Privacy Policy — Safety Stock

by Branch Build · Effective date: June 18, 2026

Safety Stock (the “App”) is a Shopify app published by Branch Build (“we”, “us”). The App lets a merchant automatically mark product variants as sold out on their storefront when inventory drops below thresholds the merchant configures. This policy explains what store data the App accesses, how we use it, who we share it with, and the choices you have.

Our role

The merchant who installs the App is the data controllerfor their store’s data. Branch Build acts as a data processor, handling that information solely to operate the App on the merchant’s behalf.

Limited data collection

The App requests only the access scopes it needs to function: read_inventory, read_locations, read_products, write_products, and read_themes. The App does not access customer data, orders, checkout, payments, or any buyer or staff personal information.

Information we process

To operate the App, we access and/or store the following:

• From your Shopify store: your shop domain; product and variant identifiers and titles; product tags and collection membership; inventory quantities and per-location inventory levels; location names and IDs; and read-only theme information used only to confirm the App’s storefront block is installed.
• Stored by the App: the threshold rules you create (rule type, the products, tags, or collections they target, any exceptions, threshold value, ordering, optional location, and trigger statistics); a record of which variants are currently force-marked sold out (variant and product IDs and titles); your app settings; and the Shopify session/authentication token issued to the App for your store.
• Written back to your store: a single product-variant metafield (sold_out_guard.force_sold_out) that the App sets to control whether a variant displays as sold out. No other data is written to your store.

How we use information

We use the information above only to provide, operate, and maintain the App’s inventory-threshold features; to authenticate the App and secure access; to respond to support requests; to detect, prevent, and address technical issues, fraud, or abuse; and to comply with legal obligations.

No selling, no advertising

We do not sell personal information, and we do not use your store’s data for advertising or for any purpose unrelated to operating the App.

Sub-processors

We rely on the following service providers to run the App:

• Shopify Inc. — the platform the App runs on and the source of store data.
• Railway Corp. — cloud hosting for the App’s server and database.

Data retention

We retain your data only while the App is installed. When you uninstall the App, we delete your stored rules, guarded-variant records, settings, and session token. If Shopify sends a shop-data-erasure request (typically about 48 hours after uninstall), any remaining store data is deleted. Because the App stores no customer personal information, customer data-request and customer-redaction requests have no customer data to return or erase.

Security

All data exchanged between your browser, Shopify, and the App is encrypted in transit using TLS (HTTPS). We use access controls and reputable cloud infrastructure to protect stored data.

Your rights

Depending on your location, you may have the right to access, correct, delete, or port your data. Because the merchant is the data controller, you can exercise these rights directly in Shopify or by contacting us at branch.build.to@gmail.com. The App honors Shopify’s mandatory data-protection (GDPR) webhooks for data requests, customer redaction, and shop redaction.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above.

Contact: Branch Build — branch.build.to@gmail.com