Sleepmaxing Privacy Policy

Last updated: April 26, 2026

This Privacy Policy applies solely to the Sleepmaxing Shopify app, published by Extensions Market. It fully discloses what data Sleepmaxing collects from merchants and their stores, how that data is used, with whom it is shared, and how it is stored and retained. By installing or using Sleepmaxing, you (the merchant) agree to this policy.

1. What data Sleepmaxing collects

Merchant data (collected on install)

• Shop domain — the myshopify.com domain of the store that installs Sleepmaxing (e.g., yourstore.myshopify.com). Used to identify the merchant account and make authenticated API calls to the Shopify Admin API on the merchant's behalf.
• OAuth access token — a Shopify-issued access token provided during the OAuth installation flow. Used to authenticate all Shopify Admin API requests made by Sleepmaxing. Stored securely in our database.

Merchant settings (stored per shop)

• Discount percentage — the bundle discount percentage configured by the merchant in the Sleepmaxing dashboard.
• Minimum qualifying products — the minimum number of products required to trigger the bundle discount.
• Discount activation status — whether the discount is currently enabled or disabled for the store.
• Product tags — sleep product tags configured via the auto-tagger tool for recommendation targeting.

Data we do NOT collect from shoppers

Sleepmaxing does not collect any personal data from end customers (shoppers) visiting the merchant's store. The sleep quiz runs entirely on the merchant's storefront via a Shopify theme app extension and does not transmit customer answers, personal information, or browsing behavior to our servers.

2. How merchant data is used

• To authenticate Shopify Admin API requests for creating and managing Shopify Functions (discount logic)
• To apply the merchant's configured discount rules at checkout via Shopify Functions
• To display and update merchant settings in the Sleepmaxing dashboard
• To manage product tagging for sleep product recommendations

Merchant data is never used for advertising, resold, or shared with any third party beyond what is required to operate the app.

3. Third parties your data is shared with

Third Party	Data Shared	Purpose	Their Privacy Policy
Shopify	Shop domain, OAuth access token	Sleepmaxing is built on the Shopify platform. All app installation, OAuth, and Admin API interactions are handled through Shopify's infrastructure. Shopify processes data in accordance with their privacy policy.	shopify.com/legal/privacy
Railway	Shop domain, OAuth access token, merchant settings	Cloud infrastructure hosting our application server and PostgreSQL database where merchant data is stored.	railway.app/legal/privacy

4. Data storage and retention

• Shop domain, OAuth access token, merchant settings — stored in a private PostgreSQL database hosted on Railway for as long as the app is installed on the merchant's store.
• On uninstallation — when a merchant uninstalls Sleepmaxing, Shopify sends an app/uninstalled webhook to our server. All merchant data (shop domain, OAuth access token, settings) is permanently deleted from our database within 48 hours of receiving this webhook.
• Shopper data — not collected or stored. No customer personal data ever reaches our servers.

5. Shopify API access and permissions

Sleepmaxing requests the following Shopify API access scopes during installation:

• write_discounts / read_discounts — to create and manage Shopify Functions that apply automatic bundle discounts at checkout.
• read_products / write_products — to read and apply product tags for sleep product recommendations.

Sleepmaxing does not request access to customer personal data, order history, payment information, or any other merchant data beyond what is listed above.

6. Data security

All communication between Sleepmaxing and Shopify's API uses HTTPS/TLS encryption. OAuth access tokens are stored securely in our Railway-hosted PostgreSQL database with access restricted to our application server. We do not log OAuth tokens in application logs.

7. Merchant rights

• Access — request a copy of the data we hold about your store.
• Correction — ask us to correct inaccurate settings data.
• Deletion — uninstalling the app triggers automatic deletion within 48 hours. You may also request immediate deletion by contacting us.

To exercise any of these rights: [email protected]

8. Changes to this policy

We may update this policy as Sleepmaxing evolves. The "Last updated" date at the top reflects the most recent revision. Continued use of Sleepmaxing after changes constitutes acceptance of the updated policy.

9. Contact

[email protected]