Legal

Privacy Policy

BundleBee by Atisam Labs · Last updated March 22, 2026

1. Introduction

This Privacy Policy describes how Atisam Labs ("we", "us", or "our") collects, uses, and protects information when you install and use the BundleBee application ("the App") on your Shopify store.

By installing or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree, please uninstall the App.

2. Who We Are

Atisam Labs is the developer and operator of BundleBee, a Shopify embedded application that enables merchants to create bundle offers, volume discounts, and cart transform promotions on their Shopify stores.

Contact: atisam.labs@gmail.com

3. Information We Collect

3.1 Merchant / Store Information

When you install the App, we collect and store:

  • Your store domain (e.g., your-store.myshopify.com)
  • Your Shopify store name and email address
  • Your Shopify plan name (e.g., Basic, Advanced)
  • Whether your store has an active online storefront
  • Your store's installation date and app configuration settings
  • Active Shopify app subscription details (plan name, billing cycle, trial status)

This information is obtained through the Shopify Admin API during the OAuth authentication flow and subsequent API calls.

3.2 Bundle Configuration Data

The App stores all bundle deals, discount settings, template configurations, and publishing snapshots that you create within the App. This data is yours — it exists solely to power the App's functionality and is never shared or sold.

3.3 Storefront Analytics

The App's theme extension sends anonymous bundle interaction events to our server, including:

  • Bundle impression events (a bundle widget was viewed)
  • Add-to-cart events (a shopper added a bundle to their cart)
  • The bundle identifier associated with each event

These events contain no personal customer data. We do not collect names, email addresses, IP addresses, device identifiers, or any information that identifies individual shoppers.

3.4 Order Attribution Data

When an order is placed on your store, we receive a webhook containing order information (order ID, line items, and order total). We use this solely to attribute revenue to the bundle that influenced the purchase. Individual customer details are not stored beyond what is necessary for attribution.

3.5 Authentication Session Data

We store Shopify OAuth session tokens to maintain your authenticated session within the embedded app. These tokens are encrypted at rest and never exposed to third parties.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the App and its features
  • Display bundle analytics and revenue attribution in your dashboard
  • Manage your billing plan and subscription status
  • Send webhook-driven notifications (subscription updates, uninstall cleanup)
  • Improve the App's performance, features, and user experience
  • Respond to support requests sent to our support email
  • Comply with legal obligations

We do not use your data for advertising, profiling, or any purpose unrelated to providing the App.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your information to third parties. We may share information only in the following limited circumstances:

  • Shopify: The App operates on Shopify's platform and uses Shopify APIs. Shopify's own privacy policy governs their handling of data.
  • Infrastructure providers: We use cloud hosting and database services to store App data. These providers process data only on our behalf and are bound by confidentiality obligations.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of Atisam Labs or others.

6. Data Retention

We retain your store data for as long as the App is installed on your store and your account is active. Specifically:

  • While installed: All store data, bundle configurations, and analytics are retained to provide the service.
  • After uninstall: We receive a Shopify app/uninstalled webhook. Store session data is deleted promptly. Bundle and analytics data may be retained for up to 30 days to allow reinstallation, after which it is permanently deleted.
  • On data deletion request: We honour GDPR shop/redact webhooks and delete all store data upon request.

7. GDPR and Customer Data Rights

The App implements all three Shopify mandatory GDPR compliance webhooks:

  • customers/data_request: When a customer requests their data, we provide any stored data related to that customer to you (the merchant) within 30 days.
  • customers/redact: When a customer requests deletion, we delete any personal data we hold related to that customer.
  • shop/redact: When a store requests full data deletion (48 days after uninstall), we permanently delete all data associated with that store.

As noted above, the App's storefront analytics do not collect personally identifiable customer information, so the scope of customer data requests is typically minimal.

If you are an EU-based merchant and have questions about your rights under GDPR, contact us at atisam.labs@gmail.com.

8. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of sensitive data at rest (OAuth tokens, API secrets)
  • Access controls limiting who can access production data
  • Regular security reviews of our application and infrastructure

No method of transmission or storage is 100% secure. We will notify affected merchants promptly in the event of a data breach that affects their store data.

9. Third-Party Services

The App is built exclusively on Shopify's platform and native APIs. We do not integrate with third-party analytics platforms, advertising networks, or marketing tools. Any future integrations will be disclosed in an updated version of this policy.

10. Children's Privacy

The App is a business tool intended for Shopify merchants. It is not directed at individuals under the age of 16, and we do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify merchants via the Shopify App notification system or email.

Continued use of the App after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Atisam Labs
Email: atisam.labs@gmail.com
App: BundleBee on Shopify App Store

We aim to respond to all enquiries within 5 business days.