Legal
Privacy Policy
Last updated: 10 July 2026
This policy explains how Nitor d.o.o. ("Nitor", "we", "us") collects, uses, and protects personal data when a merchant installs the Back in Stock app on their Shopify store, and when a shopper subscribes through that store to be notified when a product returns to stock. If anything is unclear, email us at info@nitor-digital.com.
Who is responsible for your data
The data controller under the General Data Protection Regulation (EU 2016/679) is:
- Nitor d.o.o.
- Jurkovićeva 23, 10000 Zagreb, Croatia
- OIB: 05545524771
- Email: info@nitor-digital.com
When a merchant installs Back in Stock on their Shopify store, we act as the merchant's data processor for buyer personal data — the merchant remains the controller of their own customer relationships. For our own operational data (merchant account, billing, technical logs) we act as controller.
What we collect
From Shopify's APIs
- Shop identifiers: store domain (e.g.
example.myshopify.com), shop name, currency. - An offline OAuth access token so the app can call Shopify on the merchant's behalf. Tokens are stored encrypted at rest and rotated on Shopify's schedule.
- Product and variant metadata (title, handle, image URL, price) fetched at the moment a restock notification is sent — never cached longer than the send itself.
- Inventory-level changes, delivered by webhook, used to decide whether a subscribed variant is back in stock.
- Order data delivered by the
orders/createwebhook — buyer email, order id, order total, line items, and the landing URL. Used only for conversion attribution (matching an order to a prior notification).
From the merchant's customers (shoppers)
- Email address, submitted through the "Notify me when back in stock" form on the merchant's storefront.
- The Shopify variant ID the shopper subscribed to, plus opt-in and notification timestamps and delivery state (pending, notified, converted, unsubscribed, bounced).
We do not collect names, phone numbers, addresses, payment details, browsing behavior, or any other personal data from shoppers. We do not set cookies or run tracking pixels on the merchant's storefront.
From the merchant
- App configuration entered in the admin (email copy, sender name, subscription button text) — no personal data unless the merchant enters some.
- A single notification email address used to forward Shopify's
customers/data_requestwebhook payloads to the merchant.
Why we use it and on what legal basis
- To send the shopper the notification they signed up for. Legal basis: Article 6(1)(a) GDPR — the shopper's consent given by submitting the form.
- To suppress future sends to addresses that have unsubscribed, bounced permanently, or complained. Legal basis: Article 6(1)(f) GDPR — legitimate interest in protecting our sending reputation and respecting shopper choices.
- To attribute an order to a prior notification (so the merchant can measure the value of the app). Legal basis: Article 6(1)(f) GDPR — legitimate interest in measuring service effectiveness. The match uses only pseudonymous identifiers (a subscription id in a URL query parameter, or a shopper email plus a 14-day window on the subscribed variant).
- To deliver the app to the merchant and enforce plan quotas. Legal basis: Article 6(1)(b) GDPR — performance of the merchant contract.
- To respond to Shopify's mandatory compliance webhooks and to meet tax/accounting record-keeping obligations. Legal basis: Article 6(1)(c) GDPR — compliance with a legal obligation.
Who we share it with
We never sell personal data. We share it only with a small number of service providers that operate the app:
- Shopify Inc. (Canada) — the platform the merchant runs their store on and the source of shop, product, inventory, and order data.
- Google LLC (data stored in Frankfurt, Germany) — hosts the app on Google Cloud Run.
- Neon Inc. (data stored in Frankfurt, Germany) — provides the Postgres database that stores subscriber and configuration data.
- Resend, Inc. (United States) — delivers the back-in-stock notification email to the shopper.
Each provider acts as our data processor (or sub-processor) under a written agreement and is contractually bound to handle personal data only on our instructions.
International transfers
Primary storage and processing happens in the European Economic Area (Frankfurt, Germany). Resend and Shopify are established outside the EEA, so notification email delivery and Shopify platform data involve transfers to those countries. These transfers are protected by the Standard Contractual Clauses approved by the European Commission and, where applicable, the providers' certification under the EU–US Data Privacy Framework.
How long we keep it
- Subscriber recordsare kept while the subscription is active (pending, notified, or converted) and while the merchant's app install is active. An unsubscribe or a permanent bounce moves the record to a suppressed state that is retained only to prevent future sends.
- Notification audit records (which email was sent for which subscription) are kept for the duration of the merchant's install for accounting and anti-abuse purposes.
- Merchant account and configuration are kept while the app is installed. Billing-related records are retained for the period required by Croatian tax and accounting law (typically up to 11 years).
- Server logs (technical request data) are retained for a short period — usually a few hours to a few days — by our hosting provider.
When Shopify sends us a customers/redact or shop/redactwebhook, we delete the relevant records within Shopify's stated window. When a merchant uninstalls the app, we stop collecting new data immediately and delete their store's data on receipt of the shop/redact webhook (Shopify sends this 48 hours after uninstall).
How shoppers can opt out
A shopper can withdraw consent at any time by emailing info@nitor-digital.com or by asking the store they subscribed on to submit a data erasure request through Shopify. In either case we delete the subscription and add the email to our suppression list so no further notifications are sent.
Shopify compliance webhooks
As required by the Shopify App Store, the app subscribes to and responds to the three mandatory compliance webhooks:
customers/data_request— we forward the request to the merchant so they can respond to the shopper with the personal data we hold. We hold only the shopper's email address, subscribed variant id, and timestamps.customers/redact— we delete the shopper's subscriber records and audit rows.shop/redact— we delete all of the merchant's data, including subscribers, configuration, and audit records.
Your rights
Under GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased;
- restrict or object to our processing of your data;
- receive your data in a portable, machine-readable format;
- withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, email info@nitor-digital.com. We'll reply within 30 days. If you're outside the EU, you can exercise the same rights through the same address.
If you believe we've mishandled your data, you have the right to lodge a complaint with the Croatian supervisory authority — Agencija za zaštitu osobnih podataka (AZOP), azop.hr — or with the supervisory authority of your country of residence.
Children
The Back in Stock app is intended for use by Shopify merchants and adult shoppers. We do not knowingly collect personal data from anyone under 16.
Changes to this policy
If we make a meaningful change to how we handle data, we will update this page and revise the "last updated" date above. Changes apply to data collected after the update date. Material changes affecting existing subscribers will be announced through the merchant admin.
Contact
Questions about this policy or about your data? Email info@nitor-digital.com.