Privacy Policy

Product Order Export & Insights — last updated 2026-06-07

This Privacy Policy explains how the Product Order Export & Insights Shopify app (the “App”), provided by Lily (“we”, “us”, “our”), handles data when a Shopify merchant installs and uses it.

For technical or operational questions, contact: lilyinc00@gmail.com.

1. What data we access

When you install Product Order Export & Insights, Shopify grants the App access to the following data via the Shopify Admin GraphQL API:

Scope	What it lets the App read
`read_orders`	Orders from the last 60 days, including order lines, line item product/variant references, quantities, prices, payment status, fulfillment status, and the customer associated with the order.
`read_all_orders`	Orders older than 60 days, with the same fields as `read_orders`. This is what powers year-over-year and long-window restock analysis.
`read_products`	Product list, product titles, variant titles, SKUs, inventory levels.
`read_customers`	The `id`, display name, and email address of the customer attached to each order, so the App can compute repeat-purchase rate and “top customers”, and optionally include `customer` / `email` columns in your exported file. We do not request `phone` or `address`.

We only request what is strictly needed to render the in-admin Insights panel and to produce the per-product CSV/Excel exports that the App is designed for.

2. How the data is used

Insights panel (in your admin)

When you click “Insights” on a product or product set, the App fetches the matching orders live from Shopify and computes:

order count, units sold, revenue, average order value
repeat-purchase rate, top customers (name + counts)
top variants by units and revenue
sales velocity (units/day) and an estimated restock date based on current inventory
monthly trend

The result is rendered inside your Shopify admin’s embedded app page. Only you (the merchant) see it.

CSV / Excel export

When you click “Export” on one or more products, the App fetches the matching orders and writes them to a CSV (or .xlsx) file with the columns you select. The file is streamed directly to your browser as a download. We do not retain a copy.

Sales velocity / restock computation

Uses only your own product inventory totals and the time span between the first and last matching order. No external data sources.

3. How the data is stored

Order data and customer PII are not persisted. Order and customer fields are fetched from the Shopify Admin API on each request, used for the response, and dropped from memory once the response is sent back to your browser.
The only data we persist is the bare minimum required to authenticate API calls to your store: your shop’s myshopify.com domain, the scope string you approved, and a short-lived (“expiring”) offline access token issued by Shopify. We do not store any order, customer, product, or financial data alongside it.
Logs use Shopify’s standard parameter filtering. Raw order payloads and customer fields are not logged.
Transport security: All traffic between the App and Shopify is TLS-encrypted. The App itself is served over HTTPS only.

4. Data retention and deletion

Order/customer data: not retained beyond the lifetime of a single request.
Shop installation record: retained for as long as the App is installed in your store. When you uninstall the App, Shopify sends an app/uninstalled webhook and we delete the installation record (token, scope, domain).
GDPR / customer data requests (customers/data_request, customers/redact, shop/redact webhooks): handled per Shopify’s protected customer data requirements. Because we do not persist customer PII, there is no stored data to deliver or redact in response — the handlers verify the HMAC signature and acknowledge the request.

5. Sharing with third parties

We do not share, sell, or rent any merchant or customer data to third parties. The App does not transmit your data to any analytics, advertising, marketing, or AI service.

The only external service the App talks to is the Shopify Admin GraphQL API itself (to fetch the data you are looking at).

6. Sub-processors

The App is hosted on Amazon Web Services (AWS) in the Tokyo region (ap-northeast-1). AWS processes traffic and stores operational data on our behalf in order to serve the App, under AWS’s standard data processing terms. AWS does not access your data beyond what is required to operate the hosting infrastructure.

7. Your rights

You can revoke the App’s access at any time by uninstalling it from your Shopify admin. On uninstall, Shopify sends us app/uninstalled and we delete the shop installation record.
For any data-related question or request (deletion, export, clarification), email us at lilyinc00@gmail.com and we will respond within 30 days.

8. Children’s data

The App is a B2B Shopify merchant tool. It is not directed at children, and we do not knowingly process data of children under 16.

9. International transfers

Data fetched by the App is processed on servers located in Japan (AWS ap-northeast-1, Tokyo). If you are based in the EU/UK and Shopify’s storefront/admin region is in another jurisdiction, your data passes through Tokyo, Japan during processing.

10. Changes to this Policy

If we change this policy in a way that meaningfully affects what data is processed or how, we will update the “Last updated” date at the top and, where Shopify requires it, request your re-consent to updated scopes on next sign-in.

11. Contact

Lily (developer of Product Order Export & Insights)
Email: lilyinc00@gmail.com
App URL: https://kakushida-app.sg-cloud.jp/order_export