Privacy and data
What Nearby reads from Shopify, what it stores, the sub-processors it uses, and how shopper data is handled.
This is the plain-English version. The full legal text is in the Nearby privacy policy.
What Nearby reads from Shopify
Nearby requests read-only scopes and never writes to your store:
read_products— product and variant details, to match the widget to the right itemread_inventory— stock levels per location, so the widget is accurateread_locations— your locations and their addresses, for the mapread_orders— used only for verified in-store ROI analytics (Growth)
What Nearby stores
- Your shop's
myshopify.comdomain and an encrypted Shopify access token - A synced copy of your products, locations, and inventory levels, so the widget is fast and accurate
- Your settings: widget and map style, appearance, opening hours, pickup details, thresholds
- If you add one, your Google Maps API key — encrypted at rest
- Aggregate analytics events (widget views/clicks, and order-derived ROI on Growth)
Shopper data
The storefront widget works from a shopper's approximate location or a place they search for, to sort locations by distance. Requests run through Shopify's App Proxy (same-origin, signed, and rate-limited). Nearby does not build shopper profiles and does not sell data.
Sub-processors
Nearby runs on these services, each of which processes some of the data above on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Shopify | App platform, OAuth, billing | Global |
| Railway | App hosting + Postgres database | US |
| MapTiler | Map tiles and styles | EU/CDN |
| OpenRouteService | Drive-time routes (Growth) | EU |
| Geocoding, and Google Maps when you enable it (Growth) | Global |
The exact sub-processor list, hosting regions, and retention periods are confirmed in the privacy policy. If you're reviewing this for compliance, treat that page as the source of truth.
Retention and deletion
- Synced store data and settings are kept while the app is installed.
- When you uninstall, Nearby receives Shopify's
app/uninstalledwebhook and deletes your shop's data. See Uninstall. - Nearby implements Shopify's mandatory data-protection webhooks (
customers/data_request,customers/redact,shop/redact).
Your rights
If you're in the UK or EU, you can request access, correction, or erasure of personal data we hold. Email nearby@harbourlabs.app and we'll respond within 30 days. Full detail in the privacy policy.