Privacy policy

Last updated 2026-05-04 · Effective for installations after this date

Volumly is operated by PrimeStack Solutions LLC ("we", "us"). This policy explains what data we collect when you install Volumly on your Shopify store, how we use it, and your rights over it. We wrote this ourselves in plain English. If anything is unclear, email [email protected].

What we collect from your store

• Shop domain (e.g. your-store.myshopify.com) — to identify which merchant the request is from.
• Pricing rules you configure inside Volumly — stored in our PostgreSQL database (US region).
• Customer tier metafield values — when a merchant tags a customer with a B2B tier, we read that value at cart-eval. We do not duplicate it into our database.
• Order audit log entries (when enabled) — for B2B orders, we store: order ID, order name (e.g. #1001), customer email, B2B flag, totals (in cents), per-line discount allocations. Used to surface "did customer X get the wholesale price?" in the merchant admin.
• Shopify session tokens — required by Shopify's OAuth flow; stored encrypted at rest.

What we do not collect

• Customer payment information (Shopify handles this; we never see card numbers).
• Customer addresses or phone numbers.
• Browsing behavior of your storefront visitors.
• Any data from stores that have not installed Volumly.

How we use it

• To run the pricing engine on your behalf — apply your B2B rules at cart-eval.
• To render the merchant admin (rule list, audit log, settings).
• To send you support email when you write to us — we reply from [email protected].

What we never do

• Sell, share, or rent your data to anyone, ever.
• Use your data to train AI models, including ours.
• Send marketing email beyond product updates you can unsubscribe from in one click.

Where data lives

All Volumly data is stored on Render.com managed PostgreSQL in oregon (US-West). Data in transit is encrypted via TLS; data at rest is encrypted by Render's managed-database service. We do not currently transfer data to processors outside the US.

Retention and deletion

• Active installations: we retain your data for as long as the app is installed.
• Uninstall: the app/uninstalled webhook triggers cleanupShopData, which deletes pricing rules, shop settings, audit log entries, and session tokens for your shop within 60 seconds.
• Trial accounts that never installed: deleted after 30 days.
• GDPR customers/redact webhook: we delete all data tied to the named customer within 30 days, as required.
• GDPR shop/redact webhook: reuses the same uninstall path.

Your rights

You can request a full export of your data, or full deletion, at any time by emailing [email protected]. We respond within 5 business days. If you're an EU/UK resident or your shop's customers are, GDPR/UK-GDPR rights apply and Shopify's standard GDPR webhooks enforce them automatically.

Subprocessors

Volumly uses the following service providers to operate the app. Each is bound by data processing terms equivalent to those required of us:

• Render.com — application hosting + managed PostgreSQL (US)
• Cloudflare — DNS, CDN, edge security for volumly.app
• Shopify — OAuth, billing, webhook delivery

Changes to this policy

We will email all active merchants 14 days before any material change. The current version always lives at volumly.app/privacy.

Contact

PrimeStack Solutions LLC
[email protected]
Support: [email protected]