SSubsExport
LEGAL

Privacy Policy

Last updated: May 22, 2026

SubsExport ("we", "our", "the app") is operated by Add One Plugins. This Privacy Policy explains what data we access, how we use it, and how we protect it when you install the app on your Shopify store.

What data we access

SubsExport requests read-only access to:

  • Customers — name, email, phone, and shipping address — only as part of subscription records you choose to export.
  • Products and orders — to identify subscription line items, SKUs, and billing intervals.
  • Subscription data from third-party subscription apps you connect (ReCharge, Skio, Seal, Loop, PayWhirl, Bold) via the API keys or OAuth tokens you provide.

We do not access payment card data, customer passwords, or any data unrelated to subscriptions.

How we use your data

  • To display your subscription data inside the SubsExport admin so you can preview, filter, and search it.
  • To generate exports (CSV, Excel, Google Sheets) when you explicitly initiate them.
  • To deliver scheduled exports to the email address or Slack channel you configure.
  • To compute aggregate analytics (retention, churn, growth metrics) shown on your dashboard.

We do not sell, rent, or share your data with third parties for marketing or advertising purposes. We never train AI models on your data.

How we store and protect your data

  • All third-party API credentials (ReCharge, Skio, etc.) and OAuth tokens are encrypted at rest using AES-256-CBC before storage.
  • All data in transit uses HTTPS / TLS 1.2 or higher.
  • Generated export files are stored on our server only as long as needed for download or scheduled delivery, and are not shared outside your account.
  • We do not store your customers' payment card information.

Data retention and deletion

  • While installed: we retain subscription metadata (export history, scheduled exports, templates) to provide the service.
  • When you uninstall: Shopify sends us an uninstall webhook. Within 48 hours we receive a shop/redact webhook from Shopify, and we permanently delete all data associated with your shop.
  • Customer data requests: if one of your customers requests their data, Shopify forwards us a customers/data_request webhook. We will export the requested customer's subscription records and provide them to you to fulfill the request.
  • Customer redaction: when Shopify sends a customers/redact webhook, we remove that customer's identifiable data from our systems.

GDPR and CCPA

We comply with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). EU and California residents have the right to access, correct, port, and delete their personal data. Requests can be initiated through the merchant whose store contains the data.

Sub-processors

We use the following third-party services to operate SubsExport:

  • Neon — PostgreSQL database hosting (data encrypted at rest).
  • Resend — transactional email delivery for scheduled exports.
  • Google Cloud Platform — Google Sheets API integration (only when you connect Google Sheets).

Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the app's admin interface.

Contact

Questions or data-access requests: support@addoneplugins.com.