Privacy Policy

StaffSignal ("we", "us", "our") is a Shopify notification application operated by TechnoBrains. Our service enables Shopify merchants to automatically notify their staff via Email, WhatsApp, Slack, and Microsoft Teams when important store events occur.

For privacy enquiries, contact us at: [email protected]

We collect the following categories of data when you install and use StaffSignal:

• Store Information: Your Shopify shop domain, store name, and email address provided during OAuth installation.
• Order Data: Order IDs, order numbers, and order status information received via Shopify webhooks. This data is used only to compose notification messages.
• Recipient Information: Names and contact details (email addresses, phone numbers, Slack IDs, Teams emails) of staff members you manually add to StaffSignal.
• Channel Configuration: API keys and webhook URLs for your chosen notification channels (SendGrid, Twilio, Slack, Teams). These are stored encrypted at rest.
• Notification Logs: A log of sent notifications including timestamp, event type, channel, recipient, and delivery status. Retained for 90 days.
• Billing Data: Subscription plan and billing status managed entirely through the Shopify Billing API. We do not store payment card details.

We use collected data exclusively to:

• Authenticate your Shopify store and maintain your session
• Receive Shopify webhook events and route them to your configured notification rules
• Deliver notifications to your staff via your chosen channels
• Display notification history and analytics on your dashboard
• Process your subscription via the Shopify Billing API
• Respond to support requests you initiate

We do not use your data for advertising, profiling, AI training, or any purpose not listed above.

StaffSignal accesses certain Shopify Protected Customer Data (order information including customer names and contact details) via webhooks for the sole purpose of composing staff notification messages. This data is:

• Processed in-memory and written to notification logs only as required
• Never shared with third parties beyond the notification delivery services you configure
• Purged from notification logs after 90 days
• Protected by HMAC signature verification on all incoming webhooks

StaffSignal acts as a conduit between Shopify and your chosen notification provider. Depending on your configuration, notification content may be transmitted to:

• SendGrid / SMTP provider — for email notifications
• Twilio — for WhatsApp notifications
• Slack — via your configured Incoming Webhook URL
• Microsoft Teams — via your configured Incoming Webhook URL
• Discord — via your configured Incoming Webhook URL
• Telegram — via the Telegram Bot API using your configured Bot Token

Each of these services has its own privacy policy. We only transmit data necessary to deliver the notification (recipient contact, event summary). We do not grant these services access to your full Shopify store data.

• All data is stored on servers within secured data centres with restricted access.
• API keys and webhook URLs are stored encrypted at rest using AES-256 encryption.
• All data in transit is protected by TLS 1.2+ (HTTPS).
• Shopify webhooks are verified using HMAC-SHA256 before processing.
• Access to production systems is restricted to authorised personnel only.

• Notification logs: 90 days from creation, then automatically purged.
• Store data: Retained while your store is active. Deleted within 30 days of app uninstallation upon request.
• Recipient and rule data: Retained until you delete it or uninstall the app.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about your store and staff
• Correct inaccurate data directly within the StaffSignal dashboard
• Delete your data by uninstalling the app and submitting a deletion request
• Restrict processing by disabling notification rules or channels
• Portability — export your notification logs via the dashboard

To exercise any of these rights, email us at [email protected].

In compliance with Shopify's requirements, StaffSignal responds to mandatory GDPR webhooks including:

• customers/data_request — we identify and report any stored customer data
• customers/redact — we delete personal data for the specified customer
• shop/redact — we delete all store data 48 hours after app uninstallation

The StaffSignal app itself (embedded in Shopify Admin) does not use cookies beyond those required by Shopify App Bridge for session management. Our marketing website uses no tracking or analytics cookies.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date above and, for material changes, notify active merchants via email. Continued use of StaffSignal after changes constitutes acceptance of the updated policy.

For any privacy-related questions or requests: