Privacy Policy

Last updated: 2 May 2026

This Privacy Policy explains how Oriens ("we", "our", "us") collects, stores, uses, and protects data when you use the Oriens Shopify app and website (oriens.app). By installing the app or using our website, you agree to this policy.

1. What data we collect

When you install Oriens from the Shopify App Store, we receive access to:

  • Your Shopify store's product catalog (product IDs, variant IDs, prices, and price change events)
  • Your shop's domain, currency, and markets configuration
  • Order data used to correlate pricing with conversion — anonymized and aggregated

When your customers use the price alert widget on your storefront, we collect:

  • Customer email address (only when a customer submits a price alert subscription)
  • The product or variant they subscribed to
  • The price at time of subscription

We do not collect payment card data, personal addresses, or any data beyond what is needed to provide the service.

2. How data is stored

All data is stored on Supabase infrastructure hosted in the EU (Frankfurt, Germany). Data is encrypted at rest (AES-256) and in transit (TLS 1.3). We do not store data outside the EU.

3. How long data is retained

  • Price history data is retained for as long as your subscription is active plus 30 days after uninstall.
  • Customer email addresses collected for price alerts are retained until the customer unsubscribes, or until you delete them from the Oriens dashboard, or until you uninstall the app (whichever comes first).
  • After uninstalling, all data is permanently deleted within 30 days unless you request earlier deletion.

4. Your GDPR rights

If you or your customers are in the EU or UK, you have the following rights under GDPR:

  • Right of access — request a copy of all data we hold about you or your store
  • Right to erasure — request permanent deletion of your data at any time
  • Right to portability — export your price history as CSV from inside the app at any time
  • Right to rectification — request correction of inaccurate data
  • Right to object — object to certain types of processing

To exercise any of these rights, email privacy@oriens.app. We will respond within 30 days.

5. Customer data and GDPR for merchants

When your customers subscribe to price alerts, their email addresses are processed by Oriens on your behalf. Under GDPR, you are the data controller and Oriens is the data processor. You are responsible for:

  • Obtaining valid consent from your customers before they subscribe
  • Including Oriens as a data processor in your own privacy policy
  • Responding to your customers' data subject access requests

Oriens provides a Data Processing Agreement (DPA) on request at privacy@oriens.app.

6. Data processor relationships

We use the following sub-processors to deliver the service:

  • Shopify — our distribution platform and source of product/price data
  • Supabase — database and storage (EU region, Frankfurt)
  • Resend — transactional email delivery for price drop alerts
  • Google Cloud — AI/ML inference for pricing recommendations (Growth plan only)
  • Cloudflare — DNS, CDN, and privacy-first website analytics (no cookies)

7. Cookies and tracking

The Oriens marketing website (oriens.app) uses Cloudflare Web Analytics, which is privacy-first, cookie-free, and GDPR compliant by default. We do not use Google Analytics, Facebook Pixel, or any other tracking scripts on the marketing website. No cookie consent banner is required.

The Oriens Shopify app itself does not set any cookies on your customers' browsers.

8. Contact

For privacy enquiries: privacy@oriens.app

We aim to respond to all privacy requests within 30 days.