Privacy Policy — Avonix Tariffs & Surcharges

Effective: 2026-05-16
Last updated: 2026-05-20

This Privacy Policy explains how Avonix Tariffs & Surcharges (the "App") collects, uses, and protects information when a merchant installs and uses the App on their Shopify store.

The App is operated by Avonix Studio ("Avonix", "we", "us"). Questions: hello@avonixstudio.com.

1. Information we collect

We collect only the minimum information needed for the App to work.

From the merchant (Shopify store owner)

• Shop identifier (e.g. your-store.myshopify.com) — used to scope all fee data to your store.
• OAuth access token — granted by Shopify when the App is installed. Used to call the Shopify Admin API on your behalf within the scopes you authorized (write_metaobjects, write_products, write_publications).
• Fee configuration you create — title, category, amount, conditions (countries, minimum/maximum subtotal), application type, status. Stored in our database and mirrored to a per-shop Shopify metaobject so the App's checkout extension can read it at checkout time.
• Shopify product IDs we create on your behalf — one unlisted product per fee, tagged avonix-managed. We track these IDs so we can update or delete the products when you edit/delete a fee.

From customers (your shoppers)

• None directly. The App does not request access to customer-data scopes (no read_customers, no read_orders, no protected customer data).
• At checkout, the App's checkout extension reads the buyer's market country (the country of the Shopify Market they are checking out in — a public field, not the buyer's shipping address) and the cart subtotal, only to decide which of your configured fees apply. These values are evaluated inside the buyer's checkout session and are not sent to or stored by us. The App does not request access to protected customer data.

2. How we use the information

• Run the App's core feature: synchronize your fee rules to Shopify, manage the unlisted fee products, and let the App's checkout extension apply fees at checkout.
• Support and troubleshooting: if you contact hello@avonixstudio.com, we may use your shop identifier to look up your configuration and help debug an issue.

We do not sell, share, or use your data for advertising. We do not run analytics on customer behavior.

3. How we store and protect information

• Data is stored in our managed database hosted at a major cloud provider (currently Fly.io).
• Access is restricted to the Avonix team for support purposes only.
• We use TLS/HTTPS for all data in transit.

4. Data retention and deletion

• On app uninstall, Shopify fires the app/uninstalled webhook, after which the merchant's session token is revoked.
• After 48 hours (per Shopify's GDPR timing), Shopify fires the shop/redact compliance webhook, at which point we delete all fee records, sessions, and database rows associated with the shop.
• The customers/data_request and customers/redact webhooks are also wired. Because the App does not store any customer-identifiable data, these requests are acknowledged (HTTP 200) but we have no customer records to return or delete.

You may request deletion at any time before uninstall by emailing hello@avonixstudio.com with your shop domain.

5. Third parties

• Shopify — host of the platform and origin of all merchant/customer data. Subject to Shopify's privacy policy.
• Fly.io — current hosting provider for the App's admin backend. Subject to Fly.io's privacy policy.

No other third parties receive any data from the App.

6. Children's privacy

The App is a B2B tool for Shopify merchants. It is not directed to children. We do not knowingly collect data from anyone under 13.

7. International transfers

Data may be processed in regions where Shopify or Fly.io operate. By installing the App, the merchant agrees to this processing.

8. Changes

We may update this policy. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the support email registered with the App.

9. Contact

Email: hello@avonixstudio.com