Privacy Policy

Last updated: April 7, 2026

Rate Wrangler (“Rate Wrangler,” “we,” “us,” or “our”) is a Shopify application that calculates tiered shipping rates at checkout. This Privacy Policy explains what information we collect from Shopify merchants who install Rate Wrangler, how we use it, who we share it with, and how merchants can exercise their data rights. By installing or using Rate Wrangler, you agree to the practices described below.

1. Who We Are

Rate Wrangler is operated by Salty Sailor Coffee LLC. The data controller for the merchant information described in this policy is Salty Sailor Coffee LLC. You can reach us at privacy@ratewrangler.app for any privacy-related question or request.

2. Information We Collect

Rate Wrangler is designed to collect the minimum information needed to calculate shipping rates and operate the app. We collect the following categories of information from Shopify on the merchant’s behalf:

  • Shop identifier — your myshopify.com domain, used to associate your saved configuration with your store.
  • Offline access token — issued by Shopify when you install the app, used to call the Shopify Admin API on your behalf (for example, to register the carrier service and read fulfillment locations).
  • Merchant configuration — the shipping rate tiers, handling fees, surcharges, free-shipping thresholds, and other settings you create inside the Rate Wrangler interface.
  • Fulfillment locations — the names and IDs of your store’s fulfillment locations, used so you can assign per-location surcharges.
  • Cart data at checkout — when a shopper reaches checkout, Shopify sends Rate Wrangler the items in the cart, their weights, the destination address, and the assigned fulfillment locations. We use this data only to compute and return shipping rates for that single request. We do not persist shopper data to our database.
  • Billing status — whether your subscription is active and the number of rate-calculation calls used in the current billing period.
  • Operational logs — minimal request logs (shop domain, timestamp, response status) used for debugging and abuse prevention.

We do not request or store customer personal information (names, email addresses, payment details, or full shipping addresses) beyond the destination ZIP/postal code and country needed to compute a single rate response. Cart-level shopper data is processed in memory and discarded after the rate response is returned.

3. How We Use Information

  • To calculate and return shipping rates at checkout.
  • To save and load your shipping rate configuration.
  • To enforce subscription limits and bill you through Shopify’s Billing API.
  • To register and maintain the carrier service in your Shopify store.
  • To diagnose errors, prevent abuse, and improve the app.

We do not sell, rent, or share your data with advertisers. We do not use your data to train machine-learning models. We do not profile shoppers.

4. How We Store and Protect Information

Merchant configuration, access tokens, and billing status are stored in Upstash Redis, a managed serverless data store hosted on Amazon Web Services (US region). The Rate Wrangler application itself runs on Vercel’s serverless platform. All communication between Rate Wrangler, Shopify, and Upstash is encrypted in transit using TLS. Access tokens are stored encrypted at rest by Upstash. Webhook payloads from Shopify are verified using HMAC SHA-256 signatures with timing-safe comparison before any data is processed.

Access to production secrets and stored data is restricted to authorized personnel of Salty Sailor Coffee LLC and is protected by two-factor authentication.

5. Subprocessors

Rate Wrangler relies on the following subprocessors to deliver the service:

  • Shopify Inc. — source of merchant and cart data; provides authentication, billing, and the Carrier Service API.
  • Vercel Inc. — application hosting and serverless function execution.
  • Upstash, Inc. — managed Redis storage for merchant configuration and access tokens.
  • Amazon Web Services, Inc. — underlying infrastructure for Upstash and Vercel.

6. Data Retention

We retain merchant configuration and the offline access token for as long as Rate Wrangler is installed on your store. When you uninstall the app, Shopify sends an app/uninstalled webhook and we delete your stored configuration and access token within 48 hours. Cart-level shopper data is never persisted to our database; it exists only in memory for the duration of a single rate request and is discarded as soon as the response is returned.

7. GDPR Compliance and Shopify Privacy Webhooks

Rate Wrangler complies with the General Data Protection Regulation (GDPR) and implements the three mandatory Shopify privacy webhooks:

  • customers/data_request — when a shopper of your store requests their personal data, we respond noting that Rate Wrangler does not store shopper personal information.
  • customers/redact — when a shopper requests deletion of their personal data, we confirm that no shopper personal information exists in our systems to delete.
  • shop/redact — when a shop is closed for more than 48 hours, Shopify sends this webhook and we permanently delete all merchant configuration, tokens, and logs associated with that shop.

Merchants and shoppers in the EU, UK, California, and other jurisdictions with similar laws have the right to access, correct, port, and delete personal data we hold about them. To exercise these rights, contact privacy@ratewrangler.app. We will respond within 30 days.

8. International Data Transfers

Rate Wrangler stores data in the United States. If you install Rate Wrangler from outside the United States, your information will be transferred to and processed in the United States. Where required, we rely on the Standard Contractual Clauses approved by the European Commission as the legal basis for these transfers.

9. Children’s Privacy

Rate Wrangler is a business-to-business application sold to Shopify merchants. It is not directed to children under 16, and we do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify merchants through the Rate Wrangler admin interface. Continued use of the app after an update constitutes acceptance of the revised policy.

11. Contact Us

For any questions, requests, or complaints about this Privacy Policy or our handling of your data, contact:

Salty Sailor Coffee LLC
Attn: Privacy
privacy@ratewrangler.app