Get WholesaleReady (“we”, “our”, or “us”) is a Shopify app that enables wholesale (B2B) pricing for Shopify merchants. This Privacy Policy explains what information we collect, how we use it, and your rights — when you install or use our app as a merchant, or when you interact with it as a wholesale customer on a merchant’s store.
This policy applies to two groups of people who interact with Get WholesaleReady:
- Merchants — Shopify store owners who install Get WholesaleReady to offer wholesale pricing to their customers.
- Wholesale Customers — End customers (buyers) of a merchant’s store who submit a wholesale application or use wholesale pricing features on the storefront.
Merchants act as the data controller for their customers’ data. Get WholesaleReady processes that data on behalf of the merchant as a data processor.
From Merchants (Store Owners)
- Shopify store URL (myshopify.com domain) and store name
- OAuth access tokens used to call the Shopify Admin API on your behalf
- App configuration: wholesale group names, discount percentages, minimum order thresholds, loyalty discount settings, and ticker display preferences
- Per-product pricing rules you configure in the app
From Wholesale Customers (via the storefront registration form)
- Full name and business name
- Email address
- Any additional details entered in the wholesale application form
- Shopify customer ID (linked after the customer logs in post-approval)
- Wholesale application status (pending / approved / rejected)
Automatically Collected During Use
- Cart contents (product IDs, variant IDs, quantities, prices) — used transiently to calculate pricing previews; not stored persistently
- Customer tags and metafields written to the Shopify customer record to identify approved wholesale members
- HMAC authentication tokens stored temporarily as cart attributes for secure checkout verification
- To authenticate merchants and operate the app within their Shopify store
- To process wholesale applications and notify the merchant of new submissions
- To apply wholesale pricing discounts automatically at checkout via Shopify Functions
- To display discounted pricing in the cart drawer and on product pages for approved wholesale customers
- To send transactional email notifications (e.g., application approval or rejection) on behalf of the merchant
- To verify customer eligibility for wholesale discounts using cryptographic tokens
- To sync discount configuration with Shopify’s discount and metafield systems
We do not use customer data for advertising, profiling, or any purpose beyond delivering the core app functionality described above.
We do not sell, rent, or trade personal information. Data may be shared only in these limited circumstances:
- Shopify Inc. — We interact with Shopify’s Admin API and Storefront API to apply tags, metafields, discount configurations, and automatic discounts on your store. All Shopify data handling is governed by Shopify’s Privacy Policy.
- Infrastructure providers — The app is hosted on servers in the EU (Hetzner). Data is stored and processed there. Hetzner’s infrastructure is GDPR-compliant.
- Legal requirements — We may disclose information if required by law, court order, or governmental authority.
As the data controller, merchants are responsible for:
- Disclosing to their customers that a third-party wholesale app processes application and pricing data
- Updating their own store’s privacy policy to reflect the use of Get WholesaleReady
- Handling customer data deletion requests — merchants may contact us to permanently remove a customer’s wholesale application data from our database
- Ensuring they have a lawful basis to collect the information entered into the wholesale registration form
- Merchant configuration data (groups, pricing rules, settings) is retained for as long as the app is installed and for up to 30 days after uninstallation.
- Wholesale application records (customer names, emails, business info) are retained for as long as the merchant’s store remains active on the app, or until the merchant requests deletion.
- OAuth session tokens are stored for as long as needed to maintain an authenticated connection to the merchant’s store.
- Cart pricing data is used transiently during a session and is not persisted to our database.
When a merchant uninstalls the app, Shopify sends an app/uninstalled webhook. We process this to delete the merchant’s OAuth session and, on request, all associated data.
We take reasonable technical and organizational measures to protect data, including:
- All data in transit is encrypted using TLS (HTTPS)
- Shopify OAuth tokens are stored server-side and never exposed to the browser
- Storefront API routes are authenticated using Shopify’s App Proxy signature verification and HMAC tokens
- Server role and permission checks are always performed server-side — client-supplied values are never trusted for authorization decisions
No method of electronic storage or transmission is 100% secure. If you discover a potential security vulnerability, please contact us immediately.
Depending on your location, you may have the right to:
- Access — request a copy of the personal data we hold about you
- Correct — request that inaccurate or incomplete data be updated
- Delete — request erasure of your data (“right to be forgotten”)
- Restrict — object to or limit certain processing activities
- Data portability — receive your data in a structured, machine-readable format
Wholesale customers should contact the merchant (store owner) whose store they applied to — the merchant is the data controller. If the merchant is unresponsive, you may contact us directly.
Merchants may request full data deletion by uninstalling the app and emailing us at the address below.
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For significant changes, we will notify merchants via the app or by email. Continued use of the app after a policy update constitutes acceptance of the revised policy.