Skip to main content
ROGER Logo

Privacy Policy

Last updated: May 2026

This Privacy Policy describes how Roger ("we," "us," or "our") collects, uses, stores, and protects information when you use the Roger — Operations Manager application ("the App") available through the Shopify App Store, as well as our website at getroger.ai and web application at app.getroger.ai.

By installing the App or using our services, you agree to the collection and use of information as described in this policy.

1. Information We Collect

1a. Information collected via Shopify APIs

When you install the App, we request the following read-only Shopify access scopes:

  • read_orders — Order details including order ID, status, dates, financial totals, discount codes, shipping address (region-level only: province, country, postal code), and shipping line details
  • read_fulfillments — Fulfillment status, tracking information (carrier, tracking number, tracking URL), and fulfillment dates
  • read_products — Product and variant identifiers and SKUs referenced in order line items
  • read_inventory — Inventory data associated with order line items
  • read_locations — Location identifiers associated with orders and fulfillments

We perform an initial bulk data import of the most recent 30 days of order data when you first install the App, and receive ongoing order updates thereafter.

What we do NOT collect from Shopify:

  • Payment method or credit card information
  • Customer account credentials

1b. Information collected directly from merchants

During onboarding and through the App's settings page, we collect:

  • Account information: Email address, business name, industry (optional)
  • Store details: Store display name, public website URL
  • Business address: Street address, city, state/province, postal code, country
  • Preferences: Default currency, timezone
  • Shopify session data: Shop domain, access tokens (for API communication), and basic staff account information (name, email) as provided by Shopify during authentication

1c. Information about your customers

The App processes your Shopify order data, which may include personal information about your customers such as names, email addresses, phone numbers, mailing addresses, and order details. This data is collected solely to provide the App's operational analytics and reporting features and is handled in accordance with this policy and Shopify's data protection requirements.

1d. Cookies and website analytics

Our marketing website at getroger.ai uses analytics cookies only with your explicit consent. Non-essential tracking is disabled by default and can be managed through the Cookie Settings control on the site. The Shopify-embedded App does not set any cookies or use browser-based storage (localStorage or sessionStorage) — authentication is handled entirely server-side through Shopify's session token system.

2. How We Use Your Information

We use the information we collect to:

  • Provide the App's core functionality: Ingest and process your Shopify order data to generate operational analytics, including revenue reporting, inventory health insights, shipping performance metrics, and fulfillment tracking
  • Manage your account: Authenticate your identity, process onboarding, manage your subscription, and maintain your store configuration
  • Communicate with you: Send verification codes during onboarding, account-related notifications, and a one-time magic link to access the Roger web application
  • Improve our services: Analyze aggregated, non-personally-identifiable usage patterns to improve the App's functionality and performance

We do not:

  • Sell your personal information or your customers' data to third parties
  • Use your Shopify store data for advertising or marketing purposes
  • Share your data with third parties for their own marketing purposes
  • Use your data to build profiles of your customers for purposes unrelated to providing the App

3. Data Sharing and Third-Party Services

We share your information only with the service providers necessary to operate the App:

ProviderPurposeData shared
Supabase(database hosting)Stores merchant accounts, store configurations, and processed order dataAll data described in Section 1
Railway(application hosting)Hosts the Shopify embedded app serverShopify session tokens, request data in transit
Shopify(platform)Provides the merchant admin, billing, authentication, and order data APIsAs required by Shopify's platform

We do not use any third-party analytics, error tracking, advertising, or customer data platform services within the App. All data processing occurs within our own infrastructure.

We may also share information if required by law, to comply with legal process, or to protect the rights, property, or safety of our users or the public.

4. Data Storage and Security

Your data is stored in secure, managed databases hosted by Supabase (cloud infrastructure). Our application servers are hosted on Railway. Both services employ industry-standard security measures including encryption in transit (TLS/HTTPS) and encryption at rest.

All communication between the Shopify-embedded App and our backend API is authenticated using secure API keys and transmitted over HTTPS. Shopify access tokens are stored encrypted and are never exposed to the browser or included in client-side code.

We implement access controls to limit data access to authorized personnel only, and we regularly review our security practices.

5. International Data Transfers

Our infrastructure providers (Supabase and Railway) process and store data in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. By using the App, you consent to this transfer. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

6. Data Retention

  • Active accounts: We retain your merchant account data, store configuration, and processed order data for as long as your Roger account is active and the App is installed on your Shopify store.
  • After uninstallation: When you uninstall the App, we deactivate your store record and integration. Your processed order data is retained for a reasonable period to allow for reinstallation and account recovery, after which it is deleted.
  • After account cancellation: When your subscription is cancelled and not renewed, we retain your data for up to 90 days to allow for reactivation. After this period, your data is queued for deletion.
  • Compliance data: Records of GDPR/privacy compliance requests are retained as required by applicable law.
  • Shopify session data: Local session records (access tokens, staff account information) are deleted immediately upon App uninstallation.

You may request earlier deletion of your data at any time by contacting us (see Section 11).

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data
  • Restriction: Request that we limit how we process your data
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to our processing of your data for certain purposes

For EU/EEA residents (GDPR): You have all of the above rights. Our legal basis for processing your data is the performance of a contract (providing the App's services) and our legitimate interests in improving our services.

For California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@getroger.ai. We will respond to your request within 30 days.

8. Shopify Data Protection and Compliance

We comply with Shopify's mandatory data protection requirements by implementing the following webhook handlers:

  • Customer Data Request (customers/data_request): When Shopify forwards a customer's request for their data, we compile and deliver all data associated with that customer from our systems.
  • Customer Data Erasure (customers/redact): When Shopify notifies us that a merchant's customer has requested deletion of their data, we delete all personally identifiable information associated with that customer from our systems.
  • Shop Data Erasure (shop/redact): When a merchant requests erasure of all their shop data (typically 48 hours after uninstallation), we delete all data associated with that shop from our systems.

All compliance webhook responses are processed within Shopify's required timeframes.

9. Children's Privacy

The App is designed for use by Shopify merchants (business operators) and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this policy. We encourage you to review this policy periodically.

11. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your privacy rights, contact us at:

Email: privacy@getroger.ai

Website: https://getroger.ai

This Privacy Policy applies to the Roger — Operations Manager application available on the Shopify App Store and the Roger web application at app.getroger.ai.

Back to homepage