Privacy Policy

Ship2FFL

Last Updated: January 14, 2026

This Privacy Policy describes how Ship2FFL ("we", "us", or "our") collects, uses, and shares information when you use our Shopify application.

Information We Collect

Store Information

When you install our app, we collect:

  • Shopify store domain
  • Store owner name and email address
  • OAuth access tokens required to integrate with your store

Customer Information

When customers use the FFL selector during checkout, we may process:

  • ZIP code or geographic coordinates (latitude/longitude) to find nearby FFL dealers
  • Selected FFL dealer information for the order

We do not store customer personal information. Location data is used only to query our dealer database and is not retained after the request is completed.

FFL Dealer Data

Our database contains publicly available FFL dealer information sourced from the ATF, including:

  • Business name and address
  • License number and type
  • Phone number
  • Geographic coordinates

How We Use Information

We use the information we collect to:

  • Provide the FFL dealer locator functionality during checkout
  • Authenticate and authorize your Shopify store
  • Maintain and improve our services
  • Respond to support requests

Data Storage and Security

  • Store data (OAuth sessions) is stored in Supabase with encryption at rest
  • FFL dealer data is cached and served via Netlify's CDN
  • All data transmission uses HTTPS encryption
  • We implement industry-standard security measures to protect your data

Third-Party Services

Our app uses the following third-party services:

  • Shopify: For app integration and checkout functionality
  • Supabase: For database storage
  • Netlify: For hosting and CDN services

Each service has its own privacy policy governing their data practices.

Data Retention

  • Session data: Retained while your app installation is active
  • Location queries: Not retained; processed in real-time only
  • FFL dealer data: Updated monthly from public ATF records

Your Rights

You have the right to:

  • Access: Request information about data we hold related to your store
  • Deletion: Request deletion of your store data by uninstalling the app
  • Portability: Request a copy of your store's configuration data

Data Deletion

When you uninstall the app:

  • Your Shopify OAuth session data is automatically deleted
  • No customer data is retained as we do not store it

Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

contact@snap.dev

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising privacy rights

GDPR Compliance

For users in the European Economic Area:

  • Legal basis: We process data based on legitimate business interests and contractual necessity
  • Data transfers: Data may be transferred to servers in the United States
  • DPO: Contact us for data protection inquiries
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority