Privacy Policy — Bundles: Upsell, BOGO, Volume

Last updated: May 13, 2026

This Privacy Policy describes how Bundles: Upsell, BOGO, Volume ("the App", "we", "us") collects, uses, and shares information when you install and use the App on your Shopify store. By installing or using the App, you agree to this policy.

1. Information we collect

When a merchant installs the App, we receive and store the following shop-level information from Shopify:

• Your shop's myshopify.com domain
• Your Shopify access token (encrypted, used only to call Shopify APIs on your behalf)
• Shop metadata: name, primary currency, plan, timezone, owner email (used only to display in the admin UI and contact you about app issues)

When you use the App, we store the following bundle configuration data in our database:

• Bundle definitions you create (name, type, products, discount settings)
• Activation status (active, draft, archived)
• App embed status (whether the storefront widget is enabled)

When customers interact with a bundle on your storefront, we record aggregate analytics events:

• Bundle views, add-to-cart events, orders, refunds
• Quantity sold and bundle revenue per order line
• We do not record any customer-level identifiers (no customer ID, no email, no IP address, no session fingerprint that identifies an individual)

We do not collect, store, or process:

• Customer personal information (names, emails, addresses, phone numbers)
• Payment information
• Order content beyond the bundle line items needed for revenue analytics
• Any data from products or stores that the merchant does not own

2. How we use information

Shop information is used to:

• Authenticate API requests to Shopify on your behalf
• Display bundles and analytics in the embedded admin UI
• Send transactional emails about app issues (only if you contact support)

Bundle configuration is used to:

• Render the storefront widget on your product pages
• Apply automatic discounts via Shopify Functions
• Display bundle analytics in the dashboard

Aggregate analytics events are used to:

• Calculate bundle revenue, conversion rate, AOV uplift, and refund-net metrics shown to you in the dashboard

We do not sell, rent, or share your data with third parties for advertising, profiling, or any commercial purpose.

3. Data sharing

We share information only with the following service providers, strictly for operating the App:

• Shopify Inc. — to receive shop installation events, to call the Admin GraphQL API, and to subscribe to webhooks. Governed by Shopify's own privacy policy.
• Our hosting provider — the App runs on a self-managed Linux VPS operated by Piyer Yazılım. The same server hosts the PostgreSQL database that stores bundle configuration and analytics.

We do not share data with advertisers, analytics platforms outside the App, or marketing tools.

4. Data retention and deletion

• While the App is installed: Bundle configurations and analytics events are retained for the lifetime of the installation.
• When the App is uninstalled: Within 48 hours of uninstall, we delete all bundle data, sessions, analytics events, and associated metadata for your shop. This is automated via Shopify's app/uninstalled and shop/redact webhooks.
• Customer data requests: Because we do not store any customer-level personal information, the customers/data_request and customers/redact webhooks acknowledge the request and confirm that no customer data is held.

5. Your rights

You can:

• Request a copy of your shop's data held by us by emailing harun.ketenci@admosphere.com.tr
• Request deletion of your shop's data at any time by uninstalling the App or emailing the address above — deletion is completed within 48 hours
• Ask questions about how we process your data by emailing the address above

If you are based in the EU, UK, or California, you may also have additional rights under GDPR/CPRA. We will honor verified requests exercising those rights.

6. Security

• All data in transit is encrypted via TLS 1.2+.
• Access tokens and session data are encrypted at rest.
• Database access is restricted to the App's production servers only.
• We follow Shopify's recommended security practices for embedded apps.

7. Children's privacy

The App is designed for use by Shopify merchants and is not intended for use by individuals under 13. We do not knowingly collect data about children.

8. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the App's admin UI or by emailing the merchant contact email on file. The "Last updated" date at the top reflects the most recent revision.

9. Contact

For questions about this Privacy Policy or our data practices, contact:

• Email: harun.ketenci@admosphere.com.tr
• Company: Piyer Yazılım Bilişim Reklamcılık Danışmanlık Ltd. Şti.