Privacy Policy
Pushy — Push Down Out of Stock
- App: Pushy — Push Down Out of Stock ("Pushy", the "App")
- Provider / Data Controller: Bortor Studio (Georgia) ("we", "us", "our")
- Contact: [email protected]
- Effective date: 18 May 2026
- Last updated: 18 May 2026
1. Overview
Pushy is a Shopify app that automatically sorts product collections so that out-of-stock products are moved to the bottom of each collection. This Privacy Policy explains what information we collect when a merchant installs and uses Pushy on their Shopify store, how we use it, who we share it with, and the rights available to merchants and their customers.
This policy applies to the Pushy app only. It does not cover Shopify itself or any third-party service that has its own privacy policy.
By installing or using Pushy, you agree to the practices described here.
2. Information We Collect
Pushy is designed to operate with the minimum data needed to sort collections. We do not intentionally collect or store the personal data of your store's shoppers (e.g., names, emails, shipping addresses, or payment information).
2.1 Store and account information
When you install the App, Shopify provides us with, and we store, an authenticated session containing:
- Your store's
myshopify.comdomain - A Shopify API access token (used to read inventory and update product sorting)
- The installing user's Shopify user ID, and, where provided by Shopify, first name, last name, email address, locale, account-owner flag, collaborator flag, and email-verification status
- The OAuth permission scopes granted to the App
2.2 Store catalog and operational data
To provide the sorting service, we store and process:
- Collection identifiers, their enabled/disabled state, sorting status, priority, previous sort order (to allow restoration), and last-sorted timestamps
- Product identifiers, stock status (out of stock / back in stock), and previous variant positions
- Your App preferences: excluded product tags, default sort order, "enable new collections" setting, onboarding progress, dismissed prompts, and any rating/feedback you submit in the App
- Incoming Shopify webhook events (topic and payload) queued temporarily for processing
2.3 Permissions requested
Pushy requests the following Shopify access scopes:
read_inventory— to read product stock levels-
read_locations— to read fulfillment location data -
write_products— to update product positions and collection sort order
2.4 Webhooks
Pushy subscribes to Shopify webhooks for inventory and
product/collection changes (variants/in_stock, variants/out_of_stock, products/update, collections/create, collections/delete), app lifecycle events (app/uninstalled, app/scopes_update), and the mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact).
2.5 Analytics and diagnostics
We collect limited usage analytics and error/diagnostic data to operate and improve the App. This includes your store domain and product-usage events (such as enabling sorting on collections or dismissing in-app prompts), and exception/error information. We do not use this data to identify or track individual shoppers.
3. How We Use Information
We use the information described above to:
- Authenticate your store and maintain your App session
- Provide the core service: detecting stock changes and sorting collections
- Restore your previous collection sort order if you uninstall the App
- Store and apply your App configuration and preferences
- Monitor reliability, debug errors, and improve the App
- Provide customer support when you contact us
- Comply with legal obligations and Shopify's platform requirements
We do not sell personal information, and we do not use your data for advertising or for profiling your shoppers.
4. Legal Bases for Processing (GDPR/UK GDPR)
Where the EU or UK General Data Protection Regulation applies, we process personal data on the following legal bases:
- Performance of a contract — to deliver the App's functionality to you
- Legitimate interests — to secure, maintain, debug, and improve the App, and to provide support, balanced against the limited, non-shopper nature of the data involved
- Legal obligation — to meet platform and statutory compliance requirements
For shopper personal data, your store is the data controller and we act as a data processor on your behalf; our processing is limited as described in Section 2.
5. Sub-processors and Third-Party Services
We share data only with the service providers necessary to run the App:
| Service | Purpose | Data shared |
|---|---|---|
| Cloud database (PostgreSQL) | Primary storage of App data | All data in Section 2.1–2.4 |
| Redis | Temporary job queue and distributed locking | Transient processing data |
PostHog (us.i.posthog.com) | Product analytics and error tracking | Store domain, usage events, error data |
| Tawk.to | In-app customer support chat | Support chat content and session metadata you provide when chatting |
| Telegram | Internal operational alerts/metrics | Aggregate operational metrics and store domain; no shopper data |
We do not control the independent privacy practices of these providers. Their processing is governed by their own privacy policies and our agreements with them.
6. International Data Transfers
We and our sub-processors may process data in countries other than your own, including the United States and within the European Economic Area. Where data is transferred internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required by applicable law.
7. Data Retention and Deletion
- Webhook events: stuck/pending events are reset after ~1 hour; completed events are deleted after ~24 hours; failed events are deleted after ~7 days.
- On app uninstall: we delete your session and access token, App preferences, sorted-collection records, and product records, and we attempt to restore your collections' previous sort order in Shopify.
- On
shop/redact: when Shopify sends the shop-redaction webhook (approximately 48 hours after uninstall), we delete the store's sorted-collection records, App preferences, and product records. - Customer data requests/redaction: because Pushy does
not store shopper personal data, our responses to
customers/data_requestandcustomers/redactconfirm that no such data is held.
We may retain limited records longer where required to comply with legal obligations, resolve disputes, or enforce agreements.
8. Data Security
We protect data through Shopify OAuth-based authentication, HMAC-verified webhook payloads, encrypted transport (HTTPS/TLS), access controls, and the use of reputable infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
9. Your Rights
Merchants
Depending on your location, you may have rights to access, correct, delete, restrict, or object to the processing of your personal data, and to data portability. You can exercise these rights by contacting us at [email protected]. You may also uninstall the App at any time from your Shopify admin, which triggers deletion as described in Section 7.
Shoppers (EU/UK – GDPR; California – CCPA)
Pushy does not store shopper personal data. Requests by shoppers to access or delete personal data should be directed to the merchant (store owner), who is the controller of that data. Shopify forwards mandatory data-request and redaction webhooks to us, and we respond confirming no shopper data is held.
Under the CCPA, California consumers have the right to know, delete, and opt out of the "sale" of personal information. We do not sell personal information. As we do not hold shopper personal data, such requests should be made to the relevant merchant.
10. Children's Privacy
The App is intended for use by businesses and is not directed to children. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the "Last updated" date above and, where appropriate, through additional notice. Continued use of the App after changes take effect constitutes acceptance of the revised policy.
12. Contact Us
For any questions, requests, or complaints regarding this Privacy Policy or your data, contact:
Bortor Studio
Email: [email protected]
If you are in the EEA or UK and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.