Privacy Policy
Last updated: April 1, 2026
PriceMaestro ("we", "us", "our") is a Shopify application operated by Tatemono. This Privacy Policy explains how we collect, use, and protect information when you use PriceMaestro (the "Service").
1. Information We Collect
1.1 Shopify Store Data
When you install PriceMaestro, we access the following data from your Shopify store through Shopify's API:
- Product data: Product titles, variants, SKUs, prices, compare-at prices, inventory quantities, collections, and vendor information.
- Market data: Market configurations, currencies, country assignments, and contextual pricing.
- Order data (aggregated): We access order line items (product/variant IDs, quantities, amounts) and shipping destination country codes to analyze sales performance by market. We do not store customer names, email addresses, phone numbers, or full addresses.
- Shop information: Store name, email, domain, currency, timezone, and Shopify plan.
1.2 User Identity
We collect the first name, last name, and email address of Shopify staff members who log into PriceMaestro. This is used for:
- Displaying who committed price changes (audit trail)
- Role-based access control (owner, admin, editor, viewer)
- Sending email notifications (commit confirmations, schedule alerts, weekly digest)
1.3 Data We Do NOT Collect
- Customer personal information (names, emails, phone numbers, full addresses)
- Payment or financial account information
- Browsing behavior or tracking cookies
- Data from other Shopify apps
2. How We Use Your Data
| Data |
Purpose |
Retention |
| Product prices & variants |
Display and edit prices across markets |
Cached up to 5 minutes; price history stored per plan |
| Price change history |
Audit trail, undo capability, price evolution charts |
Pro: 90 days; Business: unlimited; deleted on uninstall + 48h |
| Order line items + shipping country |
ABC product classification, revenue by market analysis |
Daily: 90 days; Weekly: 1 year; Monthly: 2 years |
| Staff identity (name, email) |
Audit trail, RBAC, email notifications |
Until app uninstall + 48h |
| Shop configuration |
App functionality (currency, timezone, markets) |
Until app uninstall + 48h |
3. Data Storage & Security
- Infrastructure: Data is stored on Hetzner Cloud servers in the EU (Germany). PostgreSQL database with encrypted storage. Redis cache with in-memory fallback.
- Encryption: All data in transit is encrypted via TLS/HTTPS. Shopify access tokens are encrypted at rest using AES-256-GCM.
- Access control: Database access is restricted to the application. No employee has direct access to customer data. The application enforces role-based access control (RBAC) for all operations.
- Backups: Database backups are encrypted and stored separately from the production environment.
4. Data Sharing
We do not sell, rent, or share your data with third parties, except:
- Shopify: We read from and write to your Shopify store via Shopify's API (price updates, product data).
- Resend: Email notifications are sent via Resend (resend.com). Only staff email addresses are shared for delivery purposes.
- Sentry: Error monitoring data (no customer data) is sent to Sentry for application reliability.
We do not use any advertising, analytics, or tracking services that access your store data.
5. Data Retention & Deletion
- Active use: Data is retained while the app is installed and your subscription is active.
- After uninstall: Your data is preserved for 48 hours to allow reinstallation without data loss. After 48 hours, Shopify sends a mandatory data erasure webhook and all data is permanently deleted, including: price history, commits, schedules, sourcing costs, sales data, API keys, user records, and shop configuration.
- Subscription expiry: If your subscription expires, data is retained but read-only. No new data is collected (sales, price sync). Data is only deleted on uninstall.
6. GDPR Compliance
We comply with Shopify's mandatory GDPR webhooks:
- Customer data request: We respond to data access requests. Since we do not store customer personal data, responses confirm no data is held.
- Customer data erasure: We respond to erasure requests. Since we do not store customer personal data, no deletion is required.
- Shop data erasure: All shop data is permanently deleted within 48 hours of app uninstall.
7. Your Rights
As a merchant using PriceMaestro, you can:
- Access your data: All your price history, commits, and settings are visible in the app dashboard.
- Export your data: Use the CSV export feature or the API to download your pricing data at any time.
- Delete your data: Uninstall the app — all data is permanently deleted after 48 hours.
- Manage notifications: Configure email notification preferences per user on the Account page.
- Control access: Manage team member roles (owner, admin, editor, viewer) on the Account page.
8. Cookies
PriceMaestro uses a single HTTP-only session cookie (pm_session) for authentication. This cookie:
- Contains an encrypted session identifier (shop ID, user role)
- Is set with
Secure and SameSite=Lax flags
- Expires after 14 days
- Is not used for tracking or analytics
We do not use any third-party cookies, tracking pixels, or analytics scripts.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to store administrators. The "Last updated" date at the top of this page indicates when this policy was last revised.
10. Contact
For privacy-related questions or concerns: