Privacy Policy
Last updated: June 2026
What we collect
HearFrom collects the following data when a merchant installs the app:
- Shop domain and OAuth access token (to authenticate with Shopify)
- Survey responses submitted by customers on the thank-you page (selected option only — no personally identifiable information is required)
- Order ID associated with each response (optional, used to prevent duplicate submissions)
- Customer email (optional, only if provided by the Shopify checkout context)
How we use it
- Survey responses are displayed in the merchant's HearFrom dashboard
- We do not sell, share, or use response data for advertising
- We do not use customer data for any purpose other than displaying it to the store owner
Data storage
All data is stored in a secured Supabase (PostgreSQL) database hosted on AWS infrastructure in the US. Access is restricted to authenticated merchants only.
Data retention and deletion
Survey responses are retained for as long as the app is installed. When a merchant uninstalls the app, all store data and survey responses are automatically and permanently deletedwithin 48 hours via Shopify's shop/redact webhook. No manual request is required.
Merchants may also request early deletion of their data by emailing batubaydaruk@gmail.com.
GDPR compliance
HearFrom responds to all of Shopify's mandatory GDPR webhooks:
- customers/data_request — acknowledged within 48 hours
- customers/redact — customer survey responses deleted by email
- shop/redact — all store data permanently deleted
These webhooks are handled at the /api/webhooks endpoint.