Ops Console — privacy notice
Ops Console is a Shopify app for profit reconciliation, inventory management, and purchase-order workflow. The merchant is the data controller; sico is the data processor.
1. Shopify scopes we request
read_products,write_productsread_ordersread_inventory,write_inventoryread_fulfillments
Each scope is requested only because the corresponding feature requires it; we do not pre-request scopes for unimplemented features.
2. What we read from your shop
| Source | Examples | Where it goes |
|---|---|---|
| Products and variants | title, SKU, price, cost, inventory item id | local mirror for inventory and margin views |
| Inventory levels | per-location stock counts | same; updated incrementally via webhooks |
| Orders | line items, totals, refunds, fulfillment status, customer journey UTMs | orders cache used for velocity and attribution |
| Customer journey | landing site, referring site, UTM parameters on the order | last-touch + time-decay attribution writer |
We do not pull individual customer profiles or contact information beyond what arrives attached to an order.
3. What we write back
- Inventory adjustments when you receive a purchase order (one mutation per location, per variant).
- Product cost (COGS) updates only when you explicitly enter or import them.
4. Third-party processors used by this app
| Processor | Why | What flows out |
|---|---|---|
| Meta Marketing API | ad-spend sync for margin module | read-only; nothing written |
| Google Ads API | ad-spend sync for margin module | read-only; nothing written |
| Resend | purchase-order emails to your suppliers | your supplier email + PO content |
| Anthropic | "why this reorder" narratives, fired only when you click the button | formula inputs only — no PII |
Billing is via Shopify Billing only — no payment data flows to sico or any non-Shopify processor.
5. Customer-level rights (GDPR Art 15 / 17 / 20)
Shopify forwards customers/data_request, customers/redact, and shop/redact webhooks to us. We honour all three within the statutory window. Customers should normally contact you (the merchant) first; you may forward a request to us at privacy@sico.software and we will execute against our copy of the data.
6. Uninstall
On uninstall, we revoke our Shopify access token, generate a portability pack (JSON + CSV per table) within minutes, and email the link to the shop owner. Your data remains for 48 hours as a recovery window, then is hard-deleted. Audit and compliance evidence rows are retained per the windows in the main retention table.
7. Sub-processors and international transfers
Hosting is in Falkenstein, Germany (Hetzner Cloud). Stripe, Meta, Google, Anthropic, and Resend are EU/EEA-adequate or operate under Standard Contractual Clauses. The full processor list is in the main privacy notice.