NNexo
Legal

Privacy Policy

This Privacy Policy describes how Nexo Apps (“we”, “us”, “our”) handles information when you install, configure, or use the Nexo – Order Limit & Purchase Rules app for Shopify (“App”).

Last updated: May 25, 2025

1. Overview & Scope

The App helps Shopify merchants enforce purchase limits, cooldown windows, and related policies. This notice explains the categories of information we collect, how we use that information, and the rights available to you as a merchant or authorized user of a store that installs Nexo.

By installing or using the App you consent to the practices outlined here. If you do not agree with this policy, uninstall the App and discontinue use. This policy supplements Shopify’s own privacy obligations; we recommend reviewing Shopify’s privacy documentation for additional context.

2. Information We Collect

We only collect information required to operate the App, deliver support, improve the product, and meet legal obligations. Shopify determines the scope of data accessible through its APIs. The categories we process include:

2.1 Store & Account Data

  • Shop name, domain, contact email, locale, and installed app identifiers
  • Plan tier, billing status, and usage allotments necessary to manage subscriptions
  • Authentication tokens or API scopes issued by Shopify to maintain the integration

2.2 Configuration & Rule Data

  • Limits, cooldowns, eligibility conditions, and messaging you configure
  • Metadata describing targeted products, collections, variants, customer tags, or locations
  • Localization preferences, translations, or content snippets provided by you

2.3 Order & Customer Signals

  • Order identifiers, line items, quantities, and timestamps needed to evaluate rules
  • Limited customer identifiers (for example Shopify customer ID or email hash) required to enforce cooldowns or aggregate purchase activity
  • No payment card data or full customer profiles are stored by the App

2.4 Usage, Support & Technical Data

  • Log events about rule evaluations, API calls, enforcement outcomes, and system health
  • Device/browser information, IP address, and timestamps when administrators access the App
  • Messages, attachments, or diagnostic details you share with support

3. How We Use Information

We process the above data to:

  • Validate carts and checkouts against the policies you configure
  • Deliver dashboards, logs, notifications, and localized messaging to your team
  • Provide onboarding, troubleshooting, and merchant support
  • Monitor performance, detect abuse, and ensure the reliability and security of the service
  • Analyze aggregated trends to improve features and plan capacity (data is anonymized or de-identified where feasible)
  • Comply with legal obligations and respond to lawful requests from authorities

4. Legal Bases for Processing

Our processing of personal data is supported by one or more of the following legal bases (depending on your jurisdiction):

  • Contract necessity – to provide the App and fulfill our agreement with you
  • Legitimate interests – to secure the service, prevent abuse, and enhance features
  • Consent – for optional functionality you explicitly enable (for example, certain localization or beta features)
  • Legal obligations – to satisfy bookkeeping, tax, or regulatory requirements

5. Data Retention

Enforcement logs, configuration data, and aggregated analytics are retained for as long as you maintain an active subscription and for a short grace period afterwards to support reactivation or audits. When you uninstall the App, store-specific data is deleted or anonymized within 30 days unless retention is required to satisfy legal obligations, resolve disputes, or comply with Shopify policy.

6. Sharing & Service Providers

We do not sell merchant or shopper data. Information may be shared with carefully selected subprocessors who help us operate the App. Each provider is bound by confidentiality obligations and processes data only on our instructions. Typical categories include:

  • Cloud hosting, storage, and content delivery platforms
  • Logging, monitoring, and analytics services
  • Support ticketing, email, or messaging vendors

We may also disclose information if required by law, court order, or governmental request, or to enforce our agreements and protect the rights, property, or safety of Nexo Apps, our merchants, or others.

7. Security

Data is encrypted in transit and stored using security controls appropriate to its sensitivity. Production systems are accessible only to authorized personnel and governed by least-privilege policies. We monitor infrastructure for unusual activity, review security practices regularly, and maintain incident response procedures. If we become aware of unauthorized access that affects your data, we will notify you in accordance with applicable law.

8. Your Rights & Choices

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing of personal data we hold about you. You may also request a copy of data in a portable format or withdraw consent where processing is based on consent.

Submit requests by emailing suppport@nexusio.cc. We may need to verify your identity before fulfilling a request and will respond within the timelines required by applicable regulations.

9. International Data Transfers

We may process data in the United States or other countries where we or our service providers operate. When transferring data internationally we rely on safeguards such as Standard Contractual Clauses, data processing agreements, or other mechanisms recognized by regulators to ensure an adequate level of protection.

10. Cookies & Similar Technologies

The App does not place marketing cookies on your storefront. Within the administrative interface we may use strictly necessary cookies or local storage to keep you signed in, store preferences, or measure aggregated usage. You can control cookies through browser settings; disabling them may affect certain features.

11. Children’s Data

Nexo is intended for business use and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided data to us, contact suppport@nexusio.cc so we can take appropriate action.

12. Updates to this Policy

We may revise this Privacy Policy to reflect product enhancements, regulatory guidance, or operational changes. Material updates will be communicated through the App, email, or Shopify notifications. The “Last updated” date above reflects the latest revision. Continued use of the App after updates become effective signifies acceptance of the revised policy.

13. Contact

For privacy questions, data requests, or security disclosures, contact:

Nexo Apps
Email: suppport@nexusio.cc