ShipGuard Privacy Policy
Last updated: June 26, 2026
ShipGuard ("the App", "we", "us") is operated by Christopher Johnston Consulting. The App lets merchants offer self-insured shipping protection at checkout and lets their customers file delivery claims. This policy explains what data we access, why, and how we protect it.
Information we collect
ShipGuard collects only the data required to provide the service:
- Claim details — when a customer files a claim, they voluntarily provide an order number, email address, name (optional), issue type, and a description. We do not read Shopify order or customer records; we only store what the customer enters on the claim form.
- Product data — we create and maintain one "Shipping Protection" product (with price-tier variants) in the merchant's store using the
write_products/read_productsscopes. This is product data, not customer PII. - Merchant settings — pricing brackets, widget text/appearance, and the notification email the merchant configures inside the App.
How we use it
- To notify the merchant by email when a customer files a claim.
- To show the merchant a claims dashboard inside the App admin.
- To email the customer when their claim status changes (approved/denied/resolved).
We do not sell personal data, and we do not use it for advertising or profiling.
Third-party services
- Shopify — provides product APIs and the App Proxy that serves the cart widget config and the claims form.
- Resend (resend.com) — delivers claim notification emails on our behalf. The relevant email address and claim content are transmitted to Resend for delivery only.
- Hetzner / Coolify — hosts the App and its Postgres database on a private VPS. No data leaves the EU datacenter (Falkenstein, Germany).
Data retention & storage
Claim records (customer email + order number + description) are stored for the merchant's claim-handling and audit needs. When a merchant uninstalls the App, all of that store's data — including all customer claim data — is deleted within 48 hours via Shopify's shop-redaction webhook.
Your rights (GDPR / CCPA)
Customers may request access to or deletion of their data by contacting the merchant they filed a claim through; the merchant can request deletion from us at the address below. We honour Shopify's mandatory customers/data_request, customers/redact, and shop/redact webhooks.
Contact
Questions about this policy or your data: chris@johnstonops.com.