Last updated May 23, 2026

Privacy Policy

This Privacy Policy explains how Tuck & Char Technology collects, uses, and protects information when merchants install or use our Shopify apps.

Information we access

The exact data depends on the app and the permissions approved by the merchant. Our apps may access Shopify store data needed to provide the app workflow, such as orders, fulfillments, products, variants, inventory items, locations, tags, notes, and app metafields.

We may also store Shopify OAuth session information so the embedded app can open securely inside Shopify Admin.

Some apps may let merchants enter third-party API keys, such as market data provider keys for FRED, Census, BEA, or BLS. Those keys are provided directly by the merchant and are stored only to operate the connected app feature.

How we use information

  • To provide, maintain, and improve the installed app.
  • To perform merchant-requested actions inside Shopify Admin.
  • To record app activity needed for audit history or support.
  • To request merchant-enabled third-party data, such as market signals, when a merchant configures provider API keys.
  • To respond to support requests.
  • To comply with Shopify platform requirements and applicable law.

Sharing

We do not sell merchant or customer personal data. We share data only with service providers needed to operate the app, comply with legal obligations, protect rights and security, or complete a business transfer such as a merger or acquisition.

When a merchant configures a third-party API key, we use that key only with the provider needed for the requested feature. We do not sell or share merchant-entered API keys for advertising or unrelated purposes.

Retention and deletion

We retain app data only as long as needed to provide the app, support merchants, maintain security, meet legal obligations, and keep reasonable business records. Merchants can request deletion by contacting support.

Merchant-entered API keys are retained until the merchant removes them in the app, uninstalls the app, or requests deletion through support, subject to legal or security obligations.

Security

We use reasonable administrative, technical, and organizational safeguards to protect app data. No method of transmission or storage is perfectly secure, but we work to limit access to the data needed for app operation and support.

Merchant-entered API keys are encrypted before storage and are not displayed back in plain text after saving.

Merchant and customer requests

Merchants and customers may contact us about access, correction, or deletion requests. When a request relates to a Shopify store, we may ask for information needed to verify the request and coordinate with the merchant.

Contact

Privacy questions can be sent to [email protected].