Privacy Policy
Last updated: May 2026
1. Introduction
NormaList("we", "our") respects your privacy. This policy explains what data we collect when you use our Shopify app and how we use it to sync supplier inventory to your store.
2. Data we collect
- Shopify store domain
- Shopify access token and refresh token (stored in our database with restricted access; not shown in the merchant-facing app UI)
- Product and variant data from your store
- Supplier inventory files you upload
- Supplier code to SKU mappings you create
3. How we use your data
- To sync inventory to your Shopify store
- To remember your supplier code mappings
- To improve AI detection accuracy
4. Data we do NOT collect
- Customer personal information (names, emails, addresses, etc.)
- Order data
- Payment information
- Any data beyond what's needed for inventory sync
5. GDPR and Shopify mandatory webhooks
Shopify may send mandatory compliance webhooks when a customer requests their data or when data must be redacted. NormaList is built for supplier inventory sync only and does not store Shopify customer personal data in our database. When we receive these webhooks, we log the request for audit purposes and take no export or redaction action because there is no customer data to provide or delete. Shop data is removed when you uninstall the app, via the shop/redact webhook (see retention below).
6. Data retention
Your data is retained while your subscription is active. Data is deleted within 30 days of uninstalling the app from your Shopify store.
7. Third party services
- Shopify (store integration)
- Google (Sheets integration)
- Gemini AI (column detection only; only a small snippet of each file is sent, not the full upload)
8. Contact
Questions about this policy: contact@normalist.app