Last Updated: July 26, 2025
Legal Notice
Application Publisher:
AUTREMENT
CEO: Rocco Ghrenassia
Contact: [email protected]
Hosting:
- Application: Vercel Inc.
- Database: Neon Database
- Domain name: charlie-application.vercel.app
Introduction
This Privacy Policy describes how Charlie (“we”, “our”, or “the App”) collects, uses, and protects information when you install and use our Shopify application. Charlie is a fulfillment and location management app that helps merchants manage multiple store locations and create intelligent order routing rules.
This application is subject to French and European regulations, including the General Data Protection Regulation (GDPR - Regulation EU 2016/679) and the French Data Protection Act of January 6, 1978, as amended.
Data Controller
The data controller is:
AUTREMENT
[email protected]
When you install and use Charlie, we collect:
| Data type | Description |
|---|
| Shop information | Store name, email address, owner name, timezone, currency, domain |
| Location data | Location names, addresses, types, opening hours, capacity limits, phone numbers, geographic coordinates |
| Configuration settings | Shipping zones, local pickup settings, fulfillment constraint rules, shop preferences |
| Session data | Authentication tokens and session information required for app functionality |
| Application logs | Diagnostic information including shop identifiers, location IDs, and webhook events |
We do NOT directly collect or store personal information from your customers.
- Customer attributes (B2B status, tags) solely for order routing decisions
- Delivery preferences during checkout for location selection
- Order information to determine optimal fulfillment locations
No customer personal data is stored in our database.
- Webhook events: Tracking of webhook events (e.g., location updates, inventory changes) for app functionality
- Application logs: Server-side logs for debugging and performance monitoring
- No tracking cookies: We do not use cookies for tracking or analytics purposes
Legal Basis for Processing
We process your data on the following legal bases:
| Basis | Purpose |
|---|
| Contract performance | Processing necessary for the application usage contract |
| Legitimate interests | To improve our services and ensure application security |
| Legal obligation | To comply with our legal and regulatory obligations |
Purposes of Processing
We use the collected information to:
- Provide core app functionality including location management and order routing
- Synchronize data with Shopify’s platform
- Process fulfillment rules and routing decisions
- Display location maps and validate addresses
- Maintain app sessions and authentication
- Provide checkout UI extensions for customer location selection
- Debug issues and monitor application performance
- Improve app functionality and fix bugs
- Comply with legal obligations
Data Storage and Security
Location and Retention Period
| Data type | Retention |
|---|
| Database | Neon Postgres hosted in the EU with encryption at rest |
| Session data | Retained while subscription is active |
| Event logs | Webhook events retained for 90 days |
| Application logs | Diagnostic logs retained for 30 days |
| Metafield data | Follows Shopify’s data retention policies |
Most business data is stored in Shopify’s platform using metafields—minimal data is stored in Charlie’s database.
Security Measures
We implement industry-standard security measures:
- Encrypted connections (HTTPS/TLS)
- Secure authentication tokens via Shopify OAuth
- Regular security updates
- Access controls and monitoring
- Data encryption at rest and in transit
- No storage of sensitive payment information
Third-Party Services
We use the following third-party services:
| Service | Purpose |
|---|
| Shopify Platform | Core app functionality, data storage, and authentication |
| Google Maps API | Address validation, geocoding, and location display |
| Google Address Validation API | Verifying and standardizing addresses |
| Mapbox | Rendering interactive location maps |
| Neon Database | Secure data storage |
| Vercel | App hosting and deployment |
We do NOT use any third-party analytics, tracking, advertising, or email marketing services.
Data Sharing
We do NOT share your data:
- We do not sell, rent, or trade your information to third parties
- We do not share your data for marketing purposes
- We do not use your data for purposes other than providing app functionality
We may share information only when:
- Required by law or legal process
- Necessary to protect rights, safety, or property
- You explicitly consent to such sharing
International Transfers
Data may be transferred outside the European Union only when:
- Appropriate safeguards are in place (standard contractual clauses, adequacy decisions)
- The transfer is necessary for contract performance
- Services used have appropriate data protection measures
Your Rights (GDPR)
Under the GDPR, you have the following rights:
| Right | Description |
|---|
| Access | Obtain confirmation that your data is being processed and access this data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data under certain conditions |
| Restriction | Request restriction of processing under certain conditions |
| Data portability | Receive your data in a structured format |
| Object | Object to the processing of your data |
| Withdraw consent | Where processing is based on consent |
Shopify GDPR Webhooks
We comply with Shopify’s mandatory GDPR compliance webhooks:
| Webhook | Action |
|---|
| customers/data_request | We provide any processed customer data upon request |
| customers/redact | We delete any customer data upon request |
| shop/redact | We delete all shop data 48 hours after app uninstallation |
As we do not store customer personal data, these requests typically return no data.
Cookies and Tracking
- No tracking cookies: We do not use cookies for tracking, analytics, or advertising
- Session management: Authentication is handled through Shopify OAuth without cookies
- No third-party tracking: We do not use Google Analytics, Facebook Pixel, or any tracking services
Data Deletion
To delete all your data:
Uninstall Charlie
Go to your Shopify admin and uninstall the Charlie app.
Automatic deletion
This triggers automatic deletion of:
- All session data (immediate)
- All webhook event logs (within 48 hours)
- All location configurations stored in metafields
- All fulfillment rules
- Any stored preferences
Data deletion is permanent and cannot be reversed.
Children’s Privacy
Our app is not directed to children under 16. We do not knowingly collect information from children under 16 years of age.
Customer Interaction
Your customers may interact with Charlie through:
- Checkout UI extensions: For selecting pickup locations or delivery options
- Order routing: Their delivery preferences influence fulfillment decisions
We process this information solely to fulfill orders according to your configured rules.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through:
- Email to your registered shop email
- In-app notifications
- Update notices in the Shopify App Store
Continued use of the app after changes constitutes acceptance of the updated policy.
California Privacy Rights (CCPA)
For California residents:
- We do not sell personal information
- You have the right to know what personal information we collect
- You have the right to delete your personal information
- You have the right to opt-out of the sale of personal information (though we do not sell data)
- We will not discriminate against you for exercising your privacy rights
For any questions regarding data protection or to exercise your rights:
Email: [email protected]
Responsible: Rocco Ghrenassia
Company: AUTREMENT
By installing and using Charlie, you acknowledge that you have read, understood, and agree to this Privacy Policy. 
