How We Handle Customer Data in Essential Preorder & Back in Stock
Essential Preorder & Back in Stock helps you take preorders and collect back-in-stock registrations while keeping customer data safe and compliant with privacy requirements, including GDPR. This guide explains what data we process, why we need it, how we secure it, and how deletion works.
Why this app needs customer data
Some features cannot work without processing limited customer information. For example:
- Back-in-stock requires contact details to register a customer and send notifications.
- Preorders require identifying which orders contain preorder items and which campaign rules apply.
We follow data minimization: we process only what’s necessary to provide the app functionality.
What data we process and why
1) Back-in-stock registrations and notifications
When you enable Back in Stock, we process:
- Customer name (if available)
- Email address and/or phone number (depending on your notification settings)
- Customer locale
Purpose:
- Register a customer request
- Send the back-in-stock notification when the product becomes available
- Send back in stock notification in customers language
2) Preorder orders and campaign rules
For orders that contain preorder items, we store only limited order-related data needed to identify preorder orders and apply campaign rules:
- Order ID
- Campaign ID (generated by our app)
- Product variant IDs
- Payment type: full or partial
- Product variant names and image URLs
Purpose:
- Identify preorder orders
- Apply campaign rules and show the right preorder status in the app
3) Technical and security data
We may process:
- IP address
- Browser and device information
- Timestamps and diagnostics logs
Purpose:
- Security and abuse prevention
- Reliability and troubleshooting
- Monitoring performance and errors
4) Merchant activity logs (admin actions)
To support auditing, troubleshooting, and reliability, we log certain merchant actions, such as:
- CREATE_PREORDER_CAMPAIGN, UPDATE_PREORDER_CAMPAIGN, DELETE_PREORDER_CAMPAIGN
- CREATE_BIS_CAMPAIGN, UPDATE_BIS_CAMPAIGN, DELETE_BIS_CAMPAIGN
These logs may include derived network location data based on IP:
- Continent, country, region, city, latitude, longitude, timezone
Important:
- This is approximate network-based location derived from the ISP/network. It is not a precise location and is not based on GPS.
What we do not collect
We do not collect or store:
- Payment card details (credit card numbers, CVV)
- Customer passwords
- Marketing profiling data or ad network identifiers
- Precise GPS location
Cookies and tracking
Our app does not rely on non-essential tracking to function.
- We do not require marketing cookies or ad tracking cookies for the app to work.
- If your store blocks non-essential cookies/scripts via a consent banner, the app will continue to work as it does today.
Note: Shopify and your storefront theme may use essential cookies needed for core store functionality. Those are controlled by Shopify and your store setup.
Data retention and deletion
After app uninstall
We retain app data for 48 hours after uninstall, then delete it. This matches Shopify’s standard app data deletion timeline.
On merchant request
If you request deletion earlier or have a specific requirement, contact support and we will assist where feasible and consistent with Shopify platform requirements.
Security practices
We use industry-standard security measures, including:
- Encryption in transit (TLS/SSL)
- Access controls and least-privilege permissions
- Monitoring and error tracking to detect issues quickly
- Operational safeguards to prevent unauthorized access
Our commitment
We build Essential Preorder & Back in Stock with privacy and security in mind:
- We minimize data collection and use it only for app functionality
- We do not sell customer data
- We keep deletion aligned with Shopify’s deletion requirements (48 hours after uninstall)
If you have specific compliance questions, contact our support team and we’ll help.