Privacy Policy

RepairTracker Last updated: April 10, 2026 Contact: support@tracker.repair

This Privacy Policy describes how RepairTracker (“we”, “us”, “our”) collects, uses, and shares personal information when you install and use our application through the Shopify platform.

1. Information We Collect

Information from Shopify

When you install RepairTracker, we receive the following from Shopify:

Shop information: Store name, domain, currency, and locale settings
Billing information: Subscription status (managed entirely by Shopify)
Session data: Staff name, email, and locale for authentication purposes, managed by the Shopify session framework

We request the following Shopify API scopes: read_draft_orders, write_draft_orders, read_orders, read_products, write_files. We do not request access to Shopify customer data (read_customers or write_customers).

Information you provide

When you or your staff use RepairTracker, you may enter:

Customer information: First name, last name, email address, phone number, mailing address (street, city, state/province, postal code, country), preferred language, and contact consent preferences
Repair ticket information: Item descriptions, issue descriptions, condition notes, brand, serial/model numbers, quoted/final prices, payment status, photos, parts used, technician notes, and activity logs
Staff information: Technician names
Shop settings: Business name, ticket prefix, categories, status workflows, email templates, locale, and timezone

Information from your customers

If you enable the customer portal, your customers may submit:

Their name, email address, phone number, and mailing address
A description of the item and issue for repair
Contact consent preferences

Photos

Photos uploaded through RepairTracker are stored via the Shopify Files API on Shopify’s infrastructure. We do not store photo files on our own servers.

2. How We Use Information and Lawful Basis

We process personal data for the following purposes and on the following legal bases:

Purpose	Lawful Basis (GDPR)
Delivering RepairTracker functionality to merchants (ticket management, dashboard, settings)	Performance of a contract (Art. 6(1)(b))
Processing end-customer data for repair ticket management	Legitimate interests of the merchant in managing repair operations (Art. 6(1)(f))
Sending status notification emails to end customers	Consent obtained by the merchant via the contact consent checkbox (Art. 6(1)(a))
Generating dashboard metrics and reports	Legitimate interests (Art. 6(1)(f))
Managing billing and feature access	Performance of a contract (Art. 6(1)(b))

We do not:

Sell or share personal information to/with third parties for advertising or marketing
Use personal information for any purpose other than providing the RepairTracker service
Make automated decisions with legal or similarly significant effects based on personal data

We share personal information only in the following circumstances:

Resend (email delivery): Customer email addresses and names are shared with Resend solely to deliver status notification emails on your behalf. Resend acts as a sub-processor. Email delivery logs are retained by Resend in accordance with their data retention policies. See Resend’s privacy policy.
Fly.io (hosting): Application data is hosted on Fly.io infrastructure. Fly.io acts as a sub-processor and processes data only as necessary to provide hosting services. See Fly.io’s privacy policy.
Shopify: We operate within the Shopify platform and are subject to Shopify’s terms. See Shopify’s privacy policy.
Legal requirements: We may disclose information if required by law, regulation, or legal process.

4. Data Storage and Security

Repair ticket data, customer records, and shop settings are stored in our application database hosted on Fly.io
Photos are stored on Shopify’s infrastructure via the Shopify Files API
All data is transmitted over encrypted connections (HTTPS/TLS)
Access to your data is scoped to your shop — other merchants cannot access your data

5. Data Processing Location

RepairTracker is operated from the United States. Your data is stored and processed on Fly.io infrastructure in the United States.

For transfers of personal data from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States, we rely on the EU-U.S. Data Privacy Framework (where applicable) and the European Commission’s Standard Contractual Clauses (Decision 2021/914). We conduct transfer impact assessments for transfers to jurisdictions without an adequacy decision.

6. Data Retention

Active shops: We retain your data for as long as RepairTracker is installed on your shop
After uninstall: We initiate deletion of all shop data immediately upon uninstall. Shopify sends a follow-up deletion request within 48 hours, which we process as a safety measure. Deleted data includes all customer records, tickets, settings, and technician information.
Customer data redaction: When a customer requests deletion of their personal data through Shopify, we anonymize their customer record and associated activity log entries within 30 days
Archived tickets: Closed and cancelled tickets are archived and retained for the duration of the app installation. Merchants may manually delete individual tickets at any time.
Application logs: Server logs that may contain personal data are retained for 30 days on a rolling basis

See our Data Retention Policy for more details.

7. Your Rights

Depending on your jurisdiction, you or your customers may have the following rights:

Access the personal data we hold (GDPR Art. 15, CCPA Sec. 1798.100)
Correct inaccurate personal data (GDPR Art. 16)
Delete personal data, subject to legitimate business retention needs (GDPR Art. 17, CCPA Sec. 1798.105)
Export personal data in a portable format (GDPR Art. 20)
Restrict the processing of your personal data in certain circumstances (GDPR Art. 18)
Object to processing based on legitimate interests (GDPR Art. 21)
Withdraw consent for contact communications at any time, without affecting the lawfulness of processing before withdrawal (GDPR Art. 7(3))
Lodge a complaint with your local data protection supervisory authority (GDPR Art. 77)

RepairTracker does not make automated decisions with legal or similarly significant effects based on personal data (GDPR Art. 22).

To exercise these rights, contact us at support@tracker.repair or use the data management features in your Shopify admin.

8. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights.

Categories of personal information we collect:

Identifiers: Name, email address, phone number, mailing address
Commercial information: Repair ticket details, pricing, payment status
Internet or electronic network activity: App usage within the Shopify admin (session data)

Your rights:

Right to know: You may request the categories and specific pieces of personal information we have collected
Right to delete: You may request deletion of your personal information
Right to correct: You may request correction of inaccurate personal information
Right to non-discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell or share your personal information as those terms are defined by the CCPA/CPRA. Because we do not sell or share personal information, no “Do Not Sell or Share My Personal Information” opt-out is required. We do not collect sensitive personal information as defined by the CPRA. We do not offer financial incentives related to the collection of personal information.

9. Cookies and Tracking

RepairTracker does not use cookies, tracking pixels, or analytics tools on the customer portal or within the application. Within the Shopify admin, any cookies present are set by Shopify’s session management, not by RepairTracker.

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected merchants without undue delay and no later than 72 hours after becoming aware of the breach. We will assist merchants in meeting their obligations to notify supervisory authorities and data subjects as required under GDPR Articles 33 and 34.

11. Data Processing Agreement

RepairTracker acts as a data processor on behalf of the merchant (the data controller) for end-customer personal data. Our processing is governed by the terms set forth in our Data Processing Agreement, available upon request at support@tracker.repair. These terms include appropriate technical and organizational measures as required by GDPR Article 28.

12. Children’s Privacy

RepairTracker is a business tool for merchants and is not directed at children under the age of 16. We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice within the application at least 30 days before changes take effect. If changes materially affect how we process personal data, we will seek renewed consent where consent is the lawful basis for processing.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: support@tracker.repair Website: https://tracker.repair

For users in the European Economic Area who wish to exercise their GDPR rights, you may also contact your local data protection supervisory authority.