Tocsin

Tocsin Privacy Policy

Effective date: TBD (set on App Store approval)
Last updated: 2026-05-26
Operator: Thomas Shelton, based in Tennessee, United States ("Tocsin," "we," "us").
Contact: support@tocsin.app

This Privacy Policy explains what data Tocsin collects, why, how long we keep it, and the choices you have. Tocsin is a Shopify App Store application that monitors a Shopify store and notifies the merchant when revenue patterns or stock levels look broken.

Plain-English summary. Tocsin reads order totals, product, and inventory data from your Shopify store via official Shopify APIs. We don't store the names, emails, addresses, or payment details of your customers. We compute hour-by-hour totals to learn what "normal" looks like for your store and we alert you when something looks wrong. You can uninstall the app at any time and we delete everything we hold about your store within 48 hours.

1. Who this policy applies to

This policy describes how we handle data belonging to:

Merchants — the Shopify store owner or staff who installs and configures Tocsin.
Stores — the Shopify store being monitored.

It does not describe how Shopify itself handles your data; that is covered by Shopify's own privacy notice.

We do not collect, store, or transmit data about your end customers (the people who buy from your store). See §3 for detail.

2. What we collect from Shopify

When you install Tocsin, you authorize us via Shopify OAuth to read the following scopes:

Scope	Why we need it
`read_orders`	Compute hour-by-hour revenue totals to detect anomalies
`read_products`	Identify your top-selling products for low-stock alerts
`read_inventory`	Track inventory velocity for low-stock alerts

From the order webhooks (orders/create) we extract and persist only these fields: Order ID, order name, total price, subtotal price, currency, presentment currency, financial status, created-at timestamp, test flag, cancelled-at timestamp.

We do not persist the customer name, email, address, phone, shipping address, billing address, line-item product titles, or any payment instrument data from the order payload, even though Shopify may include those fields in the webhook.

We persist these into two purpose-built tables: an hour-bucket aggregate (MetricSample) and an idempotent webhook receipt log (WebhookEvent).

3. What we do NOT collect

We do not collect, store, or process:

End-customer names, emails, addresses, phone numbers
Payment card numbers, partial card numbers, payment processors' identifiers
Shipping or billing addresses
IP addresses of your customers
Cookies or tracking pixels on your storefront (we don't operate on your storefront)
Marketing consent data

Where Shopify webhook payloads include these fields by default, we discard them on receipt.

4. What we collect from you

When you, the merchant, use the Tocsin app:

Account binding — your shop domain (e.g. yourstore.myshopify.com), Shopify session and access tokens (encrypted at rest), and basic user metadata Shopify provides during OAuth (display name, locale).
Alert configuration — the channels you configure for delivery (Slack webhook URL, email recipients), your sensitivity preset, quiet hours, and quiet windows.
Operational logs — timestamps and statuses of alert firings and delivery attempts (success/failure) for the purpose of debugging delivery and improving the false-positive rate.

5. Why we collect it (lawful basis)

Under GDPR and similar regimes, our lawful basis for processing is:

Contractual necessity (Art. 6(1)(b)) — we cannot monitor your store and deliver alerts without reading your orders, products, and inventory.
Legitimate interests (Art. 6(1)(f)) — operational logs to debug failed alert deliveries.

6. Where data is stored and who can access it

Primary database — managed Postgres on Supabase, US-West region.
Application servers — Render, US-West (Oregon).
Email delivery — Resend (US). The order summary in the alert email is sent to your configured recipients; the email body itself contains aggregate dollar amounts and never customer-specific information.
Backups — encrypted point-in-time recovery via Supabase, retained 7 days.

Only Tocsin's operator (Thomas Shelton) has access to the production database. We do not share, sell, or rent your data. We do not run analytics or feed your data into any AI training pipeline.

Subprocessors we rely on:

Subprocessor	Purpose	Region
Shopify	OAuth, webhook delivery, billing	US
Render	Application hosting	US
Supabase	Database	US
Resend	Transactional email	US
Cloudflare	DNS, TLS	Global
BetterStack	Uptime + heartbeat monitoring	EU

We will update this list before adding any new subprocessor.

7. How long we keep it

Data	Retention
Hourly revenue rollups (`MetricSample`)	Last 90 days, then deleted
Raw webhook payloads (`WebhookEvent`)	90 days, then deleted
Alert firing history (`AlertFiring`)	12 months, then deleted
Your settings (`ShopSettings`)	While the app is installed
Variant metadata for low-stock alerts (`VariantMeta`, `VariantInventoryByLocation`, `VariantDailyUnits`)	While the app is installed
Lifecycle email send log (`LifecycleEmailEvent`) — which onboarding/trial emails we've already sent you	While the app is installed
Session and access tokens	While the app is installed
All of the above	Deleted within 48 hours of uninstall

The 48-hour window matches Shopify's shop/redact GDPR webhook, which fires 48 hours after uninstall and triggers a full purge in our system.

8. GDPR / CCPA / data subject rights

If you are a Shopify merchant in the EU, UK, California, or another jurisdiction that grants data-subject rights:

Right to access — request what we hold about you by emailing support@tocsin.app. We respond within 30 days.
Right to deletion — uninstalling Tocsin from your Shopify admin triggers automatic deletion of everything we hold about your store within 48 hours.
Right to rectification — change any setting we hold about you in the Tocsin settings screen.
Right to portability — email us; we'll export your ShopSettings and AlertFiring history as JSON.

Because we do not store your customers' PII, customer-level requests (customers/data_request, customers/redact from Shopify) are no-ops: we have no data to return or delete.

9. Security

All data in transit is encrypted via TLS 1.2+.
Shopify access tokens are encrypted at rest using AES-256.
The application runs on managed infrastructure with vendor-provided isolation. We do not run our own servers.
We do not log or persist the payment instruments of merchant subscriptions; billing is handled entirely by Shopify Managed Billing.

If you discover a security issue, please email support@tocsin.app with details. We acknowledge within 72 hours.

10. International transfers

Your data may be processed in the United States. Where we transfer data subject to GDPR outside the EEA/UK, we rely on Standard Contractual Clauses with our subprocessors.

11. Children

Tocsin is a B2B tool sold to Shopify store operators. We do not knowingly collect data from anyone under 16.

12. Changes to this policy

We will update the "Last updated" date above and notify active merchants via in-app banner before any material change. Continued use after the effective date constitutes acceptance.

13. Contact

Questions, requests, or complaints: support@tocsin.app.

For complaints about data handling, EU residents may also lodge a complaint with their local supervisory authority.