Português · English
Privacy Policy
Margin Proof · Last updated: 2026-07-08
Margin Proof (“the App”) helps Shopify merchants protect their margin: when a discount would take an order below the store’s configured minimum margin, checkout is blocked until the discount is removed. This policy explains what data the App accesses, why, how it is stored, and the rights you and your customers have. The App is operated by Luís Ivars (sole operator).
1. Data we access
- Store & session data: your shop domain and the OAuth access token issued by Shopify, used solely to authenticate the App and call the Shopify Admin API on your behalf.
- Product & cost data: variant SKUs, inventory cost per item, and the cost values (COGS) you set in the App, stored to compute margins. The App writes those costs to app-owned variant metafields (
write_products) so the checkout validation can read them, and reads the native cost per item (read_inventory). - Checkout validation: the App registers a Shopify checkout validation (
write_validations) backed by a Shopify Function. At checkout, the Function evaluates the cart’s discounted line prices against your minimum margin in real time; this evaluation runs entirely on Shopify’s infrastructure and the App does not receive or store cart or end-customer data. - Usage telemetry: events (e.g. install, subscription state, app opened) tied to the shop, used to improve the App. No end-customer personal data is included. Support tickets you submit include the message and reply-to email you provide, stored until you uninstall (see §3).
2. How we use it
Data is used exclusively to provide the App’s functionality: computing margins, enforcing your minimum-margin rule at checkout, managing COGS, and managing your subscription. We do not sell your data, use it for advertising, or share it with third parties for their own purposes.
3. Storage & retention
Data is stored on a private server located in the EU, in a database accessible only to the operator. We retain the cost values, store record, sessions and telemetry for as long as the App is installed. When you uninstall, your store is marked churned and data is deleted in response to Shopify’s mandatory compliance webhooks (typically within 48 hours): store record, sessions and cost data are removed (costs are kept only while another app of our suite that shares them remains installed), and personal data in support tickets is scrubbed.
4. Customer data requests (GDPR / CCPA)
The App implements Shopify’s mandatory privacy webhooks: customers/data_request, customers/redact and shop/redact. The App does not store end-customer personal data, so customer data-request and redaction webhooks are acknowledged with no personal data held; shop/redact deletes your store’s records as described in §3.
5. Sub-processors
We use Shopify (platform & APIs) and a private EU virtual server (hosting & database). No other sub-processors receive your data.
6. Security
Data is encrypted at rest (database-level, AES) and in transit (HTTPS/TLS). Access tokens and credentials are stored server-side and never exposed to the browser. Access to the database is restricted to the operator.
7. Your rights
You may request access to, correction of, or deletion of your data at any time by uninstalling the App or by contacting us. We will respond within the timeframes required by applicable law.
8. Changes
We may update this policy; the “last updated” date above reflects the latest version. Material changes will be reflected here.
9. Contact
Questions about this policy or your data: support@luisivars.pt.