Morning Ops collects data needed to authenticate your store, generate performance briefings, and deliver insights aligned with our access scopes.

Merchant and store data

• Your Shopify store domain plus OAuth credentials (access token stored for API access consistent with Shopify session handling)
• Embedded app session details provided by Shopify (for example name, email, and locale where Shopify supplies them)
• Billing and subscription identifiers and status synced from Shopify’s billing APIs where applicable
• Administrative and operational preferences such as briefing delivery times and notification settings

Store performance data

• Aggregated sales and order data (for example revenue, order counts, and average order value) used to generate your briefings
• Product and inventory status (for example low stock alerts or product performance metrics)
• Customer engagement metrics (for example new vs returning customer counts)
• Usage counters relating to briefing generation and email delivery for operational purposes

We do not use Morning Ops to collect storefront customer names, mailing addresses, or payment card data. Checkout and payments are handled by Shopify and your payment providers.

We use the data we collect to operate Morning Ops:

• Authenticate admins and securely call Shopify’s Admin API within the scopes your store grants
• Generate daily and weekly briefings based on your store's performance data
• Send email notifications and briefings to the configured recipient addresses
• Provide in-app dashboards and performance summaries
• Enforce subscription or plan gates and reflect billing status
• Honor Shopify mandatory webhooks and maintain service reliability

We do not sell, rent, share, or trade merchant or storefront-shopper personal data with third parties for advertising, marketing, or unrelated commercial purposes.

Morning Ops sends operational emails (briefings and alerts) to you as a merchant. We do not send promotional email to your customers. Subscription and billing-related communications from Shopify appear according to Shopify’s policies.

Support

If you email us for help, we use your message and address only to reply. We do not add you to marketing lists solely because you contacted support.

Application data is stored in PostgreSQL on secure cloud infrastructure. We implement common safeguards including:

• Encrypted connections (HTTPS/TLS) between clients and our servers
• Secure OAuth flows and API usage through Shopify
• Secrets and credentials handled via deployment environment controls
• Database access constrained to components that require it

We do not store customer payment card information; app billing is processed through Shopify where applicable.

We retain merchant configuration and briefing history for your shop for as long as Morning Ops remains installed and your shop record exists in our system. When you uninstall the app, we remove sessions and delete shop-scoped application data in line with our implementation. When Shopify sends the mandatory shop/redact webhook, we delete sessions and purge the shop’s application database record (and related rows through our data model). Our performance analytics are aggregated and are not keyed by storefront customer or order identifier in the application database; mandatory customers/redact deliveries are acknowledged accordingly. You may request assistance with deletion or privacy questions by contacting us at [email protected]

Morning Ops is designed to meet Shopify’s mandatory privacy expectations. We subscribe to compliance webhooks, including:

• customers/data_request — we acknowledge requests; we do not maintain per-customer personal data stores in our application database for Morning Ops features beyond the merchant and aggregated analytics described above
• customers/redact — we acknowledge customer redaction events; our performance analytics are not stored keyed by customer or order ID in the app database
• shop/redact — we delete sessions and remove the shop and associated application data as required after uninstall or erasure

Where the GDPR applies, merchants remain the controller for their end-customers’ personal data; Morning Ops processes merchant and store data as needed to deliver the application on your instructions.

Morning Ops relies on:

• Shopify APIs and platform services — to read store data, handle billing, and manage app authentication within granted scopes
• Cloud hosting — to run the application and databases
• Email service providers — to deliver briefings and alerts to your inbox

Subprocessors host and operate infrastructure only as needed to run the service.

The embedded Morning Ops admin runs inside Shopify; session and security cookies follow Shopify’s practices described in Shopify’s documentation. This standalone policy page does not set marketing cookies or third-party advertising scripts.

As a merchant, you can:

• Configure or disable briefing delivery and notification settings within the app
• Uninstall Morning Ops to stop future processing associated with the app (Shopify and our compliance handlers perform additional erasure steps as described above)
• Contact us for privacy questions or assistance related to our records

We may update this privacy policy to reflect changes in our practices, technology, or legal requirements. We will revise the “Last updated” date on this page when we do. Continued use of the app after updates constitutes acceptance of the revised policy where permitted by law. We may notify you of material changes through the app or by email when appropriate.

If you have questions about this privacy policy or Morning Ops data practices, contact:

Apps Alchemy
[email protected]

We aim to respond to privacy-related inquiries promptly.