Privacy Policy

Mad Valley Productions — Popup – Sell by Weight — Effective April 1, 2026

1. Introduction

Mad Valley Productions (“we”, “us”, or “our”) operates the Shopify app Popup – Sell by Weight (the “App”). This Privacy Policy explains what information we collect, how we use it, and how we protect it when you install or use the App. The App is built on the Shopify platform and is subject to Shopify’s Privacy Policy in addition to this policy.

2. Age Restriction

The App is intended for use by business merchants and is not directed at individuals under the age of 18. We do not knowingly collect information from anyone under 18.

3. Information We Collect

When you install the App, we collect and store the following information:

• Shop domain and OAuth session data — your Shopify store domain and the access token granted during installation, used to authenticate API requests.
• Product catalog data — product names, prices, units of measure, categories, and product status (active/inactive) that you create or import within the App.
• Category data — category names and display images you configure within the App.
• Tile images — product and category tile images you generate or upload via the App, stored in Cloudflare R2 object storage.
• Subscription and billing metadata — your current plan type, trial status, and subscription dates as returned by the Shopify Billing API. We do not store credit card or payment information.

We do not collect or store any customer (shopper) personally identifiable information. The App is a merchant-facing product catalog tool and does not process, store, or have access to your customers’ names, email addresses, order history, or payment details.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data on the following legal bases:

• Contract performance — processing your shop domain, OAuth session data, product catalog, and category data is necessary to provide the App’s core functionality.
• Contract performance and legal obligation — processing subscription and billing metadata is necessary to manage your subscription and comply with applicable financial recordkeeping requirements.
• Legitimate interests — processing data included in support requests you submit is necessary to respond to and resolve your inquiries.

5. How We Use Your Information

• To provide the App’s core functionality: displaying your product catalog on Shopify POS and enabling weight-based selling.
• To sync your catalog data to our cloud database so it is accessible to your POS terminals in real time.
• To manage your subscription through the Shopify Billing API.
• To respond to support requests you submit.

We do not sell, rent, or share your data with third parties for marketing purposes.

6. Data Storage and Security

Your data is stored in the following systems:

• Primary database — a server-side database managed by the App server on secured hosting infrastructure.
• Turso (libSQL) — a cloud-hosted read replica used to serve catalog data to your POS devices with low latency. Turso is SOC 2 Type II compliant; see their Trust Portal for details.
• Cloudflare R2 — object storage for tile images. Images are served via Cloudflare’s global CDN.

We use industry-standard security practices including HTTPS encryption in transit and access-token based authentication with Shopify’s OAuth 2.0 flow.

7. Data Retention and Deletion

When you uninstall the App, your Shopify OAuth session is deleted immediately. All remaining merchant data (products, categories, settings) is permanently deleted from all of our systems within 30 days of account cancellation.

8. Third-Party Services

The App integrates with the following third-party services, each governed by their own privacy policies:

• Shopify — platform authentication and billing. See Shopify’s Privacy Policy.
• Turso — cloud database. See Turso’s Privacy Policy.
• Cloudflare R2 — image storage and delivery. See Cloudflare’s Privacy Policy.
• Google Analytics — website analytics used to understand how merchants navigate the App. No customer (shopper) data is collected. See Google’s Privacy Policy.

9. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding the data we hold about your store:

• Right to know — what data we collect and how we use it.
• Right to access — a copy of the data we hold about your store.
• Right to correct — inaccurate data we hold about your store.
• Right to delete — request deletion of your data (see Section 7).
• Right to data portability — receive your data in a structured, commonly used format.
• Right to object or restrict processing — object to or request restriction of certain processing activities.
• Right to opt out of sale — we do not sell your data to third parties.
• Right to non-discrimination — exercising your rights will not affect the service you receive.

To exercise any of these rights, contact us at support@madvalley.com. We will respond within 30 days.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted at this URL with an updated effective date. We will notify you of material changes via an in-app notice or email. Continued use of the App after changes constitutes acceptance of the revised policy.

11. Contact

Mad Valley Productions
PO Box 10345, Bainbridge Island, WA 98110
support@madvalley.com