Quick Trust

Privacy Policy

Effective 2026-05-14

1. Who we are

Quick Trust is a Shopify app that displays real social-proof and urgency notifications (recent orders, low stock, live visitor count, countdown timers) on storefronts. This policy explains what data the app processes and the rights merchants and shoppers have over it.

Controller for shop and merchant data: the Quick Trust developer, contactable at support@quicktrust.app. For shopper-side personal data, the merchant's store is the data controller and Quick Trust acts as a processor on their behalf.

2. Data we collect from merchants

  • Shop domain (e.g. example.myshopify.com).
  • OAuth access token and granted scopes, used to call Shopify APIs.
  • Notification settings the merchant configures inside the app.
  • Subscription plan and billing status from the Shopify Billing API.
  • Aggregate usage counters (notifications shown per period).

3. Data we process on behalf of shoppers

When the merchant's store ships an order, Shopify sends an orders/create webhook to Quick Trust. From that webhook we store only the minimum needed to render a notification:

  • Customer first name (e.g. "Sarah").
  • Customer city (e.g. "Brooklyn").
  • Purchased product title and image URL.
  • Shopify's internal order ID (used only for deduplication).

We never store email, phone number, full name, street address, payment details, or order amount. The visitor counter on the storefront is anonymous — it counts active sessions in memory only and does not store IP addresses or set tracking cookies.

4. How we use the data

  • Render social-proof notifications on the merchant's storefront.
  • Operate the admin app the merchant uses to configure the service.
  • Bill the merchant via Shopify's Billing API.
  • Diagnose errors and improve reliability.

We do not sell data, do not share data with advertisers, and do not use shopper data to build profiles outside the merchant's store.

5. Sub-processors

  • Shopify — platform host; provides webhooks, merchant authentication, and billing.
  • Railway — application hosting and managed PostgreSQL database.
  • Upstash — Redis used for the in-memory visitor counter and webhook retry queue.
  • Sentry — error monitoring, EU region. Personal data is not sent to Sentry by design (sendDefaultPii: false).
  • Cloudflare — DNS and CDN for the storefront script and the app domain.

6. Retention

  • Order-derived notifications: kept while the app is installed. Older entries are filtered from display after the configured order window (default 24 hours).
  • Merchant settings and billing records: kept while the app is installed.
  • After uninstall: shop and notification data are purged within 48 hours, unless a longer period is legally required.
  • Shopify GDPR webhook responses: customers/redact deletes the named customer's data immediately; shop/redact deletes the entire shop record within 48 hours of receipt; customers/data_request is answered by email within 30 days.

7. Your rights (GDPR / CCPA)

Shoppers can exercise GDPR or CCPA rights (access, deletion, portability) through the merchant whose store displayed the notification, since the merchant is the controller. Shopify will relay verified requests to Quick Trust via the standard compliance webhooks, which we honour automatically.

Merchants can request export or deletion of their shop's data at any time by emailing support@quicktrust.app.

8. Security

Data is transmitted over HTTPS with HSTS. Shopify webhooks are verified using HMAC signatures before any payload is processed. Access tokens are stored encrypted at rest in our managed PostgreSQL database. Storefront notifications never expose access tokens or merchant-only data.

9. International transfers

Application servers and the primary database run in Railway's US-West region. Sentry stores error data in the EU region. By installing Quick Trust the merchant authorises these transfers.

10. Changes to this policy

Material changes will be announced in the merchant admin app and via email to the contact address registered with Shopify. The effective date at the top of this page always reflects the current version.

11. Contact

Questions about this policy: support@quicktrust.app.