Breakwise — Privacy Policy

Last updated: 13 June 2026

Breakwise ("the app") is a Shopify app that manages B2B volume pricing and reports its revenue impact. This policy explains what data the app accesses and stores, and how it is protected.

What we access

With your authorization, the app accesses your store's products, price lists, catalogs, B2B companies, and orders through the Shopify Admin API, solely to publish volume price breaks and attribute order revenue to them. We request no customer-data scopes (read_customers is never requested).

What we store

We store your store domain and Shopify access tokens (encrypted), your subscription/plan state, your volume-break rules, and aggregate analytics derived from orders (SKU, quantity, price, and revenue only).

We do not store the personal data of your customers — no names, emails, or addresses.

Incoming order notifications are processed only to compute these aggregates and are deleted from our processing queue within 7 days. If you use ERP / company sync, we cache your B2B companies' business contact details (company name, location address, phone) to target catalogs; this is erased when you uninstall.

Why we store it

To provide the service: publishing pricing, keeping your breaks current when retail prices change, and showing you the ROI of your volume breaks.

Sharing

We do not sell or share your data. We use Railway (application hosting and managed database) and Shopify (platform) as sub-processors. There are no advertising or analytics third parties.

Retention & deletion

Data is retained while the app is installed. On uninstall, or on a Shopify shop/redact request, all data for your store is permanently deleted (cascade). You can request deletion at any time by emailing us.

GDPR / CCPA

We honor Shopify's mandatory customers/data_request, customers/redact, and shop/redact webhooks. Because we store no customer personal data, customer-level requests have nothing to disclose or erase; shop-level erasure removes all of your data.

Security

TLS in transit, encryption at rest for credentials, per-request authentication, HMAC-verified webhooks, and strict per-store data isolation.

Contact

Email: john.kerkinos@gmail.com
Data controller: Breakwise (operated by Ioannis Kerkinos)
Hosting data region: United States (Railway, US-West)