Skip to content
Legal
Effective 2026-06-12

Privacy Policy

This policy explains what personal data nohold collects through its marketing site and through the nohold Shopify app once installed, why we collect it, and what rights you have. We keep collection minimal. The marketing site itself does not collect personal data; the only way you reach us through it is by emailing us directly or installing the app from the Shopify App Store.

ScopeThis policy covers two surfaces: (1) the nohold.app marketing site, and (2) the nohold product app once installed by a merchant on their Shopify store. Sections § 01–§ 11 apply across both surfaces; sections § 12–§ 19 apply specifically to the installed app and the customer data it processes on the merchant’s behalf.

Who we are

nohold (“we,” “us”) operates this site and the Shopify app. If you have any questions about this policy or your data, email privacy@nohold.app.

What we collect

  • Email correspondence. If you email us at privacy@nohold.app, hello@nohold.app, or contact@nohold.app, we keep the message and your address so we can reply and follow up.
  • Standard request data. Our hosting provider (Cloudflare) records basic technical information about every request (IP address, user agent, timestamps, referrer) to operate, secure, and protect the site.
  • Anonymous install-link click counts. When you click an install button on this site, we record only the destination URL, the section of the page it came from, and the country your IP resolves to (e.g. “GB”). No cookie, no identifier, no IP address, no user agent. This is a first-party endpoint on our own infrastructure used solely to understand which sections of the site drive installs.
  • No third-party analytics, no advertising trackers, no third-party cookies. We do not load Google Analytics, advertising pixels, or session-replay tools on this site.

Why we collect it

  • To respond if you reach out for support, sales, or a question about nohold.
  • To keep the site running and protect it from abuse.

Our legal basis under GDPR is your consent (you initiated the email exchange) and our legitimate interests (keeping the site available and secure).

How long we keep it

Email correspondence is kept for as long as needed to resolve your question, plus a reasonable follow-up window. You can ask us to delete your address at any time. Hosting logs are retained by Cloudflare for short windows per their default retention policy.

For data we process on behalf of a merchant via the installed app, see § 15.

Who we share it with

  • Cloudflare. Hosts this site and provides DNS, TLS, and DDoS protection. Acts as a processor on our behalf.

For the full list of subprocessors used by both the marketing site and the nohold product, see our Subprocessors page.

We do not sell personal data. We do not share email addresses with marketing networks or data brokers. For sub-processors used by the installed product app, see § 14.

Cookies

nohold.app does not set tracking or advertising cookies. Cloudflare may set strictly necessary cookies for security and abuse prevention; these do not require consent under GDPR/ePrivacy.

Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict processing. Residents of the EEA, UK, and California have these rights under GDPR/UK GDPR and CCPA respectively.

To exercise any of these rights, email privacy@nohold.app from the address concerned. We will respond within 30 days.

International transfers

Cloudflare serves this site from globally distributed edge locations. Data may be processed outside your country. Cloudflare provides appropriate safeguards for international transfers, including Standard Contractual Clauses where applicable.

Children

nohold is a B2B product for merchants. The site is not directed at children, and we do not knowingly collect personal data from anyone under 16.

Changes to this policy

If we change this policy materially, we will update the effective date at the top and, where reasonable, notify users who have an active relationship with us. The latest version always lives at this URL.

Contact

Questions, requests, or complaints about this policy or your data: privacy@nohold.app.

App data we process

When a merchant installs nohold, we receive a copy of each order placed on their Shopify store via Shopify’s orders/create webhook. Each order contains:

  • Customer name (first and last)
  • Customer email
  • Customer phone (when provided)
  • Shipping and billing addresses
  • Line items, quantities, and totals

We process this data solely to (a) detect which line items are pre-order vs in-stock, (b) split the fulfillment of mixed orders inside Shopify, and (c) create the matching sales orders in the merchant’s Brightpearl account. We do not use it for marketing, profiling, advertising, or any purpose outside the fulfillment workflow.

Our role

For the customer data inside an order, nohold acts as a data processor; the merchant is the data controller. We process the data on the merchant’s behalf, under their instructions, and only for the purposes described in § 12.

If you are an end-customer of a merchant using nohold, please direct data-rights requests to the merchant first. They control your data, and we will support them in fulfilling your request.

Sub-processors (product app)

We pass customer data to the following sub-processors as needed to operate the app:

  • Brightpearl. When an order is split, we send the customer’s name, email, phone, address, and order line items to the merchant’s own Brightpearl account so the resulting sales orders carry the right customer and delivery details. Brightpearl is the merchant’s chosen ERP, not our vendor; we send data the merchant chose to integrate.
  • Google Cloud Platform (Cloud Run, Cloud Tasks, Cloud KMS, Secret Manager). Hosts our application, schedules background jobs, and manages encryption keys. EU region (europe-west1).
  • Neon. Managed Postgres database for storing webhook events and order-split metadata.

Our current sub-processors list lives at /subprocessors.

Retention and deletion (product app)

We store each order’s webhook payload for the duration of the merchant’s install, then delete it through Shopify’s GDPR webhook flow:

  • End-customer deletion. When Shopify fires the customers/redact webhook (typically 10 days after the merchant requests deletion), we redact that customer’s name, email, phone, and address from our database within 30 days.
  • Shop deletion. When Shopify fires shop/redact (~48 hours after the merchant uninstalls the app), we hard-delete the merchant and all associated records (orders, webhook events, dispatch queue, audit logs).

We do not run a fixed-window auto-purge during an active install; data is retained only as long as the merchant relies on the integration.

Security (product app)

  • TLS for all data in transit (Shopify webhooks, Brightpearl, Neon, internal services).
  • AES-256-GCM encryption for session cookies; Google Cloud KMS for stored Shopify and Brightpearl tokens.
  • Encrypted-at-rest managed database (Neon) with row-level security per merchant.
  • Shopify webhook authenticity verified with HMAC-SHA256 against the app secret; requests with an invalid digest are rejected with HTTP 401.
  • Internal worker services are not publicly addressable; they are reachable only by authenticated Google Cloud Tasks and Cloud Scheduler service accounts.

Shopify Protected Customer Data

nohold accesses the following protected customer fields, all sourced from the merchant’s Shopify orders, under the “Store management” reason category in our Partner Dashboard declaration:

  • Customer name (first and last)
  • Customer email
  • Customer phone (default and billing)
  • Customer address (shipping and billing)

nohold supports all three mandatory Shopify compliance webhooks: customers/data_request, customers/redact, and shop/redact.

What we send to customers

When a merchant enables the customer-communication feature (Growth plan and up), nohold may send transactional emails to the email address Shopify already collected on the order:

  • Per-shipment notification when a mixed-cart order is split into two shipments.
  • Delay notice when the merchant updates the expected ship date on a still-open preorder, or when 30 days have elapsed (per the FTC Mail/Internet/Telephone Order Rule).
  • Cancellation confirmation if the customer clicks the cancel link in a delay notice.

Sender domain is notifications.nohold.app, configured with SPF, DKIM, and DMARC. We never ask for payment, surface payment URLs, or store card data. See § 19 below.

Payments

nohold is a fulfillment integration. It does not collect, request, process, store, or facilitate payments under any circumstance. The payment-status badges and the optional “release only when paid” rule both read Shopify’s existing financial state; they never initiate a charge or expose a payment surface.