TagTier
Sign in Add to Shopify

Legal

Privacy Policy

How TagTier collects, uses, and protects information when you visit our site, install our Shopify app, or otherwise interact with us.

Effective: · Last updated:

This Privacy Policy describes how TagTier ("we," "us," or "our") collects, uses, and shares information when you visit https://tagtier.com (the "Site"), install our Shopify application (the "App"), or otherwise interact with us. By using the Site or the App, you agree to the practices described here.

Plain-English summary: TagTier is a Shopify app that maps customer tags to prices. To do that, we need limited access to your store's customer, product, order, and discount data — only what's required to make the App work. We don't sell your data, we don't use it for advertising, and we delete it when you uninstall.

1. Who we are

TagTier is operated by [Your Legal Entity Name], [registered address], [country of registration].

Contact for privacy matters: privacy@tagtier.com
General contact: hello@tagtier.com

If you are in the EU/UK, you may also reach our EU/UK representative at [EU Representative Name + Address] (required if we serve EU/UK merchants and have no EU establishment — see GDPR Art. 27 / UK GDPR Art. 27).

2. Information we collect

2.1 Information from you (Site visitors)

  • Contact form / email: name, email, message content, company name (if provided).
  • Demo bookings: name, email, company, scheduling metadata.
  • Cookies and analytics: see Section 8 and our Cookie Policy.

2.2 Information from merchants (App users)

When you install the App, Shopify grants us access to the following scopes only:

  • Customer data: customer ID, email, tags, account creation date. We use tags to determine which pricing tier applies. We do not access addresses, payment methods, or order history beyond what's needed to apply pricing rules.
  • Product data: product ID, variant ID, base price, inventory levels (for child-product inventory feature). We do not modify product content.
  • Order data: line item prices and order metadata, used solely to write the resolved price into the order so refunds, fulfillments, and reporting work correctly.
  • Discount and pricing data: to create and manage the hidden child variants and tag-driven rules that apply your tier-based pricing.
  • Store metadata: store name, plan, primary domain, locale.
  • Merchant account info: the email and name of the staff who installed the App.

2.3 Information from end-shoppers

TagTier resolves the tagged customer's tier by swapping the parent variant for a hidden child variant via a theme block + App Proxy callback. We receive a small, non-identifying payload (shop domain, customer tag, parent variant ID) to return the correct child variant ID. We do not store shopper personal data on our servers. Aggregated, non-identifying telemetry (e.g., "rule X matched 412 times today") powers the merchant analytics dashboard.

2.4 Automatically collected technical data

When you use the App admin or Site, we collect technical information including IP address, browser type, device identifiers, log data, and usage events.

3. How we use information

We use information to:

  • Provide, operate, and improve the App and Site
  • Authenticate merchants via Shopify's OAuth
  • Apply tag-based pricing rules to orders and checkouts
  • Maintain audit logs and rollback functionality (a core feature)
  • Provide customer support and respond to inquiries
  • Send transactional emails (install confirmations, billing receipts, security notices)
  • Send product updates and marketing communications (only if you opt in; you can unsubscribe at any time)
  • Detect, prevent, and respond to fraud, abuse, and security incidents
  • Comply with legal obligations (tax, accounting, lawful requests)

4. Legal bases for processing (EU/UK merchants)

Under the GDPR and UK GDPR, we rely on the following legal bases:

  • Performance of a contract — to provide the App and Site you've signed up for
  • Legitimate interests — to secure, improve, and market our products responsibly
  • Consent — for non-essential cookies and marketing emails (you can withdraw at any time)
  • Legal obligation — to comply with tax, accounting, and law enforcement obligations

5. How we share information

We do not sell your personal information.

We share data only in these limited cases:

RecipientPurposeExample
Shopify Inc.The App runs on Shopify; data flows are necessaryAdmin API, App Proxy, Billing API
IONOS Cloud (US)Hosts our application, database, and logs on a US-region VPSBackend, frontend, Postgres
Optional analytics (only with your consent)Aggregate site analytics on the marketing pagesGoogle Tag Manager (with GA4 + Consent Mode v2), Microsoft Clarity
Other subprocessorsTransactional email and similar limited purposesSee current list at /subprocessors
Professional advisorsLegal, accounting, auditLawyers, accountants under NDA
AuthoritiesWhere required by valid legal processCourt orders, subpoenas
AcquirerIf TagTier is acquired or mergedWe'll notify you and you can object

A current list of subprocessors is maintained at https://tagtier.com/subprocessors.

6. International transfers

Our hosting infrastructure (IONOS Cloud) is located in the United States. If you're in the EU/UK, your data is therefore transferred to the US. We rely on Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum to provide appropriate safeguards for those transfers. You can request a copy of the safeguards by emailing privacy@tagtier.com.

7. Data retention

  • Merchant data is retained while you have the App installed.
  • Within 30 days of uninstall, we delete merchant operational data (rules, audit logs, customer/product references) from active systems.
  • Backup retention: up to 90 days, after which deletion is final.
  • Anonymous aggregated analytics (with no personal identifiers) may be retained indefinitely.
  • Billing and tax records are retained for the period required by applicable law (typically 7 years).

You can request earlier deletion at any time by emailing privacy@tagtier.com.

8. Cookies and tracking

The Site uses cookies and similar technologies. Strictly necessary cookies are always on. Analytics and marketing cookies require your consent (via our cookie banner). Full details are in our Cookie Policy.

9. Your rights

EU / UK (GDPR / UK GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your supervisory authority (e.g., your country's Data Protection Authority, or the UK ICO at ico.org.uk)

California (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect, use, and share
  • Request deletion of your personal information
  • Request correction of inaccurate personal information
  • Opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising)
  • Non-discrimination for exercising your rights

To exercise any rights, email privacy@tagtier.com. We'll respond within the timeframes required by applicable law (typically 30 days for GDPR/UK GDPR, 45 days for CCPA).

Authorized agents

You may designate an authorized agent. We will verify the agent's authority before responding.

10. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, audit logging, and regular security reviews. No system is 100% secure, but we'll notify affected merchants and authorities of confirmed personal-data breaches as required by law.

11. Children's data

The App and Site are intended for businesses, not consumers. We do not knowingly collect data from anyone under 16. If you believe a child has provided us data, contact us and we'll delete it.

12. Third-party links

The Site and our help content may link to third-party services (Shopify, Recharge, payment processors, etc.). Their privacy practices are governed by their own policies.

13. Changes to this policy

We may update this policy from time to time. Material changes will be announced via in-app notice or email at least 14 days before they take effect, and the "Last updated" date above will reflect the change.

14. Contact

For privacy questions, requests, or complaints:

TagTier Privacy Team
Email: privacy@tagtier.com
Postal: [Your registered address]

Important: This policy is a starting template tailored to TagTier as a Shopify app. It is not legal advice. Please have a qualified attorney in your jurisdiction review it before publishing, particularly the entity name, registered address, EU representative, retention periods, and subprocessor list.