Privacy policy

Last updated: 29 April 2026 · Effective: 29 April 2026

Snaptare is operated by Petitgen Ltd (registered in New Zealand). We're committed to protecting the privacy of merchants who install our Shopify app and the customers of those merchants. This policy explains what data we receive, what we store, what we don't store, and how to reach us with questions.

1. What Snaptare is

Snaptare is a point-of-sale application for Shopify merchants who sell products by weight. It runs on a tablet (iPad or Android), keeps the merchant's product catalog on the device for fast offline operation, and writes draft orders back to the merchant's Shopify store.

2. Data we collect from merchants

When a Shopify merchant installs Snaptare, we receive:

• Shop identity: the merchant's .myshopify.com domain, primary domain, locale, currency, and active locations.
• An OAuth access token (expiring) issued by Shopify so we can read products and write draft orders on the merchant's behalf. Stored encrypted at rest in Postgres.
• Product catalog data: product titles, handles, prices, variants, inventory levels, weights, and product images. This data is fetched from the Shopify Admin API and used only to populate the on-device catalog.
• Webhook events: we receive notifications from Shopify when products are updated, when the app is uninstalled, and when GDPR requests are made.

3. Data we do not collect

• We do not collect or store end-customer personal data (names, emails, addresses, phone numbers).
• We do not request the read_customers scope on Shopify.
• We do not process card numbers or payment data — payments are handled entirely by Shopify Checkout.
• We do not sell merchant data to third parties.
• We do not use behavioural advertising trackers on the application surface.

4. Data stored on the merchant's device

Snaptare's tablet PWA stores the following locally in the browser's IndexedDB: product catalog (read-only copy), in-progress cart drafts, saved tare presets, and a session token issued by our backend. None of this leaves the device unless the merchant explicitly sends a draft order to Shopify or signs out.

5. Where data lives

• Backend infrastructure: hosted on Coolify in the European Union. Postgres database with encrypted disk, daily snapshot backups.
• Static frontend: served via Cloudflare's edge network.
• Shopify Admin API: calls go directly from our backend to Shopify over TLS.

6. How long we keep data

We retain merchant data while the app is installed. When a merchant uninstalls Snaptare, Shopify sends an app/uninstalled webhook and the shop/redact compliance webhook (typically within 48 hours). On receipt, we hard-delete the merchant's row and all related rows in our Postgres within 7 days. We also remove cached webhook payloads from our audit log within 30 days.

7. Compliance webhooks (GDPR + CCPA)

We implement the three compliance webhooks Shopify requires:

• customers/data_request — we have no end-customer data to export, so we log the request and respond accordingly.
• customers/redact — we hard-delete any audit log entries that referenced the customer ID, even though we don't store customer PII.
• shop/redact — we hard-delete the merchant's record and all child rows in a single transaction.

8. Sub-processors

• Shopify Inc. — the merchant's primary platform; we operate on their infrastructure as an installed app.
• Cloudflare — DNS, CDN, edge SSL, and Pages hosting for our static frontend and marketing site.
• Coolify on a Hetzner-hosted server (EU) — backend application + Postgres database hosting.

9. Your rights

Under GDPR (EU), CCPA (California), and equivalent regimes elsewhere, you may request access to, correction of, or deletion of your data. To exercise any of these rights, contact us at the address below. We respond within 30 days.

10. Changes to this policy

We may update this policy occasionally. Changes will be posted at this URL with a revised "Last updated" date. Material changes will be communicated via email to installed merchants where appropriate.

11. Contact

Petitgen Ltd
Email: hello@snaptare.app · sebastien@morphe.ai
For privacy-specific requests, please use the subject line "Privacy request".