PostSurgeAdd to Shopify — Free

Privacy Policy

Last updated: February 2026

1. Overview

PostSurge ("we", "our", or "us") is a Shopify application that helps merchants increase revenue through post-purchase upsells. This Privacy Policy explains how we collect, use, and protect information when you use our app.

2. Information we collect

When you install PostSurge, we collect the following information through the Shopify API:

  • Store information — your Shopify store domain and access token (required to operate the app)
  • Order data — order IDs, line items, and cart totals (used to generate product recommendations and track offer performance)
  • Product data — product titles, prices, and images (used to display upsell offers)
  • Customer identifiers — anonymized customer IDs (used for analytics and to avoid showing repeated offers to the same customer). We do not collect customer names, emails, or payment information.

3. How we use your information

  • To generate and display relevant post-purchase upsell offers to your customers
  • To analyze offer performance and conversion rates in your dashboard
  • To calculate and apply plan-based order limits and revenue fees
  • To improve our recommendation engine

4. Data storage and security

Your data is stored in a secure PostgreSQL database hosted on Fly.io infrastructure in the United States. We use industry-standard encryption for data in transit (TLS) and at rest. Access tokens are stored encrypted and are never shared with third parties.

5. Data sharing

We do not sell, rent, or share your store data or customer data with any third parties, except as required to operate the service (e.g. our hosting provider). We never use your data for advertising purposes.

6. Data retention

We retain your store data for as long as your account is active. If you uninstall PostSurge, your store data is retained for 90 days to allow for reinstallation, then permanently deleted. You may request immediate deletion at any time by contacting us.

7. GDPR compliance

We comply with Shopify's mandatory GDPR webhooks:

  • Customer data requests — we respond to requests for customer data within 30 days
  • Customer data deletion — we delete all customer-identifiable data upon receiving a redact request
  • Shop data deletion — we permanently delete all store data within 30 days of an uninstall request

8. Your rights

As a merchant, you have the right to access, correct, or delete any personal data we hold about you or your customers. To exercise these rights, contact us at the email below.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Continued use of PostSurge after changes constitutes acceptance of the updated policy.

10. Contact us

For privacy-related questions or data requests, contact us at:
support@getpostsurge.com