Privacy Policy

Version 2026-04-29 · Last updated: April 29, 2026

This Privacy Policy describes how BOSS 32 Inc. ("BOSS Logics", "we", "us", or "our") collects, uses, and shares information through the BOSS Live Shopify application ("the App").

1. Information We Collect

When you install and use the App, we access the following data from your Shopify store:

• Product data: Product titles, descriptions, variants, SKUs, prices, inventory levels, and images
• Store information: Shop domain, store name, and API credentials (OAuth tokens)
• Order data: Order details for fulfillment and inventory tracking (when enabled)

We do not collect or store:

• Customer personal information (names, emails, addresses) beyond order fulfillment references
• Payment or financial information
• Customer browsing or behavioral data

2. How We Use Your Information

We use the collected data solely to:

• Synchronize product catalog data between BOSS Live and your Shopify store
• Manage inventory levels across platforms
• Process and fulfill orders
• Provide integration diagnostics and sync logs

3. Data Sharing

We do not sell, rent, or share your store data with third parties. Your data is only accessible to authorized users within your BOSS Live account. We may share data with:

• Service providers who assist in operating our platform (hosting, databases), under strict confidentiality
• Law enforcement when required by law

4. Data Storage and Security

Your data is stored on secure servers hosted on Google Cloud Platform in the United States. We implement industry-standard security measures including:

• Encrypted data transmission (TLS/SSL)
• Encrypted storage of API credentials
• Role-based access controls
• Regular security audits

5. Data Retention

We retain your data for as long as your BOSS Live account is active and the App is installed. When you uninstall the App, we deactivate the integration and revoke API access. You may request complete deletion of your data at any time by contacting us.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about your store
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for data processing
• Export your data in a portable format

We comply with applicable data protection laws including GDPR and CCPA.

7. GDPR Compliance

We process data under the legal basis of contractual necessity (providing the integration service you requested). We respond to all mandatory Shopify GDPR webhooks including customer data requests, customer data deletion, and shop data erasure.

7a. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the rights to know, delete, correct, and limit how your personal information is used. To exercise any of these rights, contact our Data Protection Officer at dpo@bosslogics.com. We respond to verifiable requests within 45 days.

Categories of personal information collected. In the past 12 months we have collected the following CCPA-defined categories: identifiers (name, email, phone, account ID), commercial information (orders, proposals, transactions), internet or other electronic network activity (server logs, integration usage), and professional or employment-related information (role, organization).

Sources. Directly from you, from your authorized integrations (Shopify, etc.), and from automated server-side telemetry.

Business or commercial purposes. To provide the service you requested, to maintain account security, to fulfill orders and inventory sync, and to comply with our legal obligations.

Sale or sharing of personal information. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. The only third parties that receive your personal information are our service providers (hosting, billing, communications, error monitoring, analytics) operating under written data-processing agreements that prohibit them from using your data for their own purposes.

Global Privacy Control. If your browser sends the Sec-GPC: 1 signal (the Global Privacy Control header), we treat it as a verified opt-out request and record the preference against your profile (when authenticated) or session.

Retention. We retain personal information for as long as your account is active, plus the period required by tax, audit, or other legal obligations. Specific retention schedules are documented internally and applied via automated purge jobs.

Sensitive personal information. The platform does not collect sensitive personal information as defined by CPRA §1798.140(ae) (government IDs, financial-account credentials, precise geolocation, racial/ethnic origin, religion, biometrics, health data, sex-life data) unless explicitly entered by an authorized user for a specific business purpose.

Submitting a request. Email dpo@bosslogics.com with "Privacy Request — California" in the subject. We will verify your identity using information already on file (email + account ownership confirmation) before fulfilling the request. Authorized agents acting on a consumer's behalf must provide written authorization.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date above.

9. Data Protection Officer

For privacy questions, data subject requests (access, deletion, portability, correction), or to report a concern about how your data is handled, contact our Data Protection Officer:

10. Contact Us