Privacy Policy
Last updated: January 2026
Introduction
At Spentry, we value your privacy and are committed to protecting your data. This Privacy Policy explains what data we collect, how we use it, and your rights as a user. By installing and using the Spentry app, you agree to the terms outlined below.
Our Commitment to Data Minimization
Spentry processes only the minimum personal data required to provide value to merchants. We focus on aggregate business metrics—not individual customer information.
Any order data we access is used exclusively for financial calculations and is never shared, sold, or used for marketing purposes.
What We Collect
We only collect data essential to operate the app and provide our services:
Authentication
- Your Shopify store domain
- A unique store token used to connect your store to Spentry
- Your email address (for login via OTP and account identification)
Business Data
We store store-level financial and operational data that you or your team enter manually or sync from Shopify to provide accurate cost tracking and profit analysis. This may include:
- Purchase records
- Cost entries
- Expenses
- Store settings
- Order IDs and order numbers
- Order totals and timestamps
- Product information from orders
We do not collect or store any customer personal data (e.g., names, emails, addresses), payment information, or shipping addresses.
Order data is used solely to calculate costs and generate reports for your business.
How We Use Your Data
We use your data to:
- Provide a secure login experience
- Link your Shopify store to your Spentry account
- Power features like expense tracking and financial reporting
- Offer account-specific support and billing
- Maintain security, detect fraud, and monitor performance
We do not sell or share your data with third parties for marketing.
Data Sharing
We only share data in the following cases:
- With Shopify, during app installation or API requests
- With our infrastructure providers (e.g., database, email service) under strict confidentiality agreements
- If required by law (e.g., to comply with legal process)
Cookies & Tracking
Spentry uses minimal, strictly necessary cookies for:
- Session authentication
- Storing store context
- Redirect management
We do not use tracking cookies, ad pixels, or behavioral analytics.
Data Retention & Deletion
On Uninstall
When you uninstall the app:
- Soft delete (within 48 hours): Your store is marked as uninstalled and access is revoked
- Hard delete (after 48 hours): Shopify sends us a `shop/redact` webhook, and we permanently delete:
- Your store's Spentry account
- All business data you've entered
- All sessions and access tokens
This 48-hour window allows you to reinstall without data loss if uninstalled by mistake.
Manual Deletion
You can delete your data at any time from within the app via the 'Delete Store' option. This performs a complete cleanup, and you will be logged out automatically.
Customer Data Requests
Although we don't store customer data, we honor Shopify's customers/data_request and customers/redact webhooks by responding with or confirming deletion of any records if present.
Security
- We use HMAC verification on all Shopify requests and webhooks.
- All data is transmitted over secure HTTPS connections.
- OTP-based login ensures passwordless and secure authentication.
- Database hosted on Prisma Accelerate with encrypted storage
Your Rights
As a user, you can:
- Request to view the data associated with your account
- Delete your store's data at any time
- Request support by contacting us at
Changes to This Policy
We may update this Privacy Policy from time to time. You will be notified of any material changes, and continued use of the app constitutes acceptance of the revised policy.
Contact
Questions? Reach out to us anytime:
Thank you for trusting Spentry. We're honored to support your business with simplicity and transparency.
Regional Addendum
For Users in the European Union (GDPR)
If you're located in the European Economic Area (EEA), your data is protected under the General Data Protection Regulation (GDPR). You have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Object to processing or request portability of your data
- Lodge a complaint with your data protection authority
Spentry is the data processor, and Shopify is the controller. We only process data necessary to provide our service.
To exercise your rights, contact
For California Residents (CCPA)
If you're a California resident, you are protected under the California Consumer Privacy Act (CCPA). You have the right to:
- Know what personal information we collect
- Request deletion of your personal data
- Opt out of the sale of your data (we don't sell it)
Spentry does not share or sell your data with third parties. You can submit data requests via
We will not discriminate against you for exercising any of your CCPA rights.