Ops Console — Privacy notice
This notice covers data processing specific to the Ops Console Shopify app. The sico-wide privacy notice applies in addition.
1. What data we collect
When you install Ops Console, we receive and store the following data from your Shopify store via the Shopify Admin API:
- Shop identity — shop domain, shop name, currency, timezone.
- Orders — order IDs, line items, channel attribution, fulfilment status, and financial summaries. We do not store end-customer names, addresses, or payment details.
- Products and variants — product titles, SKUs, variant IDs, and inventory levels from connected locations.
- COGS and margin data — cost-of-goods entries you create or import within the app.
- Purchase orders and suppliers — supplier names, contact emails, and PO line items you create within the app.
If you connect optional integrations, we additionally store:
- Encrypted OAuth tokens for Google Ads, Meta Ads, Klaviyo, Xero, and QuickBooks — used only to pull attribution and accounting data on your behalf.
- Aggregated ad-spend and attribution data pulled via those tokens.
2. Legal basis
Processing is necessary to perform the contract you entered when installing the app (UK GDPR Art. 6(1)(b)). Optional integration data is processed on the basis of your consent, which you give by connecting the integration and may withdraw at any time from Settings.
3. How we use the data
Solely to provide the Ops Console features: margin analysis, inventory health dashboards, purchase order management, and the morning brief. We do not use your store data to train models, benchmark across merchants, or share with third parties beyond the processors listed below.
4. Data retention
Your store data is retained while the app is installed. On uninstall, Shopify sends us a GDPR erasure webhook within 48 hours and we purge all store-specific records within 30 days. OAuth tokens are revoked and deleted immediately on uninstall or when you disconnect an integration from Settings.
5. Sub-processors
- Hetzner — VPS hosting; data stored in EU.
- Stripe — billing for your Ops Console subscription.
- Resend — transactional email (receipts, alerts).
- PostHog (EU) — product analytics (page-level, no order data).
6. Contact
Privacy queries: privacy@sico.software.