Last updated: February 2026 This Privacy Policy describes how the Minimly Product Reservation app (“the App”), developed by Made by Beings Pty Ltd (“Beings”, “we”, “us”, or “our”), handles data when installed on a Shopify store. We are committed to protecting privacy and handling information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and Shopify’s API Terms of Service. 1. What Data the App Accesses When installed, the App accesses the following Shopify store data: Product and inventory data — to check stock availability and create inventory holds Order line items — specifically variant IDs, to mark reservations as purchased after checkout Theme data — to provide the app embed and timer block in the storefront 1.1 What the App Stores The App stores the following data in its own database: Anonymous cart session identifiers (randomly generated, not linked to any customer) Reservation records (variant ID, session ID, timestamps, status) Audit logs of reservation events (for operational troubleshooting) Per-store app settings configured by the merchant 1.2 What the App Does Not Store The App does not collect, store, or process any customer personal information, including: Names, email addresses, or phone numbers Shipping or billing addresses Payment information IP addresses of store visitors 2. How Data Is Used Data accessed by the App is used solely to: Create and manage inventory reservations when customers add items to cart Restore inventory when reservations expire or items are removed from cart Mark reservations as purchased when orders are completed Display countdown timers and notification messages on the storefront Provide merchants with reservation history and settings management We do not sell, share, or use store data for any purpose beyond providing the App’s functionality. 3. Data Storage and Security App data is stored using: PostgreSQL database hosted on Railway (encrypted connections) Redis for real-time reservation management (encrypted connections) All data is transmitted over HTTPS (TLS encryption). Access to production systems is restricted to authorised personnel. 4. Data Retention Reservations are automatically deleted after they expire, are released, or are marked as purchased Audit logs are retained for operational purposes and deleted upon store uninstall App settings are retained while the App is installed When a merchant uninstalls the App, all data associated with their store is permanently deleted within 48 hours via Shopify’s mandatory shop/redact webhook. 5. Merchant Rights Merchants may: Access their reservation history and settings through the App’s admin interface Request deletion of all App data by uninstalling the App Contact us with questions about their data 6. Customer Data Requests If a store customer requests their data under GDPR or other privacy legislation, the App responds to Shopify’s mandatory compliance webhooks. As the App does not store customer personal information, no customer data is returned or deleted in response to these requests. 7. Third-Party Services The App interacts with: Shopify — via the Admin API and App Proxy for inventory management and storefront functionality Railway — for application hosting, database, and cache services These providers handle data in accordance with their own privacy policies and security standards. 8. Changes to This Policy We may update this Privacy Policy to reflect changes in the App’s functionality or legal requirements. The updated version will be published at this URL with a revised “Last updated” date. 9. Contact For questions about this Privacy Policy or the App’s data practices, contact us here .