Legal

Privacy Policy

Last updated 10 June 2026 · Effective 10 June 2026

Ralice is a B2B ordering app for Shopify stores — quick order, reorder, saved templates, tag-based customer pricing, and merchant analytics. This policy explains exactly what data the app touches, why, where it lives, and how it is deleted. We’ve tried to keep it specific and plain, because a privacy policy that hides the details isn’t worth much.

01 Our role: who controls the data

For personal data about your customers — names, customer tags, order history — that Ralice processes so the app can work, you, the merchant, are the data controller and Ralice acts as your data processor. We process that data only to provide the app’s features to you, on your instructions, and never sell it or use it for our own purposes.

For the limited information we hold about you and your store as our direct customer — your store domain, the plan you’re on, and your app settings — Ralice acts as a controller. Your subscription and any payments are handled by Shopify, not by us (see section 4).

02 What data we access and store

Data we store in our database

Store record. Your .myshopify.com domain, install date, current plan tier, the internal IDs of the automatic discount and Shopify Function we create for pricing, pricing-sync status, and your chosen admin language.
Pricing configuration. The price lists you create (name, discount type), the customer tags you map to each price list, per-variant prices/discounts, and quantity (volume) tiers.
Saved order templates. When a buyer saves a template, we store that buyer’s Shopify customer ID, the template name, and the products, variants, SKUs and quantities they saved. We do not store their name, email, or phone.
Reorder activity. Counts and totals for reorder actions (an order reference, item count, total quantity, amount, currency, timestamp, and whether the cart opened). This is aggregate usage telemetry and is not linked to an individual buyer.

Data we read from Shopify but do not store

To render Quick Order, Pricing, Reorder, Templates, and Analytics, the app reads the following from Shopify’s Admin API on demand. It is held only in memory for the duration of your request and is not written to our database:

Customer first and last name, customer tags, number of orders, and total amount spent.
Orders: references, dates, totals, line items (titles, quantities, SKUs), and the shipping city, region and country (not street address or postal code).
Products, variants, inventory levels, and product cost.
Your shop currency and admin language.

What we never collect

We deliberately do not request or store customer email addresses or phone numbers. We do not see or store payment card data — billing is handled entirely by Shopify. We do not collect special-category (sensitive) data, and we do not use advertising or cross-site tracking cookies.

Shopify’s data-access framework also makes certain technical metadata available to apps that read order data — for example the IP address, browser and device information, and approximate geolocation that Shopify records on an order. Ralice does not request, query, store, or process this data; it appears on the app’s permission screen because it is part of Shopify’s standard data category for order access, not because Ralice uses it.

03 Why we process each type of data

Tag-based pricing. We read customer tags and your price-list configuration to assign the right price list to each customer and enforce it at checkout via a Shopify Function.
Quick order. We read your products, variants and inventory so buyers can build a cart quickly.
Reorder. We read past orders so a buyer (or you) can re-create a previous order in one step, and we record anonymous reorder activity to show engagement metrics.
Templates. We store saved templates against a buyer’s customer ID so they can reorder favourites later.
Analytics. We read order, product and customer data from Shopify to show you sales, product and customer insights inside the app.

04 Where data is stored and who processes it

Ralice runs on a small set of infrastructure providers (subprocessors). We do not use third-party advertising or marketing platforms.

Provider	Purpose	Location
Shopify	The platform your store runs on; source of the data above; authentication; subscription billing	Per your store’s Shopify region
Supabase	Application database (PostgreSQL)	European Union (eu-central-1)
Vercel	Application hosting and compute	European Union (Frankfurt)

Supabase and Vercel are US-incorporated companies that host the Ralice deployment in the European Union. Where data is accessed from outside the EU, appropriate transfer safeguards (such as Standard Contractual Clauses) apply through these providers.

Billing. Subscriptions are charged through Shopify’s Billing API. We store only your current plan tier; we never receive or store your payment card details.

Operational logs. Our hosting produces short-lived diagnostic logs that can include your store domain and Shopify customer IDs (numeric identifiers, not names or emails) so we can debug problems. These logs are not used for any other purpose.

05 Cookies and tracking

Ralice uses only the strictly necessary cookies and session tokens required to authenticate the embedded app inside Shopify admin and keep you signed in. We do not use advertising, marketing, or cross-site tracking cookies, and the public pages on ralice.app (including this one) set no tracking cookies.

06 Data retention and deletion

We keep your store and configuration data for as long as the app is installed. We don’t apply a fixed time-based expiry; instead, data is deleted when one of the following happens:

You uninstall the app. When Shopify notifies us of an uninstall, we delete your store record and all related pricing, template and reorder data from our database.
Shop data erasure (shop/redact). Around 48 hours after uninstall, Shopify sends a formal erasure request. We delete all remaining data for the store — store record, price lists and items, volume tiers, templates, reorder activity and sync jobs all cascade-delete. This is a backstop in case the uninstall cleanup did not complete.
Customer erasure (customers/redact). When one of your customers requests erasure through Shopify, we delete that customer’s saved order templates and any reorder activity linked to them.
Customer data request (customers/data_request). When a customer asks what data is held about them, Shopify notifies us. The only customer-linked data we store is saved order templates; we record the request so you, as the data controller, can review and fulfil it.

07 Your rights (GDPR & CCPA)

Depending on where you or your customers live, applicable law (such as the EU/UK GDPR and the California CCPA/CPRA) provides rights to access, correct, delete, port, restrict, or object to the processing of personal data. Ralice does not sell personal data and does not use it for cross-context behavioural advertising.

Because a store’s customer data is controlled by the merchant, a shopper should direct requests to the store they bought from. The merchant can act on those requests through Shopify’s data-request and erasure tools, which trigger the deletion behaviour described in section 6.

Merchants can exercise their own rights, or ask us to help fulfil a customer request, by emailing hello@ralice.app.

08 Security

We take reasonable technical and organisational measures to protect data: traffic is encrypted in transit over HTTPS; our database tables use row-level security and are reached only through an isolated server-side service role; secrets are kept out of source control; and we minimise what we collect (for example, we deliberately do not request customer email or phone). Our infrastructure providers encrypt data at rest.

No method of transmission or storage is perfectly secure, and we do not currently hold formal certifications such as SOC 2 or ISO 27001.

09 Children

Ralice is a business-to-business tool for Shopify merchants and is not directed to children. We do not knowingly collect data from anyone under 16.

10 Changes to this policy

We may update this policy as the app evolves. When we make a material change, we’ll update the “Last updated” date above. Continued use of the app after a change means you accept the updated policy.

11 Contact us

Questions about this policy or your data? Email hello@ralice.app. For help using the app, contact support@ralice.app.