Privacy Policy

WP Price Updater Privacy Policy #

WP Price Updater (“the App”) connects Shopify stores with Google Sheets to automate and synchronize product price updates.
This Privacy Policy explains what Google and Shopify data the App accesses, how it is used, shared, stored, and deleted — in accordance with the Google API Services User Data Policy and the Google APIs Terms of Service.

1. Data Accessed #

From your Shopify store #

  • Store information: store name, domain, and owner email as provided in Shopify.
  • Product data: product IDs, titles, variants, prices, and inventory levels required for updates.
  • Configuration and logs: data necessary to operate, synchronize, and troubleshoot the App.

From your Google Account #

The App uses Google OAuth 2.0 for secure, user-consented access to limited Google API scopes:

Scope Purpose Access Type
https://www.googleapis.com/auth/drive.file Create, read, and update spreadsheets that were created through the App. Read/Write
https://www.googleapis.com/auth/spreadsheets.readonly Read data from spreadsheets shared with you by third parties (e.g., ERP or supplier systems). Read-only
openid, email, profile Identify your Google account and associate it with your Shopify store for secure authentication. Identity only

The App can only access the specific spreadsheets that you explicitly select through the Google file picker or that it creates on your behalf.
It cannot browse or access any other Drive files without your consent.

The following limited data may be processed:

  • Spreadsheet ID, title, and sheet metadata.
  • Cell values within the defined range for price or variant synchronization.
  • Basic account information (email, profile name, user ID) used solely for account identification.

2. Data Usage #

We use collected data only to deliver and maintain the App’s core functionality:

  • To read and synchronize pricing and inventory data between Shopify and your connected Google Sheets.
  • To update spreadsheet content you explicitly select (via the drive.file scope).
  • To read external, shared spreadsheets (via the spreadsheets.readonly scope) when you import data from ERP or supplier sources.
  • To authenticate and associate your Google account with your Shopify store (via the openid, email, and profile scopes).
  • To provide support, troubleshooting, and service communication.

We never use Google user data for advertising, profiling, or analytics unrelated to the App’s functionality.

3. Data Sharing #

We do not sell, rent, or trade any personal or Google user data.

Third-party processors #

We rely on reputable service providers for:

  • Hosting and database infrastructure (within the EU/EEA),
  • Secure email communication,
  • Error logging and uptime monitoring.

Each provider processes data only under our instructions and is bound by strict confidentiality and security agreements.

Connected platforms #

  • Google: Only the Sheets and Drive files you explicitly authorize are accessed.
  • Shopify: Product and pricing data flows between Shopify and Google Sheets for synchronization.
  • Data is not shared beyond these integrated services.

We may disclose data only if required by law or to protect the rights and safety of users or the service.

4. Data Storage & Protection #

We implement strong security measures to protect all accessed data:

  • Encryption in transit: All traffic between browsers, Shopify, Google APIs, and our servers uses TLS/HTTPS.
  • Encryption at rest: OAuth tokens and stored data are encrypted using industry-standard encryption.
  • Access control: Only authorized personnel can access production data on a need-to-know basis.
  • Environment isolation: Secrets and credentials are stored securely and never exposed client-side.
  • Monitoring: Regular security audits, updates, and intrusion detection.

OAuth access and refresh tokens are:

  • Stored securely on the server side only.
  • Never logged, embedded, or shared.
  • Scoped to the minimum necessary permissions.
  • Revoked automatically upon user uninstallation or account unlinking.

5. Data Retention & Deletion #

  • We retain data only for as long as required to operate the App and comply with legal obligations.
  • When you uninstall the App or request deletion, all associated OAuth tokens and user data are deleted within a reasonable period (typically within 30 days).
  • Backup copies are automatically cycled out according to standard retention schedules.
  • You can revoke the App’s access to your Google Account at any time via https://myaccount.google.com/permissions.

Deletion requests can be made directly to info@wp-dataanalytics.de.

6. Your Rights #

If you are based in the EEA, UK, or other jurisdictions with data protection laws, you may request:

  • Access to or correction of your personal data,
  • Deletion or restriction of processing,
  • Portability of your data.

To exercise your rights, contact us at info@wp-dataanalytics.de.
We may verify your identity before fulfilling such requests.

7. International Transfers #

If data is transferred outside the EU/EEA (e.g., to Google data centers), we rely on adequacy decisions or Standard Contractual Clauses to ensure equivalent protection.

8. Changes to this Policy #

We may update this policy to reflect changes in technology, regulation, or our practices.
Updates will be posted at https://wp-dataanalytics.de/price_updater/privacy/ with a new effective date.

Controller:
Weber & Partner GbR
Odinspfad 2
69115 Heidelberg, Germany

Contact: Thomas Weber
Email: info@wp-dataanalytics.de