Privacy Policy

At SampleLoop, your privacy and the privacy of your customers is our priority. This Privacy Policy explains how we collect, use, store, and protect information when you install and use SampleLoop on your Shopify store, and when your prospects submit sample requests through the SampleLoop storefront form. By installing SampleLoop, you agree to the practices described in this policy.

• Shopify Account Information: Your shop domain, store name, contact email, and the access token Shopify issues when you install the app. We only access scopes you approve during installation.
• Merchant Configuration: The settings you choose in the SampleLoop admin, such as the products you mark as eligible for sampling, max items per request, auto-approval, and notification preferences.
• Sample Request Data: Information submitted by prospects through the storefront form: contact name, company, email, phone (optional), shipping address, and the variants they want to sample.
• Order and Attribution Data: When you approve a request we create draft orders in your Shopify store. We also receive paid-order webhooks during the 180-day attribution window to match orders back to the originating sample.
• Billing Information: Subscription status is managed by Shopify Billing. We do not collect or store your payment card details.

• To operate the SampleLoop app inside your Shopify admin (accepting requests, creating draft orders, attributing paid orders)
• To send service updates, security alerts, and account notifications
• To diagnose technical issues and improve the reliability of the app
• To verify your subscription status with Shopify Billing
• To comply with legal obligations and enforce our Terms of Service

• All Shopify access tokens are stored encrypted at rest
• We follow the Principle of Least Privilege, requesting only the minimum Shopify scopes required to run the app
• All data in transit is protected with TLS 1.2+ encryption
• We conduct regular reviews of our security practices and access controls

• Merchant account and configuration: Retained for as long as the app is installed on your store. Deleted within 30 days after the app is uninstalled or when Shopify sends an app/uninstalled or shop/redact webhook.
• Sample request records: Retained for the duration of the 180-day attribution window plus a reasonable archival period, then purged on customer/redact request.
• Operational logs: Retained for up to 90 days for troubleshooting purposes, then automatically purged.

SampleLoop is based in the United States, and data is processed and stored on servers located in the United States. If you or your prospects are accessing the service from outside the US (including the European Economic Area or the United Kingdom), data will be transferred to and processed in the US. We rely on standard contractual clauses and other appropriate safeguards to ensure data is protected in accordance with applicable data protection laws.

In the event of a data breach that affects personal data, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authorities as required by applicable law.

SampleLoop uses only essential cookies and Shopify session tokens required for the embedded app to function inside the Shopify admin. We do not use cross-site tracking cookies.

SampleLoop is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at michael@michaelmcgarvey.com.

We may update this Privacy Policy from time to time. If we make material changes, we will notify merchants via the email address associated with the Shopify store at least 30 days before the changes take effect. Continued use of the service after changes are posted constitutes acceptance of the updated policy.