Privacy policy

What Stavra does

Stavra helps Shopify merchants collect quote requests, sample requests, review request details, send follow-up emails, and create Shopify draft orders when the merchant chooses that workflow.

Data we collect

Store and app setup data: shop domain, installation/session records, workflow settings, quote rules, sample mappings, billing plan cache, setup status, and usage summaries.

Catalog data used for setup: product and collection identifiers, titles, handles, variant identifiers, SKUs, and request rule metadata needed to decide where quote or sample workflows appear.

Buyer-submitted request data: name, email, company, phone, shipping region, sample shipping details when enabled by the merchant (country or region, address, apartment or suite, city, state or region, and postal code), quantity, product or variant references, request notes, source path, request type, request status, owner assignment, internal notes, uploaded request file metadata and file contents, quote-cart line items, and draft-order handoff state.

Email and job data: queued, sent, skipped, or failed delivery records for customer confirmations, buyer status updates, merchant-sent buyer updates, internal notifications, and Pro weekly analytics reports.

How we use data

We use merchant and buyer-submitted data to operate the Stavra request workflow, show requests in the embedded admin, send configured email notifications, generate operational analytics, enforce plan limits, and create Shopify draft orders when requested by an authorized merchant user.

We do not sell merchant or buyer data, use it for third-party advertising, or collect payment card information.

Third-party processors

Stavra uses Shopify for app authentication, billing, storefront app proxy access, product data, and draft-order creation.

Stavra uses hosted infrastructure, database, and private object storage services to run the application, store operational data, and store uploaded request files.

Stavra uses Resend to deliver customer confirmations, buyer status updates, merchant-sent buyer updates, internal notifications, and weekly analytics reports when those email features are enabled.

Retention and deletion

Stavra keeps merchant configuration, request records, uploaded request files, analytics summaries, and related workflow data while the app remains installed so the merchant can review and manage request history.

When a shop uninstall or shop redaction webhook is received from Shopify, Stavra deletes the shop-level settings, requests, subscription cache, sessions, and related records that are connected through the merchant record.

Stavra does not persist Shopify customer IDs. Buyer contact details submitted through Stavra request forms are stored as merchant request records and can be removed by contacting support.

Security

Stavra uses Shopify OAuth/session authentication for embedded admin access and verifies Shopify webhooks through Shopify's authentication utilities.

Data is transmitted over HTTPS in production. Access to app data is limited to the installed merchant's authenticated Shopify admin context and the app services required to operate Stavra.

Merchant and buyer rights

Merchants can request access, correction, export, or deletion of data associated with their Stavra installation by contacting support.

Buyers who submitted a request through a merchant's storefront can contact the merchant directly or contact Stavra support for help routing a privacy request.

Contact

For privacy, security, or support requests, contact support@manilabs.co.