Privacy Policy

This Privacy Policy explains how Ctrl-Lab collects, uses, stores, and discloses information when merchants install and use our Shopify app (the “App”). The App runs inside Shopify Admin and provides reporting based on order custom attributes (also known as note attributes).This policy applies to data processed on behalf of merchants and, where applicable, data relating to merchants’ customers that may be included in orders.

When a merchant installs and uses the App, we may process:
- Store domain (e.g., "example.myshopify.com")
- App installation identifiers and access tokens (stored securely)
- App configuration and operational metadata

To provide reporting, we access order information through Shopify APIs and webhooks. Orders may include personal data about customers depending on the merchant’s store settings and Shopify’s payloads.

For the App’s reporting features, we process and store the minimum data necessary, typically:
- Order ID (Shopify identifier)
- Order created timestamp
- Order total (amount and currency)
- Order custom attributes / note attributes (key/value pairs, e.g., "dd_test_home_hero=A")
The App’s core features do not require customer names, email addresses, phone numbers, or addresses. We do not intentionally store those customer identifiers as part of our analytics datasets.

When a merchant uses CSV export features, the App generates files that may include:
- Summary exports: attribute value, order counts, revenue totals
- Order-level exports: order ID/name, timestamp, attribute key/value, order total, currency

We use the data described above to:
- Provide reporting dashboards and filters by attribute key/value
- Produce CSV exports requested by the merchant
- Maintain app security, prevent abuse, and ensure reliability
- Comply with legal obligations and Shopify platform requirements
We do not use merchant or customer data for advertising, resale, or data brokering.

We store App data in:
- A relational database (PostgreSQL in production) for App operations and session data
- A MongoDB database for analytics records and aggregated reporting data
We may use third-party infrastructure providers (for example, hosting, database, and monitoring providers) as subprocessors to operate the App. These providers process data only under our instructions and only to provide their services to us.

We share data only as necessary to:
- Provide the App’s features and requested exports to the merchant
- Operate, secure, and maintain the App using service providers
- Comply with legal requests and enforce our rights
We do not sell personal data.

We retain data only as long as needed to provide the App and meet legal/operational requirements. See the Retention Policy below for default retention periods.

We implement reasonable administrative, technical, and organizational measures designed to protect data, including:
- Encryption in transit (TLS/HTTPS)
- Access controls and least privilege
- Secure handling of credentials and secrets
No system is 100% secure; however, we work to protect data against unauthorized access, alteration, and loss.

If a merchant uninstalls the App, we delete App data associated with that shop within the retention timeframes described below (subject to legal obligations).
We also respond to Shopify-required privacy and redaction requests (including shop/customer redaction webhooks) by deleting applicable data associated with the requesting shop.

Merchants control which custom attributes they write into orders. Merchants are responsible for ensuring they do not write unnecessary sensitive personal data into custom attributes. If a merchant stores personal data in custom attributes, that data may appear in App reports and exports.

Merchants may request access, correction, or deletion of App-stored data for their shop by contacting: contact@ctrl-lab.co.
If you are a customer of a merchant using the App, please contact the relevant merchant first, as they control the store and order data.

We may update this Privacy Policy from time to time. We will update the effective date and, where appropriate, provide additional notice.