Legal

Privacy Policy

Last updated: March 2025

1. Overview

Earph ("we", "us", "our") is a Shopify ERP that syncs your store data — orders, products, inventory, and customers — into a single dashboard. This policy explains what data we collect, why we collect it, and how we protect it.

By using Earph you agree to the practices described here. If you do not agree, please do not use the service.

2. Data we collect

Account information

When you sign up we collect your email address and a hashed password. We do not store your password in plain text.

Shopify store data

When you connect a Shopify store, Earph receives and stores the following data via the Shopify API and webhooks:

  • Orders (order ID, line items, amounts, status, fulfillment)
  • Products and variants (titles, SKUs, prices, inventory levels)
  • Customers (name, email, order history, lifetime value)
  • Inventory locations and stock quantities
  • Shop metadata (name, currency, timezone)

This data is synced in real time via webhooks and is stored in our database to power the Earph dashboard.

Usage data

We may collect anonymised usage information (page views, feature usage) to improve the product. This does not include personally identifiable information.

3. How we use your data

  • To display your Shopify store data in the Earph dashboard
  • To send real-time sync updates via webhooks
  • To authenticate you and secure your account
  • To send transactional emails (account confirmation, password reset)
  • To improve and debug the service

We do not sell your data. We do not use your Shopify store data for advertising or share it with third parties for their own purposes.

4. Data storage and security

Your data is stored in a Supabase-managed PostgreSQL database hosted on AWS. All data is encrypted at rest and in transit using TLS. Access to the database is restricted to the Earph application and authorised team members.

Shopify access tokens (used to pull your store data) are stored encrypted and are never exposed to the client.

While we take reasonable steps to protect your data, no system is completely secure. We encourage you to use a strong, unique password for your Earph account.

5. Third-party services

Earph uses the following third-party services to operate:

  • Shopify — store data source and OAuth provider
  • Supabase — authentication and database
  • Vercel — application hosting and edge network
  • Resend — transactional email delivery

Each of these providers has their own privacy policy. We only share data with them to the extent necessary to operate the service.

6. Data retention

We retain your account data and Shopify store data for as long as your account is active. If you delete your account, we will delete your personal data and Shopify store data within 30 days, except where we are required to retain it by law.

7. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability

To exercise any of these rights, please contact us at the email address below.

8. Cookies

Earph uses strictly necessary cookies to maintain your login session. We do not use tracking or advertising cookies. No cookie consent banner is shown because we only use cookies that are essential for the service to function.

9. Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes we will notify you by email.

10. Contact

If you have questions about this policy or want to exercise your data rights, please email us at privacy@earph.app