Privacy Policy

Last updated: 2026-03-26

This Privacy Policy describes how Next Boring Company ("we", "us", or "our") collects, uses, and shares information when you install or use the BPC app in your Shopify store.

Information We Collect

When you install and use BPC, we access and process certain information from your Shopify store via Shopify APIs, including merchant account information (such as store domain, store name, contact email), configuration and settings you make within the app, and product and catalog data needed to provide the app's features. Depending on your usage, we may also process limited order and customer data to enable app functionality within your storefront.

If you enable B2B wholesale features, we collect and store customer email addresses submitted through the wholesale application form, along with company name, contact details, and other information provided during registration. These are used solely to identify approved wholesale customers, assign them to pricing tiers, and write a B2B configuration metafield to their Shopify customer record so that tier-based discounts can be applied at checkout. We do not use customer email addresses for marketing or any purpose unrelated to B2B wholesale functionality.

If you use the B2B quote system, we store quote details including product selections, quantities, pricing, and optional notes provided by the customer. Approved wholesale customers may also exchange messages with the merchant through our in-app messaging feature. These messages are encrypted at rest using AES-256-GCM encryption and are only accessible to the merchant and the customer who submitted the quote. We also store quote amendment requests (proposed changes to quote items) and fulfillment records (which items were shipped and when) to provide a complete order history. All quote-related data is associated with the customer's email address and, where applicable, their Shopify customer ID.

How We Use Information

We use the information we collect to operate, maintain, and improve BPC; provide customer support; secure and monitor the app; comply with legal obligations; and communicate with you about the app.

Sharing and Disclosure

We do not sell personal information. We may share information with service providers who perform services on our behalf (such as hosting and infrastructure), strictly for the purposes described in this policy and subject to appropriate confidentiality and data protection obligations. We may also disclose information if required by law, regulation, or legal process, or to protect the rights, property, or safety of Next Boring Company, our users, or others.

Data Retention

We retain information for as long as necessary to provide the app and fulfill the purposes outlined in this policy. In general, configuration and operational records are retained for approximately 365 days unless a longer retention period is required or permitted by law. B2B quote data, including messages, amendment history, and fulfillment records, is retained for the same period to support order tracking and dispute resolution. Upon uninstallation of the app, we stop accessing your store and begin deletion of app-related data retained on our systems within a reasonable time.

Your Rights

Depending on your location, you may have rights regarding your personal information, including the right to access, correct, or delete your data. Merchants can request deletion of app-related data by contacting us at [email protected]. For customer data controlled by merchants, we process such requests as directed by the merchant consistent with Shopify's data protection requirements.

Security

We employ administrative, technical, and organizational measures designed to protect information. Sensitive data such as quote messages is encrypted at rest using industry-standard AES-256-GCM encryption. We also implement automatic redaction of sensitive fields in our logging systems to prevent accidental exposure. However, no method of transmission over the Internet or method of electronic storage is completely secure.

International Transfers

We may process information in countries outside of your own, which may have different data protection laws. Where required, we implement appropriate safeguards for such transfers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date above. Your continued use of the app after any modifications constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at [email protected].