Last updated: July 2026
PO Ghost Chaser is a Shopify application developed and operated by Apps Alchemy. This privacy policy explains what data we collect, how we use it, and how we protect your information when you use PO Ghost Chaser to create and track purchase orders (POs), manage supplier contacts, send confirmation and reminder emails, surface suppliers who stop responding (“ghosting”), and optionally use branded supplier confirmation pages and daily digest emails on supported plans.
Section 01
Information We Collect
PO Ghost Chaser collects data needed to authenticate your store, store purchase-order records, send supplier communications, and enforce plan limits aligned with our access scopes.
We do not use PO Ghost Chaser to collect Shopify storefront customer names, mailing addresses, or payment card data. Checkout and payments are handled by Shopify and your payment providers.
Merchant and store data
- Your Shopify store domain plus OAuth credentials (access token stored for API access consistent with Shopify session handling)
- Embedded app session details provided by Shopify (for example name, email, and locale where Shopify supplies them)
- Billing and subscription identifiers and status synced from Shopify’s billing APIs where applicable
- Shop plan, trial status, and operational counters (for example supplier emails sent per day and last activity notification timestamps)
- Store branding and settings you configure: logo URL, brand color, custom notes, pricing visibility on supplier pages, and optional custom sending domain details (including domain verification status and provider identifiers)
Suppliers and purchase orders
- Supplier records you create or link: Shopify vendor name, email address, and optional phone number
- Purchase order records: PO number, workflow status (pending, confirmed, ghosting, or archived), linked supplier, archived supplier name when applicable, reminder counts, send and confirmation timestamps, and estimated delivery dates submitted by suppliers
- Line-item details you attach to each PO (for example product title, SKU, quantity, and unit cost) stored as structured data in our database
- Secure confirmation tokens used to generate supplier-facing confirmation links
Catalog and file data (within granted scopes)
- Product information read from your Shopify catalog via the Admin API when you build PO line items (such as titles, SKUs, and costs)
- Media file URLs from your Shopify Files library when you select a logo or other image for branded supplier pages (
read_filesscope)
Supplier-facing interactions
- When a supplier opens a confirmation link and submits an estimated delivery date, we store that response on the related purchase order
- Transient, in-memory request metadata (such as IP address) may be used briefly for rate limiting on public confirmation pages; this is not persisted in our application database
We do not use PO Ghost Chaser to collect Shopify storefront customer names, mailing addresses, or payment card data. Checkout and payments are handled by Shopify and your payment providers.
Section 02
How We Use Your Data
We use the data we collect to operate PO Ghost Chaser:
We do not sell, rent, share, or trade merchant, supplier, or storefront-shopper personal data with third parties for advertising, marketing, or unrelated commercial purposes.
- Authenticate admins and securely call Shopify’s Admin API within the scopes your store grants
- Create, update, archive, and display purchase orders and supplier records according to your actions in the app
- Send transactional emails to suppliers (initial PO notifications, automated reminders on supported plans) and optional daily digest emails to merchants
- Host branded supplier confirmation pages where suppliers can confirm orders and provide delivery estimates
- Detect and flag ghosting suppliers based on reminder history and response status
- Enforce subscription or plan gates (for example PO volume limits, automation features, and custom sending domains)
- Honor Shopify mandatory webhooks and maintain service reliability
We do not sell, rent, share, or trade merchant, supplier, or storefront-shopper personal data with third parties for advertising, marketing, or unrelated commercial purposes.
Section 03
Email and communications
PO Ghost Chaser sends transactional email related to purchase orders — for example initial PO messages to suppliers, follow-up reminders, and merchant daily digests on supported plans. We do not send promotional email to your Shopify customers. Subscription and billing-related communications from Shopify appear according to Shopify’s policies.
Support
If you email us for help, we use your message and address only to reply. We do not add you to marketing lists solely because you contacted support.Section 04
Data storage and security
Application data is stored in PostgreSQL on secure cloud infrastructure. We implement common safeguards including:
We do not store customer payment card information; app billing is processed through Shopify where applicable.
- Encrypted connections (HTTPS/TLS) between clients and our servers
- Secure OAuth flows and API usage through Shopify
- Secrets and credentials handled via deployment environment controls
- Database access constrained to components that require it
We do not store customer payment card information; app billing is processed through Shopify where applicable.
Section 05
Data retention and deletion
We retain merchant configuration, supplier records, and purchase-order data for your shop for as long as PO Ghost Chaser remains installed and your shop record exists in our system. When you uninstall the app, we immediately delete sessions and purge all shop-scoped application data (purchase orders, suppliers, store settings, and shop records). When Shopify sends the mandatory shop/redact webhook (typically about 48 hours after uninstall), we repeat the same cleanup; our deletion handlers are idempotent.
PO Ghost Chaser does not maintain a per-customer personal data store for Shopify storefront shoppers. Mandatory customers/data_request and customers/redact deliveries are acknowledged accordingly.
You may request assistance with deletion or privacy questions by contacting us at
[email protected]
Section 06
GDPR and Shopify compliance webhooks
PO Ghost Chaser is designed to meet Shopify’s mandatory privacy expectations. We subscribe to compliance webhooks, including:
Where the GDPR applies, merchants remain the controller for their end-customers’ personal data; PO Ghost Chaser processes merchant, supplier, and store data as needed to deliver the application on your instructions.
- customers/data_request — we acknowledge requests; we do not maintain per-customer personal data stores in our application database for PO Ghost Chaser features
- customers/redact — we acknowledge customer redaction events; the app does not store Shopify customer personal data
- shop/redact — we delete sessions and remove the shop and all associated application data as required after uninstall or erasure
Where the GDPR applies, merchants remain the controller for their end-customers’ personal data; PO Ghost Chaser processes merchant, supplier, and store data as needed to deliver the application on your instructions.
Section 07
Third-party services
PO Ghost Chaser relies on:
Subprocessors host and operate infrastructure only as needed to run the service.
- Shopify APIs and platform services — to read products and files, manage billing, and operate the embedded admin experience within granted scopes
- Cloud hosting — to run the application and PostgreSQL database
- Email delivery providers — such as Resend and/or SMTP infrastructure to send supplier and merchant transactional email; Resend may also be used for custom sending-domain verification on supported plans
Subprocessors host and operate infrastructure only as needed to run the service.
Section 08
Cookies and tracking
The embedded PO Ghost Chaser admin runs inside Shopify; session and security cookies follow Shopify’s practices described in Shopify’s documentation. Public supplier confirmation pages and this standalone policy page do not set marketing cookies or third-party advertising scripts.
Section 09
Your rights and controls
As a merchant, you can:
- Edit or archive suppliers and purchase orders from within the app
- Update branding and email settings in the app’s Settings area
- Uninstall PO Ghost Chaser to stop future processing associated with the app (Shopify and our compliance handlers perform additional erasure steps as described above)
- Contact us for privacy questions or assistance related to our records
Section 10
Changes to this policy
We may update this privacy policy to reflect changes in our practices, technology, or legal requirements. We will revise the “Last updated” date on this page when we do. Continued use of the app after updates constitutes acceptance of the revised policy where permitted by law. We may notify you of material changes through the app or by email when appropriate.
Section 11
Contact
If you have questions about this privacy policy or PO Ghost Chaser data practices, contact:
Apps Alchemy
[email protected]
We aim to respond to privacy-related inquiries promptly.
Apps Alchemy
[email protected]
We aim to respond to privacy-related inquiries promptly.