RankCollections
Install

Privacy Policy

Last updated: April 18, 2026

This Privacy Policy describes how RankCollections (“we”, “us”) handles information collected from Shopify merchants who install our app and from visitors to https://rankcollections.com. By installing the app or using this site you agree to the practices described below.

Information we collect

  • Merchant account data — Shopify shop domain, owner email, plan, store name, locale, currency, and OAuth access tokens granted by the merchant during install.
  • Catalog data — products, variants, inventory levels, collections, and collection-product relationships synced from the merchant’s Shopify store via the Shopify Admin API.
  • Analytics signals — if the merchant opts in, we read aggregated data from Google Search Console and Google Analytics 4 to power opportunity suggestions.
  • Usage telemetry — anonymized product analytics via PostHog (page views, feature use) and error traces via Sentry.
  • We do NOT collect end-shopper personal data, order payment details, or customer contact information beyond what Shopify GDPR webhooks require us to acknowledge.

How we use it

  • Operate the core merchandising features of the app.
  • Send transactional email (approvals, usage alerts) via Postmark.
  • Generate AI-assisted collection suggestions via OpenRouter/LiteLLM.
  • Detect and debug errors via Sentry.
  • Understand feature usage in aggregate via PostHog.

Sub-processors

We share data with the following providers to deliver the service: Supabase (database hosting), Hetzner Cloud (application hosting), Postmark (email), OpenRouter and LiteLLM (LLM inference), DataForSEO (keyword data), Sentry (error monitoring), PostHog (product analytics). Each is bound by a Data Processing Agreement.

Data retention

Merchant catalog data is retained while the app is installed and deleted within 48 hours of uninstall via the Shopify SHOP_REDACT webhook. Audit logs and aggregated telemetry are retained for up to 12 months. Backups are retained per our database provider’s backup schedule.

Your rights (GDPR / CCPA)

Merchants in the EU, UK, California, and other regions with equivalent protections may request access, correction, portability, or deletion of their data. Shopify customer data requests routed through CUSTOMERS_DATA_REQUEST, CUSTOMERS_REDACT, and SHOP_REDACT webhooks are honored automatically.

International transfers

Data is processed in the European Union (Hetzner Cloud, Supabase EU region where available). Where transfers to the United States are required by a sub-processor, Standard Contractual Clauses apply.

Contact

For privacy inquiries or to exercise your rights, email privacy@rankcollections.com.

Draft notice: This document is a placeholder pending legal review. Final copy will replace this text before the Shopify App Store submission.