TermsPilotHelp

Privacy policy

Effective date: July 12, 2026

TermsPilot ("we", "us") is a Shopify app that helps merchants track and collect B2B net-terms receivables. This policy explains what data the app touches, why, and what happens to it. It is written to be read, not skimmed past.

Who this covers

  • Merchants — the store owners and staff who install TermsPilot.
  • Buyers — the B2B companies (and their contact people) that owe a merchant money. We process buyer data on the merchant's behalf, only to provide the app's features to that merchant.

What we store

The minimum the features need, nothing more:

Data Why
Store domain and an encrypted Shopify access token To read your B2B data from Shopify and act on your settings
Company names and company contact email / phone To show your aging dashboard and address reminder emails
Order financial fields: order number, amounts, currency, issue/due dates, payment status To compute balances, aging buckets, and reminder schedules
Your app settings (credit limits, reminder rules and templates, sender name, reply-to and alert email addresses, notes you write on a company) To run the app the way you configured it
A log of reminders sent and actions taken (flag / tag / hold) So nothing double-sends and you can review what happened

We do not store order line items, shipping or billing addresses, end-customer personal data beyond company contact details, or any payment-card data. We never see or move money.

What we don't do

  • We do not sell, rent, or share your data or your buyers' data with anyone for marketing or any other purpose.
  • We do not use your data to train AI models or make automated decisions about people.
  • We do not touch your storefront or checkout.

Who processes data for us (sub-processors)

  • Shopify — the platform the app runs on; all store data originates there.
  • Railway (railway.app) — hosts the application and its PostgreSQL database.
  • Resend (resend.com) — delivers the reminder and alert emails you configure.

Each processes data only as needed to run TermsPilot.

Retention and deletion

  • Uninstall the app → all of your shop's data (companies, invoices, rules, logs, settings, token) is deleted automatically.
  • Shopify GDPR webhooks → we honor Shopify's customer data-request, customer erasure, and shop erasure requests, in line with Shopify's mandatory privacy webhooks.
  • Downgrade or cancel a plan → nothing is deleted; paid features simply pause.

Security

Data lives in a managed PostgreSQL database; access tokens are encrypted at rest; secrets live in environment variables, never in code; every query is scoped to the shop it belongs to. Reminder sends are idempotent — enforced at the database level — so buyers can't be spammed by retries.

Your rights

Merchants and buyers can ask us what data we hold, ask for a copy, or ask for deletion at any time: email support@termspilot.app. For buyer data, we will loop in the merchant you do business with, since we process on their behalf.

Changes

If this policy changes materially, we'll note it here with a new effective date.

Questions? Email support@termspilot.app — a real human (the founder) reads it.