Legal

Privacy Policy

Effective date: March 20, 2026 · Last updated: March 20, 2026

This Privacy Policy explains how BULLETHEAD LIFESTYLE PRIVATE LIMITED (“we”, “us”, “our”) collects, uses, and protects information when you use Net Net – Profit Dashboard, available on the Shopify App Store at getnetnet.com. By installing the App, you agree to this policy.

1. Who We Are

BULLETHEAD LIFESTYLE PRIVATE LIMITED
2nd Floor, Shop No 2A2, Heera Panna Shopping, Shankaracharya Rd, CTS No. 7/3, Off Vill Ko Pan, Powai, Mumbai, Maharashtra, India – 400078
Email: bullethead.apps@gmail.com · Website: getnetnet.com

2. What Data We Collect

2.1 Shopify Store Data

When you install Net Net, we request access to your Shopify store via the Shopify API. We collect:

  • Orders — order ID, line items, quantities, revenue, taxes, shipping charges, discounts, refunds, payment gateway, fulfillment status, customer ID, shipping address (country and region only)
  • Products and variants — product ID, title, variant title, SKU
  • Shop metadata — store name, currency, timezone, plan name

We use Shopify customer IDs to track repeat purchases for new-vs-returning segmentation and LTV cohort analysis. We do not collect customer names, email addresses, phone numbers, or full billing addresses. The store owner's email is collected separately for reports and support (see 2.3).

2.2 Ad Platform Data

If you connect Meta Ads or Google Ads, we collect ad spend data aggregated by day and ad account, ad account IDs and names, and OAuth access tokens (encrypted at rest). We do not collect campaign creative, audience data, or individual ad performance beyond spend figures.

2.3 Account and Configuration Data

  • Cost configurations you enter (COGS, shipping rates, custom overheads, per-order fees)
  • App settings and preferences
  • Email address of the store owner (used for reports and support)

2.4 Usage Data

  • Pages visited within the App, features used, time of access
  • Errors and performance logs (no personally identifiable information)

3. How We Use Your Data

We use your data exclusively to provide the App's functionality — calculating profit, generating reports, syncing ad spend, delivering email summaries, and providing support. We do not use your data for advertising, profiling, or any purpose outside of operating the App.

4. Data Sharing

We do not sell, rent, or share your data with third parties for their own commercial purposes. We share data only with these service providers:

ProviderPurpose
ShopifyPlatform and billing
Meta PlatformsAd spend data retrieval via OAuth
Google LLCAd spend data retrieval via OAuth
Railway (infrastructure)App hosting and database
Email provider (transactional)Delivering daily and weekly reports
AI service provider (e.g. OpenAI)Generating AI weekly report narratives from aggregated, non-personally-identifiable store metrics

5. Data Storage and Security

  • All data is stored on servers hosted via Railway in the United States. Where data is transferred from the EEA or UK to the US, we rely on standard contractual clauses and other appropriate safeguards to ensure an adequate level of protection
  • OAuth tokens for Meta and Google Ads are encrypted at rest using AES-256
  • All data in transit is protected by TLS (HTTPS)
  • Billing is handled entirely by the Shopify Billing API — we never store payment credentials
  • Production data access is restricted to authorised personnel only

6. Data Retention

Your data is retained while your subscription is active. If you uninstall the App, we retain your store data for 30 days to allow reinstallation without data loss, after which it is permanently deleted. OAuth tokens for Meta and Google Ads are revoked immediately upon disconnect or uninstall — they are not held during the 30-day retention window. You may request immediate deletion of all data at bullethead.apps@gmail.com.

7. Your Rights

Depending on your location, you may have the right to access, correct, delete, restrict, or export your data. Contact bullethead.apps@gmail.com and we will respond within 30 days.

  • EEA/UK users have rights under the General Data Protection Regulation (GDPR)
  • India users have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act)
  • California residents have rights under the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information

8. Mandatory Data Privacy Webhooks

In compliance with Shopify's API requirements, Net Net subscribes to and responds to all mandatory privacy webhooks:

  • customers/data_request — When a merchant's customer requests their data, we respond with any data we hold related to that customer (customer ID, order history used for analytics)
  • customers/redact — When a merchant's customer requests deletion, we delete all data associated with that customer ID within 30 days
  • shop/redact — When a merchant uninstalls the App and the 48-hour grace period ends, we delete all store data within 30 days

9. Cookies

The App is embedded within Shopify admin and does not use independent cookies. Any cookies set are managed by Shopify as part of the admin session.

10. Children's Privacy

The App is intended for business use. We do not knowingly collect data from individuals under the age of 18.

11. Changes to This Policy

We may update this policy from time to time and will update the “Last updated” date at the top. Material changes will be notified via the App or email.

12. Contact Us

BULLETHEAD LIFESTYLE PRIVATE LIMITED
2nd Floor, Shop No 2A2, Heera Panna Shopping, Shankaracharya Rd, CTS No. 7/3, Off Vill Ko Pan, Powai, Mumbai, Maharashtra, India – 400078
Email: bullethead.apps@gmail.com
Website: getnetnet.com