Small Order Fee Privacy Policy

Last updated: May 17, 2026

Small Order Fee ("the App") helps Shopify merchants charge a small order fee when a cart is below a minimum order value ("the Service"). The App adds the fee on your storefront and in checkout, and provides admin tools to configure fees, display a cart widget, and review orders where the fee was applied. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

The App accesses certain protected customer data as defined by Shopify. We collect and process only the minimum amount of data required to provide the Service, as described in the section below.

Protected Customer Data

Shopify classifies some merchant and buyer-related information as protected customer data (see Shopify's protected customer data documentation). The App has requested and uses Level 1 protected customer data access only. We do not request or use Level 2 protected customer fields (customer name, email, phone number, or billing or shipping address).

Data minimization. We process only the protected customer data that is strictly necessary to operate the features you enable. We do not use protected customer data for advertising, profiling, or purposes unrelated to the Service. We retain it only for as long as needed to provide the Service and as described under Data Retention below.

The following table summarizes what protected customer data the App may access, what we do with it, and why it is needed:

• Customer tag names (scope: read_customers; Admin API) — We read the list of tag names defined on your store (for example, "VIP" or "Wholesale") so you can optionally configure cart rules in the admin (for example, apply or skip a fee for buyers with certain tags). Tag names are loaded when you use the cart rules builder. We do not store individual customer records, customer IDs, or which tags belong to which person in our database.
• Order and line-item data (scopes: read_orders, write_orders; webhooks: orders/create, orders/paid) — When an order is created or paid, Shopify may send the App a webhook payload. We use only the fields needed to (1) detect whether the order includes a small order fee line item, (2) add an order tag in Shopify (small_order_fee_applied) so you can identify those orders in your admin, and (3) record aggregated fee statistics in the App. Fields we rely on include: order identifier, order name (for example, #1001), order date, currency, order total, and line-item product or variant identifiers, prices, and quantities for fee lines. We do not store buyer name, email, phone, or shipping or billing address from order payloads in our database.
• Fee order event records (our database) — When a paid order includes a small order fee, we may store non-identifying order metadata (Shopify order ID, order name, date, currency, order total, and fee amount) for in-app analytics and support. These records are tied to your shop, not to an exported buyer profile.
• Storefront customer tags (your theme, buyer's browser) — If you enable customer-tag cart rules, your storefront may pass the logged-in buyer's tags from the theme session to our theme extension so rules can be evaluated on the device. That data is not sent to our servers as a customer list or profile.

What we do not use protected customer data for: marketing or retargeting; selling or renting data to third parties; building buyer profiles unrelated to fee rules or order reporting; or accessing customer contact details we do not need for the Service.

Compliance webhooks. Shopify may send mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact). Because we do not store buyer names, emails, or customer profiles, we typically have no additional buyer personal data to return on a customer data request beyond what Shopify already holds. We delete your shop's data when we receive shop/redact, as described under Data Retention.

Personal Information the App Collects

When you install the App, we are automatically able to access certain types of information from your Shopify account, as authorized by you during installation. We request the following API scopes and use each only as described:

• Shop information (OAuth session): your store domain (e.g. your-store.myshopify.com), access tokens, and basic shop metadata needed to connect the App to your store. Session records may also include limited information about the staff member who installed or uses the App (for example, name or email supplied by Shopify during authentication).
• read_themes: read-only access to your themes so we can detect whether the theme app embed is enabled and help you complete setup.
• read_products: read-only access to products and variants so you can configure cart rules (for example, rules based on products or product tags) and so the App can manage the dedicated fee product used in the cart.
• read_customers: protected customer data — customer tag names only, as described under Protected Customer Data.
• read_orders and write_orders: protected customer data — order and line-item fields and order tagging only, as described under Protected Customer Data.
• write_products: we create or update a fee product and variant in your catalog when required by the Service, and we write shop metafields in the namespace webpanda_small_order_fee (keys config and fees) to sync your fee and display settings to the storefront.
• write_publications: we publish the fee product to your Online Store publication so it can be added to the cart on your storefront.
• write_cart_transforms: we register and manage a cart transform function so percentage-based fees can be calculated and displayed correctly in the cart.
• read_locales, read_translations, and write_translations: we read and update translatable content for the cart widget and related storefront copy when you configure multiple languages.
• unauthenticated_read_product_listings: used by our theme app extension on the storefront so listing-related data can be read where needed without a logged-in admin session.

In addition, once you have installed the App, we store the following in our own database to provide the Service:

• Shop account information: shop domain, subscription and billing status (for example, plan type, trial start date, charge identifier), and technical session data to keep the App connected to your store.
• Small order fee configuration: fee name, fixed or percentage price type, fee amount, minimum order threshold, optional cart rules (for example, cart subtotal, quantity, weight, customer tags, product tags), location targeting (countries and states), widget text and styling, and identifiers for the fee product and variant in Shopify.
• App configuration: cart integration settings (for example, CSS selectors and delays), custom CSS, storefront access token (if created for the extension), and related preferences you set in the admin.
• Custom images: URLs of images you upload for use in the cart widget (for example, custom icons).
• Fee order events: protected customer data — non-identifying order metadata derived from order webhooks, as described under Protected Customer Data.

Storefront and Buyer Data

On your storefront, the theme app extension reads the current cart (for example, line items, subtotal, and product metadata) to decide whether to show the small order fee widget and whether to add or remove the fee line in the cart. Cart data is processed in the buyer's browser to apply your rules; it is not used to build customer profiles on our servers. For customer-tag rules, see Protected Customer Data above.

We do not sell your store visitors' or customers' personal information. We do not use buyer or protected customer data for advertising or profiling unrelated to operating the Service for your store.

We may collect technical information automatically when you or your staff use the App (for example, IP address, browser type, time zone, cookies, and basic application logs such as which admin pages were accessed and when). This helps us operate, secure, and improve the App.

How We Use Your Personal Information

We use the information we collect to provide and operate the Service. This includes:

• Applying a small order fee when cart merchandise is below your configured minimum, including fixed or percentage fees and optional cart or location rules you define.
• Displaying and styling the cart widget on your storefront according to your settings.
• Syncing fee and configuration data to your Shopify store via metafields so the storefront extension and cart transform function can run on your theme.
• Creating, updating, and publishing the fee product and variant, and registering the cart transform, when required by the Service.
• Tagging orders that contain a small order fee line and recording fee order events for reporting in the admin.
• Managing app subscription and billing through Shopify's billing APIs where applicable.
• Communicating with you about the App (for example, support or service updates).
• Maintaining and improving the App's performance, reliability, and security, and debugging issues.
• Complying with legal obligations and Shopify's mandatory compliance webhooks (including customer data request, customer redact, and shop redact).

Sharing Your Personal Information

We share your information with third parties only as needed to help us provide the Service, as described above. For example:

• Shopify: we use Shopify's APIs and webhooks to store fee configuration in metafields, manage the fee product, register cart transforms, process orders for tagging and reporting, handle billing, and run the embedded admin experience.
• Hosting and infrastructure providers: the App is hosted on third-party infrastructure (for example, cloud hosting and managed databases). These providers process stored configuration data, order event records, application logs, and technical data needed to operate the App.

We may also share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant, or other lawful request for information, or to otherwise protect our rights.

We do not sell or rent your personal information to third parties.

Your Rights

If you are a European resident or otherwise benefit from data protection rights under applicable law, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us using the information in the Contact Us section below.

For privacy requests relating to your store's buyers, see Compliance webhooks under Protected Customer Data. Shop redact requests result in deletion of your shop's data from our database as described under Data Retention.

In many cases we act as a processor on behalf of Shopify merchants for buyer-related data processed only on the storefront or in Shopify. We may need to retain certain merchant or technical information where we have a legal obligation or a legitimate business reason (for example, records required for security, billing, or accounting).

Your information may be transferred outside of your country of residence, including to Canada and the United States (for example, when we use hosting providers or when data is stored in Shopify's infrastructure).

Data Retention

We retain shop and configuration data for as long as your store has the App installed, and for a reasonable period afterward where needed for reinstall, audit, security, or legal purposes.

We retain operational and technical data (for example, application logs) for as long as necessary to maintain the Service, debug issues, and comply with legal obligations.

When you uninstall the App, we delete your shop record, fee configuration, custom images, fee order events, and related data from our database when we receive Shopify's SHOP_REDACT compliance webhook (and through our uninstall handling). Data that remains in your Shopify store (for example, metafields in the webpanda_small_order_fee namespace, the fee product, its publication, cart transform registration, or order tags such as small_order_fee_applied) may remain until you remove them or until Shopify's own retention policies apply.

Changes

We may update this Privacy Policy from time to time to reflect changes to our practices, the Service, or legal, regulatory, or operational requirements. We will post the updated policy at this URL and update the "Last updated" date above.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, you can contact us:

• By email: support@webpanda-solutions.com