Privacy Policy

Last updated: February 9, 2026

This Privacy Policy explains how TruUp ("TruUp", "we", "us", "our") collects, uses, shares, and protects personal information when you install or use our application in connection with your Shopify store, or when you visit our website at https://truup.app (together, the “Services”).

TruUp is designed for use by businesses (Shopify merchants and other ecommerce merchants). Where we process information about your customers on your behalf, you remain the “controller” of that data and TruUp acts as your “processor” or “service provider” under applicable data protection laws.

If you do not agree with this Privacy Policy, you should not install or use TruUp or access our website.

1. Information We Collect

We collect information in three main ways: (1) data we receive via Shopify and other connected platforms, (2) data you provide directly, and (3) data collected automatically when you use our Services.

1.1 Information we receive from Shopify and connected platforms

When you install TruUp on your Shopify store, we are automatically able to access certain types of information from your Shopify account, depending on the permissions you grant us and the scopes that Shopify requires for apps like ours.

This may include:

  • Store information

    • Store name, shop domain, primary contact email
    • Currency, timezone, and relevant configuration settings
    • Shopify plan and other basic metadata

  • Order and transaction data

    • Order IDs and order numbers
    • Order dates and timestamps
    • Line items (products, variants, quantities, prices)
    • Discounts, taxes, shipping charges, and total amounts
    • Payment status and methods, where exposed by Shopify APIs

  • Refunds, returns, and exchanges

    • Refund IDs, dates, amounts, and reasons (where available)
    • Return or exchange records and status (where exposed by Shopify’s APIs and/or your returns solution)
    • Data indicating the use of store credit or exchange workflows, where possible based on the underlying platform behavior

  • Customer-related order information

    • Customer ID (Shopify)
    • Customer name, email address, billing/shipping country and region
    • Any other customer-related fields contained in order, refund, or return objects that Shopify or your connected platform provides

We access this information solely to provide the functionality of TruUp: calculating true revenue, identifying discrepancies in your reporting, and generating exports and reports for your accounting systems.

If you connect additional platforms (for example, other ecommerce channels or accounting platforms), we will receive similar transactional and configuration data from those platforms, as authorized by you.

1.2 Information you provide directly

When you use the Services, you may provide information directly to us, including:

  • Account and contact information

    • Your name, email address, company name, and role
    • Optional profile information

  • Configuration and settings

    • Timezone, currency preferences
    • Accounting mappings (e.g., which revenue or returns accounts should be used)
    • Thresholds for alerts (for example, discrepancy thresholds that trigger notifications)

  • Support and communications

    • Contents of email messages you send us
    • Messages submitted through in-app chat or support forms
    • Feedback you provide about the product

1.3 Information collected automatically

When you visit our website or use the app, we may automatically collect certain information about your device and usage, such as:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Referring URLs
  • Date and time of access
  • Pages viewed and links clicked
  • Basic error and performance data

We may collect this information using cookies, pixels, local storage, and similar technologies. For more details, see the Cookie Policy.

2. How We Use Information

We use the information we collect for the following purposes:

2.1 To provide and operate the Services

We use information to:

  • Authenticate you and your connected stores
  • Ingest and store order, refund, return, and exchange data from Shopify and other platforms
  • Compute metrics such as:
    • Gross sales
    • Refund totals
    • Return and exchange impact
    • “True revenue” after returns, exchanges, and store credit
    • Discrepancies between Shopify-reported net sales and cash-based revenue
  • Generate CSV exports and other outputs suitable for import into accounting tools like QuickBooks Online
  • Provide dashboards, charts, and reports inside the TruUp app and on our website

2.2 To maintain, secure, and improve the Services

We also process information to:

  • Monitor for errors, outages, and performance issues
  • Protect against fraud, abuse, or security threats
  • Analyze aggregate usage patterns to improve our features and user experience
  • Develop new features, such as forecasting, benchmarking, and multi-platform support

Where possible, we use aggregated or anonymized data that does not identify individual merchants or customers to perform this analysis.

2.3 To communicate with you

We use your contact information to:

  • Send service and transactional emails (for example, onboarding messages, critical alerts, security notifications, or billing notices)
  • Respond to your requests, questions, and support tickets
  • Send product updates, educational content, or marketing communications where permitted by law

You can opt out of non-essential marketing emails at any time by using the unsubscribe link in the email or contacting us.

2.4 To comply with legal obligations

We may process and retain information as necessary to:

  • Comply with applicable laws and regulations
  • Respond to lawful requests and legal process
  • Enforce our Terms of Service and Acceptable Use Policy
  • Protect the rights, property, or safety of TruUp, our users, or others

3. Legal Bases for Processing (EEA/UK)

If you are located in the European Economic Area (EEA), the United Kingdom, or a jurisdiction with similar frameworks, our legal bases for processing personal data include:

  • Contract performance – We process personal data to provide the Services under our contract with you (for example, our Terms of Service). This includes data necessary to operate the app, produce reports, and provide support.

  • Legitimate interests – We process personal data as necessary for our legitimate interests in operating, improving, and securing our Services (for example, preventing abuse, understanding how the app is used, and improving features), provided that these interests are not outweighed by your rights and interests.

  • Consent – For certain activities, such as sending direct marketing communications or using non-essential cookies in certain jurisdictions, we rely on your consent. You can withdraw consent at any time through the mechanisms provided (e.g., email opt-out links, cookie banners and settings).

As a merchant, you are responsible for ensuring you have a lawful basis for processing your own customers’ personal data and for providing any necessary notices and choices to your customers. Where we act as your processor, we process your customers’ data in accordance with your instructions and our Data Processing Agreement (DPA).

4. How We Share Information

We do not sell your personal information. We share information only in the ways described below.

4.1 Service providers and subprocessors

We use trusted third-party service providers (“subprocessors”) to help us deliver the Services, such as:

  • Cloud infrastructure providers (hosting, databases, storage)
  • Email delivery providers
  • Logging and monitoring services
  • Error tracking services
  • Payment processors

These providers may process personal information on our behalf only for the purposes we specify and under appropriate data protection obligations. We maintain an up-to-date list of subprocessors at:

https://truup.app/legal/subprocessors

and in docs/legal/subprocessors.md within the repository.

4.2 Integrations and connected services

When you choose to connect TruUp to external services (for example, QuickBooks Online or other accounting tools), we may transmit data to and from those services as you configure.

Your use of external services is governed solely by their terms and privacy policies. We encourage you to review those policies carefully.

4.3 Business transfers

If TruUp is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, your information may be transferred as part of that transaction, subject to any applicable legal requirements. We will take steps to ensure that any recipient continues to protect your information in a manner consistent with this Privacy Policy.

4.4 Legal and safety disclosures

We may disclose information about you if we believe in good faith that such disclosure is reasonably necessary to:

  • Comply with a law, regulation, legal process, or government request
  • Protect the rights, property, or safety of TruUp, our users, or the public
  • Enforce our agreements, policies, and terms
  • Detect, prevent, or otherwise address fraud, security, or technical issues

5. International Data Transfers

TruUp may process and store information in countries other than the country where you reside. These countries may have different data protection laws than your own country.

Where required by law (for example, for data originating in the EEA or UK), we use appropriate safeguards to protect personal data when it is transferred internationally, such as:

  • Standard contractual clauses approved by the European Commission or UK authorities
  • Other lawful transfer mechanisms recognized under applicable laws

You can contact us for more information about the specific safeguards we use.

6. Data Retention

We retain personal information for as long as necessary to provide the Services, to comply with our legal obligations, to resolve disputes, and to enforce our agreements.

In general:

  • Merchant account and configuration data are retained for the duration of your account and for a limited period thereafter (for example, to allow reactivation or to comply with record-keeping obligations).
  • Order and transactional data ingested from Shopify and other platforms are retained while your account is active to support historical reporting and analytics, unless you request deletion or we are required to delete it sooner.
  • Logs and diagnostic data are retained for shorter periods appropriate for security and troubleshooting.

When we no longer need personal information, we will delete or anonymize it. In some cases, we may retain limited information in backups or archives for a period consistent with our business continuity and legal obligations.

7. Your Rights and Choices

Depending on where you live and the laws that apply to you, you may have certain rights regarding your personal information, such as:

  • Access – Request confirmation of whether we process your personal data and obtain a copy of that data.
  • Correction – Request correction of inaccurate or incomplete personal data.
  • Deletion – Request deletion of your personal data, subject to certain exceptions (for example, where we must retain data by law).
  • Restriction – Request restriction of our processing of your personal data under certain circumstances.
  • Objection – Object to certain processing (for example, direct marketing or processing based on legitimate interests).
  • Portability – Request a copy of your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, ask us to transfer it to another controller.

To exercise these rights regarding data we control (such as your account and contact data), you can contact us using the information in the Contact Us section below.

For data we process on behalf of merchants about their customers, we generally act as a processor. In those cases, we will either direct the requester to the relevant merchant or cooperate with the merchant to fulfill the request, as appropriate.

You may also have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal data violates applicable law.

8. Shopify Data Subject Requests and Deletion

TruUp complies with Shopify’s data protection requirements and webhooks, including:

  • customers/data_request
  • customers/redact
  • shop/redact

When we receive these requests from Shopify—either directly or triggered by your actions—we will locate relevant data associated with the customer or shop and delete or anonymize it as required, within the timelines defined by Shopify and applicable law.

If you uninstall the TruUp app from your Shopify store, we will delete or anonymize personal data associated with that store within a reasonable period, except for data we are required or permitted to retain for legal, accounting, or security purposes.

9. Cookies and Similar Technologies

We use cookies and similar technologies on our website and, where appropriate, within the app to:

  • Keep you signed in and maintain session state
  • Remember your preferences and settings
  • Measure and improve the performance of our site and app
  • Understand how visitors use our pages and features

Where required by law (for example, in the EU/EEA and UK), we will request your consent before using non-essential cookies (such as analytics or marketing cookies). You can manage your cookie preferences through:

  • Our cookie banner and settings, where provided
  • Browser settings that allow you to block or delete cookies

For more detail on the types of cookies we use and how to control them, please see our Cookie Policy at:

https://truup.app/legal/cookie-policy

10. Security

We take reasonable technical and organizational measures to protect personal information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

These measures may include:

  • Encryption of data in transit and at rest where appropriate
  • Access controls and authentication for internal systems
  • Logging and monitoring of key systems
  • Regular security updates and patch management
  • Data backup and disaster recovery measures

No method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security.

11. Children’s Privacy

TruUp is not directed to children under the age of 16, and we do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal information, we will take steps to delete that information as soon as reasonably practicable.

If you believe we may have any information from or about a child under 16, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

When we make changes, we will:

  • Update the “Last updated” date at the top of this page, and
  • Where appropriate, notify you by email, in-app message, or through a notice on our website.

Your continued use of the Services after the updated Privacy Policy becomes effective indicates that you have read and understood the changes.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, or if you wish to exercise your rights, you can contact us at:

TruUp TruUp

Email: [email protected]