admin.

Security

We use administrative, technical, and organizational safeguards designed to protect information processed by the app. No method of transmission or storage is completely secure, but we work to limit access to data to people and systems that need it to provide and support the app.

International processing

Information may be processed in countries where we or our service providers operate. By using the app, merchants understand that data may be transferred and processed outside their country or region, subject to applicable law and safeguards.

Changes to this policy

We may update this Privacy Policy as the app, our service providers, or legal requirements change. The updated policy will be posted on this page with a revised update date.

Contact

For privacy questions, support requests, or data requests, contact us at shaoty0928@gmail.com.