CodeBatch

Privacy Policy

Last updated: 2026-04-30

This Privacy Policy explains what information CodeBatch ("we", "us", "our") collects when you install and use the CodeBatch app on your Shopify store, how we use that information, and your rights regarding that data.

1. Who This Policy Applies To

This policy applies to Shopify merchants who install and use CodeBatch. CodeBatch is a merchant-facing tool — your store's customers do not create accounts in our app and we do not collect their personal information.

2. Information We Collect

2.1 Shop & Account Information

When you install CodeBatch, we receive the following information from Shopify via OAuth authentication:

Shop domain (e.g., your-store.myshopify.com)
Shop name, email address, currency, and timezone
Shopify plan tier (e.g., Basic, Shopify, Advanced, Plus)
Merchant account owner name and email
App installation date and last access timestamp

2.2 Discount Campaign & Code Data

When you create discount campaigns or generate codes inside the app, we store:

Discount title, type, and configuration (amounts, percentages, usage limits, date ranges, combination rules, etc.)
All discount codes — whether randomly generated or uploaded as a custom list
Code prefixes, suffixes, and formatting options you apply
Shopify discount IDs associated with each campaign
Campaign creation and update timestamps
Campaign status (active, scheduled, expired, deactivated)

2.3 Code Usage & Order Data

To track how your discount codes are redeemed, we listen to Shopify's orders/create webhook. When an order is placed using a code created in CodeBatch, we record:

The Shopify order ID (an internal Shopify reference, not customer-identifiable data)
The specific discount code that was used
The timestamp of the redemption event

We do not collect customer names, email addresses, shipping addresses, payment details, or any other customer personal information from orders.

2.4 App Settings & Preferences

We store your in-app settings, including:

Your preferred UI language (chosen from 12 supported languages)
Discount list pagination preference (items per page)

2.5 Session & Authentication Data

We store OAuth session tokens issued by Shopify to authenticate API requests on your behalf. These tokens are held securely in our database and are used solely to operate the app's core functions.

2.6 Operational Logs

Our infrastructure generates structured logs for operational monitoring and debugging, which may include shop identifiers, API operation names, and error details. Logs are retained for a limited period and do not contain sensitive personal data.

3. How We Use This Information

To operate the app — creating, managing, and exporting discount campaigns and codes in your Shopify store.
To track code usage — displaying redemption counts and usage history for each discount code.
To process exports — generating ZIP/CSV files of your codes and usage data for download.
To maintain your settings — remembering your language and display preferences across sessions.
For security and abuse prevention — rate limiting and monitoring to protect service integrity.
For compliance — responding to GDPR data requests and Shopify's mandatory compliance webhooks.

4. Sharing of Information

We do not sell, rent, or trade your data. We may share data only in the following limited circumstances:

Infrastructure providers — We use third-party hosting and database services (e.g., PostgreSQL database hosting, Redis for background job processing) that process data on our behalf under appropriate data processing agreements.
Shopify — We interact with Shopify's Admin API to create and manage discounts on your store. Shopify's own terms and privacy policies govern data handled on their platform.
Legal requirements — We may disclose data if required by law, court order, or government authority.

No customer personal information is shared with any third party.

5. Shopify API Permissions

CodeBatch requests the following Shopify API access scopes, which are necessary for the app to function:

read_discounts / write_discounts — to create and manage discount campaigns in your store
read_products — to let you target discounts at specific products or collections
read_orders — to track which discount codes have been redeemed

6. Data Retention

Shop & discount data — retained while the app is installed and for a reasonable period after uninstallation to support data requests and disputes.
Code usage events — retained as part of your campaign history for as long as you use the app.
Session tokens — managed by Shopify's OAuth lifecycle; invalidated when you uninstall the app.
Operational logs — retained for 7–30 days depending on log type, then automatically purged.

When you uninstall CodeBatch, Shopify sends an app/uninstalled webhook and we begin the process of removing your shop data in accordance with Shopify's partner requirements.

7. GDPR & Shopify Compliance Webhooks

CodeBatch implements Shopify's mandatory compliance webhooks:

customers/data_request — we respond to requests for what customer data (if any) we hold.
customers/redact — we process customer data deletion requests from Shopify.
shop/redact — we delete shop data upon receiving this signal after uninstallation.

Because CodeBatch does not collect customer personal data, responses to customer data requests will typically confirm that no customer personal data is held.

8. Security

We implement reasonable technical and organizational measures to protect the data we hold, including encrypted database connections, secure token storage, and API rate limiting. However, no system is perfectly secure and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be indicated by updating the "Last updated" date above. Continued use of the app after changes are posted constitutes your acceptance of the updated policy.

10. Contact

If you have any questions or requests regarding this Privacy Policy or your data, please contact us at [email protected].