Privacy Policy
Last Updated: February 1, 2026
Introduction
Lasso ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify app and services.
Information We Collect
Information You Provide
- Shop Information: Store name, domain, and Shopify account details
- Customer Data: Phone numbers, names, and conversation history from iMessage interactions
- Product Data: Information about products in your Shopify store
- Order Data: Order information and transaction details
Information Automatically Collected
- Usage Data: How you interact with the app, features used, and performance metrics
- Technical Data: IP addresses, device information, browser type, and access times
- Conversation Data: Messages sent and received through iMessage integration, including:
- Customer messages sent via iMessage
- Customer preferences expressed in conversations
- Any data customers provide directly in iMessage conversations
Information from Third Parties
Protected Customer Data
Lasso accesses protected customer data through Shopify's Admin API to provide our services:
- Customer Names: Used for personalization ("Hey Sarah!") and customer identification
- Email Addresses: Used as secondary identifier and for order confirmations
- Phone Numbers: CRITICAL - Used to match iMessage conversations with Shopify customer records
- Addresses: Used for order tracking, shipping inquiries, and returns processing
- Order History: Used for personalization ("You bought X 6 months ago") and customer support
This data is accessed only when processing iMessage conversations or providing app functionality. We do not use this data for purposes unrelated to the app's services.
How We Use Your Information
We use the information we collect to:
- Provide Services: Enable iMessage conversations, product recommendations, and customer support
- Process Orders: Handle checkout links, discount codes, and order tracking
- Improve Services: Analyze usage patterns to enhance app functionality
- Communicate: Send you updates, support responses, and important notices
- Comply with Legal Obligations: Meet GDPR, Shopify, and other regulatory requirements
Data Use Limitations
We only use customer data to provide the app's core services:
- iMessage conversations and customer support
- Product recommendations and personalization
- Order management and tracking
- Subscription management
- Review collection
We do NOT use customer data for:
- Marketing or advertising purposes unrelated to the app
- Selling customer data to third parties
- Analytics unrelated to app functionality
- Any purpose beyond providing the app's services
Data Storage and Security
- Storage: Data is stored securely using Cloudflare KV and Supabase (POstgres) databases
- Encryption: All data in transit is encrypted using HTTPS/TLS
- Access Controls: Limited access to authorized personnel only
- Retention: We retain data as required by law and business needs (see Data Retention section)
Data Processing Locations
Lasso is operated from the United States.
Customer data is processed and stored in the following locations:
- Cloudflare KV: Global edge network (data may be stored in US, EU, or Asia regions)
- Supabase Database: US East region (primary), with backups in multiple regions
- LinqApp: United States (iMessage messaging services)
Data transfers comply with GDPR requirements and appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.
Data Sharing
We do not sell your personal information. We may share data with:
- Shopify: To provide app functionality and comply with Shopify's requirements
- LinqApp: To enable iMessage messaging services
- Service Providers: Cloudflare, Supabase, and other infrastructure providers
- Legal Requirements: When required by law or to protect rights
Your Rights (GDPR Compliance)
If you are located in the European Economic Area (EEA), you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data (subject to legal retention requirements)
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing of your data
- Restrict Processing: Request limitation of how we process your data
To exercise these rights, contact us at help@ridewithlasso.com.
Shopify GDPR Webhooks
We comply with Shopify's GDPR requirements through webhook handlers:
customers/data_request: We respond within 30 days with customer data exportscustomers/redact: We anonymize customer PII while retaining financial records for tax complianceshop/redact: We anonymize shop data 48 hours after app uninstall, retaining financial records for 7 years
Data Retention
- Active Accounts: Data is retained while your account is active
- Financial Records: Retained for 7 years for tax compliance (as required by law)
- After Uninstall: Shop data is anonymized after 48 hours; financial records retained per legal requirements
- Conversation Data: Retained in Cloudflare KV for active conversations; deleted after account closure
Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification (for material changes)
Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
Email: help@ridewithlasso.com
Compliance
This Privacy Policy complies with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Shopify App Store requirements
- Industry best practices