SortWise ("we", "us", "our") is a Shopify collection-sorting application operated by Harun Ketenci / AI Saturn. Contact: destek@harunketenci.com.
This policy explains what data we collect, how we use it, and the rights available to merchants and their customers when they use SortWise. We comply with GDPR (EU), KVKK (Türkiye), and CCPA (California).
2. Data We Collect
From merchants (Shopify store owners):
Shop domain and access tokens (required to operate the app inside Shopify).
The store owner's Shopify account name and email, as provided by Shopify's session.
Sorting strategies, collection sort configuration, pinned products, and sort history you create in the admin panel.
Catalog & order data (read on the merchant's behalf via the Shopify Admin API):
Products and collections (titles, ordering, inventory, metafields) — to reorder collections.
Order data — used only to compute aggregate ranking signals such as best-sellers and revenue. We do not store individual orders or customer records.
From storefront visitors (your customers):
Aggregate product view and click counts used to measure sort performance — stored as per-product totals, plus a coarse device type (mobile / desktop) derived from the user-agent.
We do not store IP addresses, names, emails, device fingerprints, or any identifier that could single out an individual visitor.
We do not collect payment card data, passwords, or any Sensitive Personal Information.
3. How We Use the Data
To automatically sort and reorder the merchant's collections according to the strategies they configure.
To compute aggregate ranking signals (views, clicks, sales) that drive those strategies.
To display analytics in the SortWise admin dashboard (aggregate counts only).
To provide customer support when a merchant opens a request.
To comply with Shopify's Platform requirements and applicable law.
We do not sell, rent, or share personal data with third parties for advertising purposes.
4. Legal Basis (GDPR)
Contract performance — processing merchant account data to deliver the service.
Legitimate interest — aggregate, non-identifying analytics to power and improve sorting.
5. Data Retention
Merchant, strategy, and analytics data: retained for the duration of the app installation, then purged within 48 hours of uninstall (triggered by Shopify's shop/redact webhook; sessions are removed on app/uninstalled).
Aggregate analytics are non-identifying and are deleted together with the shop's data on uninstall.
6. Customer-Data Compliance Webhooks
customers/data_request — returns "no data to report"; SortWise stores no customer PII.
customers/redact — nothing to redact for the same reason.
shop/redact — deletes all per-shop data (strategies, collection sorts, analytics, sessions).
All three verify the Shopify HMAC before acting and respond with HTTP 200.
7. Merchant Rights (GDPR Art. 15–17 / KVKK Art. 11)
A merchant may at any time access their data in-app, correct their strategies, and delete all of their data by uninstalling the app (purged within 48 hours). For any request, contact destek@harunketenci.com and include your myshopify.com domain.
8. Security
We implement industry-standard safeguards: HTTPS everywhere, HMAC-verified webhooks, multi-tenant data isolation (every database query is scoped by shop), encryption at rest, and no personal data in application logs.
9. Third-Party Processors
Shopify — platform infrastructure and catalog/order data accessed on the merchant's behalf.