Privacy Policy
Last updated: February 8, 2026 · Stockist Map Sync by Plynthr
Overview
Stockist Map Sync ("the App") is a Shopify application that helps merchants display their tagged customers (stockists, retailers, dealers) on an interactive map embedded in their online store. This privacy policy explains what data the App collects, how it is used, and how it is protected.
What Data We Collect
From Merchants (Shopify Store Owners)
- Shop domain and basic store information (provided by Shopify during app installation)
- App settings configured by the merchant (customer tags, map display preferences)
From Customers (Tagged by the Merchant)
When a merchant tags a customer with a configured sync tag (e.g., "stockist"), the App reads the following customer data from Shopify:
- Name (display name)
- Email address
- Phone number
- Default address (street address, city, province/state, country, postal code)
- Customer tags
This data is used solely to geocode the customer's address and display their location on the storefront map.
From Storefront Visitors
The App does not collect any personal data from visitors who view the map on the storefront. Map tiles are served by OpenStreetMap. OpenStreetMap's own privacy policy applies to the use of their tile services.
How We Use Data
- Geocoding: Customer addresses are sent to the Google Geocoding API to convert them into geographic coordinates (latitude and longitude) for map display.
- Map display: Customer names, addresses, phone numbers, and coordinates are served to the storefront map so visitors can find nearby locations.
- Sync management: We store sync logs (timestamps, counts) to help merchants monitor their data synchronisation.
We do not:
- Sell, rent, or share customer data with third parties
- Use customer data for marketing or advertising
- Track or profile storefront visitors
- Store payment information (billing is handled entirely by Shopify)
Data Storage
- App data is stored in a PostgreSQL database hosted on Fly.io (Sydney, Australia region).
- Data is encrypted in transit (TLS/SSL).
- Access to the database is restricted to the application only.
Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Shopify | App platform, authentication, billing | Shop domain, session tokens |
| Google Maps Platform | Geocoding addresses | Customer addresses (for geocoding) |
| OpenStreetMap | Map tile display | None (tiles loaded client-side) |
| Fly.io | Application and database hosting | All app data is stored here |
Each service has its own privacy policy:
- Shopify: shopify.com/legal/privacy
- Google: policies.google.com/privacy
- OpenStreetMap: osmfoundation.org/wiki/Privacy_Policy
- Fly.io: fly.io/legal/privacy-policy
Data Retention
- Customer location data is retained as long as the merchant has the App installed and the customer remains tagged.
- When a customer's sync tag is removed, their location data is automatically deleted from the App.
- When the App is uninstalled, all data associated with that shop (settings, locations, sync logs) is permanently deleted within 48 hours via Shopify's shop/redact webhook.
Data Deletion Requests
- Merchants can delete all their data by uninstalling the App.
- Customers can request data deletion through the merchant, who can remove the sync tag or delete the customer from Shopify. The App responds to Shopify's customers/redact webhook to automatically delete customer data when requested.
Merchant Responsibilities
Merchants using the App are responsible for:
- Ensuring they have appropriate consent or legal basis to display customer information on their storefront map
- Configuring which customer data fields are publicly visible
- Complying with applicable privacy laws (GDPR, CCPA, etc.) in their jurisdiction
GDPR Compliance
The App supports the following GDPR rights:
- Right to access: Merchants can view all stored customer data in the App dashboard.
- Right to erasure: Customer data is automatically deleted when the sync tag is removed, the customer is deleted from Shopify, or the App is uninstalled.
- Right to data portability: Location data is available via the App's API in JSON format.
- Data processing agreement: The App processes customer data only as directed by the merchant (data processor role).
Changes to This Policy
We may update this privacy policy from time to time. We will notify merchants of significant changes through the App or via email.
Contact
For privacy-related questions or requests:
Plynthr
Email: privacy@plynthr.com
Website: plynthr.com