ShipStar

Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how ShipStar (“the App”, “we”, “us”), operated by WanBuffer Services, collects, uses, and protects information when a merchant installs and uses the App on their Shopify store.

1. Information we collect

When you install and use the App, we store:

  • Store information: your .myshopify.com domain and the access token Shopify issues so the App can operate on your store.
  • Account information: the name, email address, and locale of the staff account that installs or signs in to the App, provided by Shopify during authentication. This is used only to authenticate your session.
  • App configuration: the shipping rules you create (their conditions and actions), the delivery customization records the App manages on your store, and logs of when your rules were synced.

2. Information we do not collect

The App does not collect or store your customers’ personal information, payment details, or order contents. At checkout, the App’s logic runs inside Shopify’s own infrastructure to decide which delivery options to show, hide, rename, or reorder. Cart data used for that decision is processed by Shopify and is not transmitted to or stored by us.

3. How we use information

  • To authenticate your store and staff sessions.
  • To read product vendors, types, and collections so you can build shipping rules, and to apply those rules at checkout.
  • To provide support and troubleshoot issues you report.

4. Data sharing and subprocessors

We do not sell your data. We share data only with service providers necessary to run the App:

  • Shopify — the platform the App is built on and the source of the data above.
  • Our hosting provider — located in the Asia region, where the App and its database run.

5. Data retention

We retain your store and configuration data for as long as the App is installed. When you uninstall the App, or when Shopify sends a data redaction request on your or a customer’s behalf, the associated data is deleted within 30 days.

6. Your rights

Depending on your location, you may have the right to access, correct, export, or delete the data we hold about your store. To make a request, contact us at [email protected].

7. Security

Data is transmitted over encrypted connections (HTTPS) and access tokens are stored in our database with restricted access. No method of transmission or storage is completely secure, but we take reasonable measures to protect your information.

8. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by the “Last updated” date above.

9. Contact

Questions about this policy? Email [email protected].