Privacy Policy

1. Who we are

Anvil ("we", "us") is a Shopify app for purchase order management. When you install Anvil on your Shopify store, we process data on your behalf to provide the service.

2. What data we collect

• From Shopify (via OAuth): shop domain, shop email, shop name, granted scopes, encrypted access token.
• Mirrored from Shopify: product catalog, variants, prices, inventory levels per location, locations, orders (for sales velocity), refunds.
• Created in Anvil: purchase orders, suppliers, supplier-product cost mappings, stock transfers, stock adjustments, valuation history, activity logs.
• Operational telemetry: errors via Sentry (no PII), background job traces via Inngest.

3. What we do NOT collect

• Customer personally identifiable information (we do not sync customer records from Shopify).
• Payment card information (handled by Shopify Billing).
• Browser tracking, advertising cookies, or third-party analytics.

4. How we use it

Solely to operate Anvil: rendering your dashboard, computing reorder suggestions, generating PO PDFs, sending PO emails to your suppliers (via Resend), writing inventory + cost back to Shopify, and producing reports. We do not sell, share, or use your data for advertising.

5. Sub-processors

Anvil uses these vendors to operate the service:

• Vercel — hosting
• Neon — Postgres database (encrypted at rest)
• Inngest — background job queue
• Resend — outbound email (PO emails to your suppliers)
• Sentry — error monitoring (no PII)

Shopify access tokens are encrypted at rest (AES-256-GCM) with key separation from application code.

6. Data retention + deletion

Your data is retained while Anvil is installed. On uninstall:

• Within seconds: shop is marked uninstalled; we stop processing new webhooks for it.
• Within 48 hours: Shopify fires the shop/redact webhook, at which point we hard-delete the shop record and all related data (purchase orders, suppliers, valuation layers, activity logs).

You can also request export of your data anytime via Settings → Data export.

7. GDPR + your rights

You (the merchant) and your end-customers have rights under GDPR and other privacy laws. Anvil:

• Processes Shopify's customers/data_request, customers/redact, and shop/redact webhooks within Shopify's 30-day SLA.
• Does not store customer PII, so most data subject requests are no-ops.
• Honors deletion via Shopify's standard uninstall flow.

8. Security

All data in transit uses TLS. All data at rest is encrypted in Postgres. Shopify access tokens use envelope encryption (AES-256-GCM) with key version tracking for rotation.

9. Contact

Email support@anvil.app for any privacy question, data export, or deletion request.