Depending on how you use the app and which permissions you grant, we may process:
We use this information to:
On eligible plans, you may create time-limited links that let someone else view read-only financial summaries in a browser, without logging into your Shopify admin. You choose when to create each link and what it may show (for example profit and loss, balance sheet, trial balance, and—if you allow it—posted journal entries). You must share the link yourself; we do not send it to third parties on your behalf.
Each link uses a random token. We store only a one-way hash (SHA-256) of that token—we never store the full token in our database. When you create a link, we show the full URL once; copy it then, because we cannot show it again. Links have an expiry date (for example 90 days by default, which you can adjust within limits when you create the link), and you can revoke a link anytime from Settings. The public page applies rate limiting on lookups (for example, a cap per hour per internet address) to reduce guessing. The read-only page is designed not to display your Shopify store domain or other unnecessary identifiers to the viewer.
If you turn this on (where your plan allows), we send at most one email per week. It summarizes your own books for the prior week—for example net profit, revenue, fees, refunds, how many payouts landed, and top products when that section is available. It is not a full dump of orders or customers.
Emails come from Netto <[email protected]>. We send only to the email address you provide for the digest (or the shop contact email on file if you did not set a separate one). You can turn the digest off in the app, and every email includes a one-click unsubscribe link that works without logging in.
With your authorization, we may read Shopify Payments balance transaction history using the access scope read_shopify_payments_balance_transactions. We use this data only to reconcile—for example, to help match bank-style transfer lines on the Shopify side to payouts you have already synced in Netto. It is read-only; we do not move money or change your Balance. We keep this information only as long as needed for reconciliation and to run the service, consistent with our general retention section below.
We retain information for as long as your account is active and as needed to provide the service, resolve disputes, enforce agreements, and meet legal, security, and operational requirements. Retention periods may vary by data type and jurisdiction. When retention is no longer required, we delete or anonymize information in line with our practices and applicable law.
When you uninstall the app, Shopify may send mandatory compliance webhooks (including customer and shop redaction requests). We process those requests as required by Shopify and applicable law.
To request deletion or export of personal data related to your use of Netto, email us at [email protected]. We will verify and respond within a reasonable time, subject to exceptions allowed by law (for example where we must retain certain records).
We use subprocessors (such as hosting and monitoring providers) to run the service under appropriate agreements. We do not sell personal information.
Privacy questions or data requests: [email protected].