Privacy Policy
Last updated: 18 June 2026
1. Who we are
This Privacy Policy explains how Luis Benz (“we”, “us”, “the developer”), the provider of the Shopify app Payment Rules (“the App”), collects and processes personal data.
The App lets Shopify merchants hide, rename and reorder payment methods at checkout using rule-based conditions. It runs as an embedded Shopify admin app and a Shopify Payment Customization Function.
2. Scope
This policy applies to merchants who install the App and to the processing of end-customer data that occurs when the App’s checkout function runs. For end-customer (shopper) data, the merchant is the data controller and we act as a data processor on the merchant’s behalf. For merchant account data, we act as the controller.
3. What data we process
a) Merchant / store data (stored by us)
- Store domain (myshopify.com URL) and Shopify shop identifier
- Authentication/session tokens issued by Shopify (to make authorized API calls)
- Your rule configuration (rule names, actions, targeted payment method names, conditions such as cart total, country, currency, products, weight, schedule)
- App settings and the payment customization function ID
- Your subscription tier (Free / Basic / Pro)
b) End-customer (shopper) data (processed at checkout, NOT stored by us)
To apply your rules, the Shopify Payment Customization Function evaluates checkout context in real time. Depending on the conditions you configure, this may include the cart total, destination country, currency, cart contents, and — only if you use the corresponding condition — the customer’s email address, B2B company status, or a customer metafield. This evaluation happens inside Shopify’s checkout environment. We do not receive, store, log, sell or share this end-customer data.
We do not request access to customer names, phone numbers or addresses.
4. Purposes and legal bases (GDPR Art. 6)
- To provide and operate the App for the merchant — performance of a contract (Art. 6(1)(b)) and our legitimate interest in delivering the service (Art. 6(1)(f)).
- To authenticate and secure API requests — legitimate interest (Art. 6(1)(f)).
- To process end-customer data at checkout — carried out on behalf of and under the instructions of the merchant (the controller), who relies on its own legal basis toward its customers.
5. Data sharing and sub-processors
We do not sell your data or share it for advertising. We use the following sub-processors to run the service:
- Shopify Inc. — the platform the App runs on (APIs, checkout, billing).
- Fly.io — application hosting and database, located in the EU (Frankfurt, Germany) region.
6. International data transfers
Merchant data handled by the App is stored on servers in the EU (Frankfurt). Shopify, as the underlying platform, may process data in accordance with its own privacy policy and data processing terms.
7. Data retention and deletion
- We keep merchant data only for as long as the App is installed.
- When the App is uninstalled, your rules, events and settings are deleted and stored sessions are removed.
- We implement Shopify’s mandatory privacy webhooks:
- customers/data_request — we store no end-customer personal data, so there is nothing to provide.
- customers/redact — we store no end-customer personal data, so there is nothing to delete.
- shop/redact — all data we hold for that store is permanently deleted.
- End-customer data evaluated at checkout is processed transiently and never persisted by us.
8. Security
We protect data with encryption in transit (TLS/HTTPS) and at rest (encrypted database volume with automated, encrypted backups). Access to systems is restricted and protected by strong authentication. We maintain a security incident response process.
9. Cookies and tracking
The embedded admin app uses Shopify session tokens to authenticate; it does not set advertising or cross-site tracking cookies.
10. Your rights (GDPR)
Where we act as controller, you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and to data portability. Where we act as processor for end-customer data, please direct such requests to the merchant (controller). To exercise your rights or ask questions, contact us at hello@monetais.de. You also have the right to lodge a complaint with your data protection supervisory authority.
11. Children
The App is a business tool for merchants and is not directed at children.
12. Changes to this policy
We may update this policy from time to time. The “Last updated” date reflects the latest version.
13. Contact
Luis Benz · Comeniusstr. 4, 01307 Dresden · hello@monetais.de