Privacy Policy
Effective date: July 11, 2026
TierUp is a Shopify app operated by WinWithWeb Technologies. This policy explains what data TierUp accesses, stores, and processes when a Shopify merchant installs and uses TierUp on their store. Language is deliberately concrete; if you find a claim that’s ambiguous, email us and we’ll clarify or fix it.
1. What TierUp does
TierUp lets Shopify merchants configure quantity-break (also called “tiered”, “volume”, or “slab”) pricing on their products. Discounts are computed by a Shopify Function that runs on Shopify’s infrastructure at checkout; TierUp writes the compiled tier rules to a product metafield that the Function reads.
2. Data TierUp accesses on your Shopify store
When you install TierUp, the app requests these OAuth scopes:
read_products— read product titles, images, prices, and IDs so tiers can be configured against specific products.write_products— write compiled tier rules to a product metafield (slabpricing.rules) that the checkout Function reads.write_discounts— create and update a single automatic discount node that binds the Function to checkout.
TierUp does not request access to customer data, orders, personal information, payment methods, addresses, or any other protected customer data. Shopify enforces this via approval gates on scopes and webhook subscriptions.
3. Data TierUp stores
TierUp stores the following in a managed Postgres database (hosted by Neon on AWS, US East region):
- Merchant configuration — your Shopify shop domain, tier rule definitions (product ID, quantity thresholds, per-unit prices, currency, stacking preferences), and settings.
- Session tokens — Shopify OAuth session data, managed by the Shopify session-storage library, used only to authenticate admin requests from your embedded admin.
- Storefront impressions (anonymous) — the shop domain, a product ID, an optional A/B variant label, and a timestamp. This is a count of how often the tier-pricing widget rendered per product. It contains no customer identifiers, no IP addresses, no cookies, no device fingerprints, and no personal information.
TierUp does not store: customer names, emails, addresses, orders, order items, payment methods, or any other personal information about your shoppers.
4. Where data is stored
- Application server: Railway (US East, Virginia).
- Database: Neon Postgres (AWS US East, Ohio).
- Compiled tier rules are also written to Shopify product metafields on your store, hosted by Shopify.
5. Third-party services
TierUp’s operation depends on these services:
- Shopify — required platform integration; TierUp reads and writes only via Shopify’s Admin API.
- Neon — managed Postgres database hosting.
- Railway — application server hosting.
TierUp does not sell, share, or transmit your data or your shoppers’ data to any advertising, analytics, or marketing service. There are no third-party trackers on the storefront widget or in the embedded admin (beyond Shopify’s own App Bridge, which is required for embedded apps).
6. Data retention and deletion
- While TierUp is installed: merchant configuration and session data are retained for as long as the app is installed.
- On uninstall: TierUp automatically deletes all rules, tiers, and settings for the uninstalled shop via the
app/uninstalledwebhook. Sessions are removed at the same time. - Impression logs: retained in aggregate; since they contain no personal information, they are not tied to any individual customer.
7. GDPR and Shopify compliance webhooks
TierUp implements the mandatory Shopify privacy webhooks:
customers/data_request— TierUp does not store any customer personal data; TierUp returns an empty response as there is nothing to disclose.customers/redact— TierUp does not store any customer personal data; there is nothing to redact.shop/redact— 48 hours after uninstall, Shopify sends this webhook and TierUp permanently deletes all remaining data for the shop.
8. Cookies
TierUp does not set cookies on your storefront. The embedded admin uses Shopify’s session-token authentication, not cookies. Shopify may set its own cookies as part of App Bridge; those are governed by Shopify’s privacy policy.
9. Your rights
If you are a merchant using TierUp and want to request data access or deletion outside the automated uninstall flow, contact us using the details below. If you are a shopper on a merchant’s store, TierUp does not hold any personal information about you; please contact the merchant directly for any store-level privacy request.
10. Contact
For privacy questions or requests, contact:
- Email: winwithwebtechnologies@gmail.com
- Operator: WinWithWeb Technologies
11. Changes to this policy
We may update this policy as TierUp evolves. Material changes will be reflected by updating the effective date at the top of the page. Continued use of TierUp after a change constitutes acceptance of the updated policy.