Privacy Statement — BackorderPro
Last updated: 1 June 2026
This Privacy Statement explains what data the BackorderPro app ("BackorderPro", "the app", "we", "us") processes, why we process it, how long we keep it, and the rights you and your customers have. BackorderPro is a Shopify app that helps merchants manage backorders, pre-orders, supplier feeds, purchasing advice, AI-assisted inventory analysis, and optional backorder/delivery-update emails.
Operator / data controller for the app: SnoekByte, Netherlands. Trading as SnoekByte.
Contact: support@snoekbyte.nl
1. Roles: who is responsible for what
- For the merchant's own store data and their customers' personal data, the merchant (the Shopify store owner who installs BackorderPro) is the data controller. BackorderPro acts as a data processor that processes this data on the merchant's behalf and only on their instructions (the settings they choose in the app).
- For account and operational data about the merchant (e.g. shop domain, subscription, support correspondence), SnoekByte acts as a controller.
If you are a shopper and have a question about your data, please contact the store you purchased from — they are the controller for your order data.
2. What data we process
2.1 Store & configuration data (merchant)
- Shopify shop domain and the access token/session needed to operate the app.
- App settings: timezones, schedules, delivery/pre-order settings, retention preferences, feature toggles, locale.
- Subscription/plan information synced from Shopify Billing.
- Supplier feed configuration and supplier credentials (FTP / form logins), which are encrypted at rest using AES-256-GCM.
2.2 Product & inventory data
- Variant-level metafields in the
snoek_bponamespace. - Product titles, SKUs, variant IDs, vendor names, prices, and inventory levels at the time of an order.
2.3 Backorder & sales data (optional — only when "Backorder Sales Tracking" is on)
- Order IDs and order numbers (e.g.
#1234). - Order line items, quantities, totals and currency.
- Inventory level at the time of order; what the customer saw at checkout (e.g. the pre-order/expected-stock message) and any promised delivery date.
We do not store customer names, phone numbers, shipping/billing addresses, or payment/card details.
2.4 Customer contact data (optional — only when you enable email notifications)
If, and only if, the merchant turns on backorder/delivery-update emails:
- The affected customer's email address, stored encrypted at rest.
- The customer's Shopify customer ID and locale (used to send the email in the right language).
- An email send log: recipient address, locale, which template was used, timestamp, and the email provider's message ID.
This data is used solely to send the merchant's backorder/delivery-update emails to that customer. It is never used for marketing, never sold, and never shared with the AI analysis feature. Access to customer contact data requires Shopify's approval for Protected Customer Data.
2.5 AI Analyze data (optional — only with explicit, revocable consent)
The AI Analyze feature produces a plain-language inventory report. It only runs after the merchant explicitly opts in, and consent can be revoked at any time. When enabled, the following aggregated, non-personal data is sent to our AI sub-processor (OpenAI) to generate the report:
- Aggregated product performance (titles, SKUs, vendor names, units sold while in vs. out of stock, sales velocity, suggested reorder quantities).
- Vendor reliability metrics (open/overdue backorder counts, configured lead times).
- The merchant's configuration (global rules, feed settings, pre-order and delivery settings) and aggregated backorder statistics.
No customer personal data (no names, emails, addresses, phone numbers), no individual orders or order numbers, and no payment data are ever sent to the AI model.
3. Why we process this data (purposes & legal bases)
| Purpose | Data used | Legal basis (GDPR Art. 6) |
|---|---|---|
| Provide core app functionality (inventory/backorder management, feeds) | 2.1–2.3 | Performance of a contract; legitimate interests |
| Show analytics, purchasing advice and pre-order insights | 2.2–2.3 | Performance of a contract; legitimate interests |
| Send backorder/delivery-update emails to customers | 2.4 | Merchant's instruction; controller's legal basis (typically legitimate interest or consent of the shopper, determined by the merchant) |
| Generate the optional AI inventory report | 2.5 | Consent (explicit opt-in in the app) |
| Billing, support, fraud/abuse prevention, security | 2.1, support data | Performance of a contract; legitimate interests; legal obligation |
We never sell personal data and never use it for advertising or profiling beyond providing the features described here.
4. Sub-processors
BackorderPro relies on the following sub-processors. Each only receives the data necessary to perform its function:
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Shopify | App platform; source of store, product, order and (with approval) customer data | Store, product, order and customer data as authorised by the merchant |
| Fly.io | Application hosting & database (EU region, Amsterdam) | All data at rest, used to run the app |
| OpenAI | AI Analyze report generation (model: gpt-4o-mini) | Only the aggregated, non-personal data in section 2.5, and only with consent. Per OpenAI's API data-usage policy, API data is not used to train their models |
| Resend | Sending backorder/delivery-update emails (only when enabled) | Recipient email address and email content |
5. Data retention
- Backorder sales data, product sale events and execution logs are retained for a configurable window of 3–24 months (default 24 months), which the merchant sets in Settings → Data & Privacy. The plan may impose a maximum window.
- Old data beyond the retention window is automatically deleted by a daily cleanup job.
- Merchants can delete all backorder data at any time from the Settings page.
- Customer email addresses and customer IDs live on the backorder-sale records; deleting those records (via retention, manual purge, or a redaction request) removes the stored email.
- When the app is uninstalled, all shop data is deleted (within Shopify's required window) in response to the
shop/redactwebhook.
6. Security
- Data is hosted on Fly.io infrastructure in the EU (Amsterdam region).
- Supplier credentials and stored customer email addresses are encrypted at rest using AES-256-GCM.
- Data in transit is protected with TLS/HTTPS.
- Access tokens and session data are stored securely and scoped to each shop.
- Access to production data is limited to what is necessary to operate and support the app.
No method of transmission or storage is 100% secure; we work to protect data using industry-standard measures and continuously improve our safeguards.
7. International transfers
The app and its primary database are hosted in the EU. Some sub-processors (e.g. OpenAI, Resend) may process data outside the EU/EEA. Where that is the case, transfers are made under an appropriate safeguard such as the EU Standard Contractual Clauses or an adequacy decision.
8. Your rights (data subjects)
Depending on your location (e.g. under the GDPR), you may have the right to: access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent at any time. For AI Analyze, consent can be withdrawn directly in the app (Analyze → AI Analyze → Revoke consent).
- Shoppers: please contact the store you bought from; they are the controller of your order data.
- Merchants: contact us at support@snoekbyte.nl.
BackorderPro fully supports Shopify's mandatory privacy webhooks:
customers/data_request— we provide the merchant with the data we hold that is linkable to the requested orders.customers/redact— we delete the customer-linkable backorder records (and the email addresses they contain) for the supplied orders.shop/redact— we delete all data for the shop after uninstall.
9. Children's data
BackorderPro is a business tool for merchants and is not directed at children. We do not knowingly process children's personal data.
10. Changes to this statement
We may update this Privacy Statement to reflect changes in the app or in legal requirements. The "Last updated" date at the top indicates the latest revision. Material changes will be communicated through the app where appropriate.
11. Contact
Questions about this Privacy Statement or BackorderPro's data practices:
SnoekByte — support@snoekbyte.nl
Website: https://snoekbyte.nl