Install

Privacy Policy

Last updated April 19, 2026

BulkSheet ("we", "our", "us") builds tools for Shopify merchants. This policy explains what data we access, how we use it, and the choices merchants have. We follow Shopify's Partner Program requirements and the principle of least privilege.

1. Data we access

With the merchant's consent during install, BulkSheet requests these Shopify Admin API scopes:

  • read_productsRead product fields, tags, and related media so we can display them in the bulk editor.
  • write_productsApply bulk updates the merchant explicitly initiates to products and tags.
  • read_inventoryRead variant inventory levels at each location for display in the grid.
  • write_inventoryApply inventory adjustments the merchant initiates via bulk edit.
  • read_locationsResolve Shopify locations when editing inventory by location.

We do not request or access customer data, orders, or financial records.

2. How we use the data

  • To render the bulk editor and display product and tag data in the embedded app.
  • To apply bulk updates the merchant explicitly initiates, via Shopify's Admin GraphQL API and bulk operation APIs.
  • To store limited draft undo history in the bulk editor (cross-session on paid plans: 30 days on Growth, 60 days on Pro, up to 50 steps) and, when enabled, a per-field log of changes saved to Shopify for view and Pro revert. Free plan: in-session undo only; no saved change log.

3. Data we do not collect

  • Customer personal data
  • Order history or financial data
  • Payment information

4. Storage and security

Session credentials and edit-history records are stored in an encrypted database on infrastructure we control. We encrypt data in transit over TLS and at rest. Access to production data is limited to the smallest number of personnel necessary.

Per-field audit logs (shop, product ID, field name, prior and new values, timestamp) may be stored when bulk edits are successfully saved to Shopify. They are not used for marketing and do not include customer personal data. When stored, retention follows your plan window (30 days on Growth, 60 days on Pro) and rows are deleted on uninstall or Shopify shop/redact (within 48 hours). Draft cross-session undo uses a separate store with the same plan windows; see section 2.

5. Subprocessors

We rely on a short list of vetted subprocessors (hosting provider, database hosting, error monitoring). A current list is available on request to [email protected].

6. GDPR webhooks

BulkSheet processes Shopify's mandatory compliance webhooks: customers/data_request, customers/redact, and shop/redact. Because we do not store customer data, customers/data_request and customers/redact are acknowledged with no records to return or redact. On shop/redact (48 hours after uninstall), we delete all data associated with that shop.

7. Uninstall and data deletion

On app uninstall, we delete session tokens immediately and all remaining shop data within 48 hours. You may request earlier deletion at any time by emailing [email protected].

8. Contact

Questions about this policy or your data: [email protected].