Privacy Policy

AddToWholesale is a Shopify app operated by Texvion LLC ("we", "us", "Texvion"). We help Shopify merchants offer wholesale prices to approved customers without spreadsheets or discount codes.

This policy explains what data we collect, why we collect it, how we use it, who we share it with, and how you can exercise your rights over it. It applies to the AddToWholesale Shopify app, the marketing site at addtowholesale.com, and the embedded app at app.addtowholesale.com.

From merchants who install the app

• Shop information: shop domain (e.g. your-store.myshopify.com), shop name, owner email, and the OAuth access token Shopify issues when you authorize the app.
• Plan & subscription state: which plan you're on (Free, Starter, Pro), subscription status, billing period — provided by Shopify Managed Pricing.
• App settings you create:default wholesale discount, signup-form text, custom fields, email templates, language preference.
• Wholesale order metadata: for approved wholesale customers' orders only, we cache the order ID, total, currency, customer ID, and timestamp to power your dashboard metrics. We do not store full order line items.

From your wholesale applicants (end customers)

When a customer fills out your wholesale signup form, we receive only what they submit:

• First name, last name, email, phone
• Company name, tax ID, business address
• Any custom fields you've added to the form (configured in your app settings)
• Any documents they upload (PDF/JPG/PNG; e.g. resale certificates, business licenses)
• Status, decision date, internal notes you write about them

Uploaded documents are stored in your Shopify Files library — they never live on Texvion infrastructure. We only store the Shopify File GIDs that point to them.

Collected automatically

• Server logs: IP address, user agent, request path, response code, and timestamp for every request to our app servers. Used for debugging and abuse prevention. Retained for 30 days.
• No analytics or marketing trackers on the embedded app. The marketing site (addtowholesale.com) may use privacy-respecting analytics (Vercel Analytics or similar) that do not use cookies and do not track individuals across sites.

We use the data we collect only to:

• Run the AddToWholesale app for your store (the service you signed up for)
• Send approval and rejection emails to your wholesale applicants on your behalf
• Apply your wholesale prices at the customer's checkout
• Show you metrics (revenue, top wholesale customers) on your dashboard
• Provide customer support if you contact us
• Detect and prevent abuse, fraud, and security incidents
• Comply with our legal obligations

We do not sell, rent, or share your data with advertisers. We do not use your data — or your customers' data — to train machine learning models or for any purpose unrelated to running the app.

To run the app, we share specific data with these vetted infrastructure providers. Each operates under their own privacy and security certifications:

We do not use any other third parties to access merchant or customer data. If our subprocessor list changes, we will update this page.

• Encryption in transit: all network traffic uses TLS 1.2+.
• Encryption at rest: Shopify access tokens are encrypted with AES-256-GCM before being written to our database. Supabase encrypts the underlying database storage.
• Tenant isolation: every database query is scoped to your shop ID. Code-enforced; cross-tenant access is not possible.
• File uploads: validated by MIME-type allowlist (PDF/JPG/PNG only) plus magic-byte verification. Files stream directly from the customer's browser to your Shopify Files — they never touch our servers' disks.
• Least-privilege scopes: we request only the Shopify scopes the app actually needs. Each scope is documented in the install consent screen.

Under GDPR, CCPA, and similar laws, you and your customers have these rights:

• Access: request a copy of the data we hold about you.
• Correction: ask us to fix inaccurate or incomplete data.
• Deletion: request that we erase your data (subject to legal obligations to retain certain records).
• Portability: receive your data in a machine-readable format.
• Objection: object to specific processing activities.
• Withdraw consent: where processing is based on consent, withdraw it at any time.

For end customers (your wholesale applicants), the merchant who runs the store is the data controller. Forward customer requests to support@addtowholesale.com. Shopify also exposes standardized GDPR webhooks (customers/data_request, customers/redact, shop/redact) — we honor all three within 30 days.

• Active install: we keep your data for as long as the app is installed and your subscription is active.
• After uninstall: all data tied to your shop is deleted from our database within 48 hours, triggered by Shopify's app/uninstalled webhook. Files in your Shopify Files library are unaffected — they remain in your Shopify account.
• GDPR redact: on Shopify's customers/redact webhook (~10 days after a customer requests deletion), we anonymize their PII; on shop/redact (48h after shop deletion), we fully delete the shop's records.
• Server logs: 30 days, then automatically deleted.
• Backups: Supabase point-in-time recovery (PITR) snapshots may retain deleted records for up to 7 days before being expired.

Texvion is based in the United States. Our database (Supabase) and email provider (AWS SES) are also in the U.S. If you are outside the U.S., your data is transferred to and processed in the U.S. We rely on Shopify's standard contractual clauses with merchants and on each subprocessor's own data-transfer mechanisms (SCCs, adequacy decisions, etc.) for compliance with EU/UK GDPR and similar laws.

AddToWholesale is a B2B tool for Shopify merchants. We do not knowingly collect data from anyone under 16. If you believe a child has submitted data through our app, contact us and we will delete it.

The embedded app at app.addtowholesale.com uses only the cookies Shopify itself sets to authenticate merchants. We set no tracking, advertising, or analytics cookies on the embedded app.

The marketing site (addtowholesale.com) may use a privacy-respecting first-party analytics tool (e.g. Vercel Analytics) that does not use cookies and does not identify individual visitors.

We may update this policy as the app evolves. Material changes will be announced via the app or via email to the merchant's registered email. The "Last updated" date at the top of this page always reflects the current version.

Privacy questions, data requests, or anything else:

• Email: support@addtowholesale.com
• Operator: Texvion LLC
• App: AddToWholesale on the Shopify App Store