A/B Testing is now live on paid plans. Try free →

SortLab
Legal

Privacy Policy

Effective Date: March 25, 2026 · Last Updated: March 25, 2026

This Privacy Policy describes how Hyperion Apps LLC ("Company", "we", "our", or "us") collects, uses, and protects information when you use SortLab (the "App"), a Shopify application available at sortlab.ai. Our registered address is 1309 Coffeen Avenue STE 19519, Sheridan, Wyoming 82801, United States.

By installing or using SortLab, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

When you install SortLab from the Shopify App Store, we receive access to certain Shopify store data as authorized by you during the OAuth installation flow. This includes:

  • Shop information: Store URL, store name, currency, timezone, and plan type
  • Product and collection data: Product titles, types, tags, vendors, prices, inventory levels, and collection membership
  • Order data: Anonymized order line item data (product IDs, quantities, revenue) used to calculate sorting scores. We do not collect customer names, emails, or personally identifiable information from orders.
  • App usage data: Which features you use, sorting strategy configurations, and A/B test settings

We do not collect: customer personal information, payment card data, customer email addresses, or customer browsing history.

2. How We Use Your Information

We use the information we collect to:

  • Provide and improve the SortLab sorting service
  • Calculate optimized product rankings for your collections
  • Power analytics and A/B testing features within the App
  • Send transactional emails (e.g., billing receipts, service notices)
  • Diagnose technical issues and improve App performance
  • Comply with applicable laws and regulations

We do not sell your data to third parties. We do not use your store data for advertising or cross-merchant profiling.

3. Data Storage and Security

Your data is stored on Google Cloud Platform (GCP) servers located in the United States. We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Access controls limiting data access to authorized personnel only
  • Regular security audits and vulnerability assessments
  • Shopify API tokens stored in encrypted form

4. Third-Party Services

We use the following third-party services to operate SortLab:

  • Google Cloud Platform (GCP): Database and server infrastructure
  • Paddle: Payment processing for subscription billing. Paddle acts as Merchant of Record and handles all payment data.
  • PostHog: Product analytics (anonymized usage events). No PII is sent.
  • Sentry: Error monitoring and crash reporting
  • Crisp: Customer support chat (optional, only if you initiate a chat)

Each third-party service has its own privacy policy. We encourage you to review them.

5. Data Retention

We retain your store data for as long as your SortLab subscription is active. When you uninstall SortLab from your Shopify store:

  • Your data is marked for deletion and permanently removed within 30 days
  • Order history used for sorting calculations is deleted immediately upon receiving the Shopify GDPR uninstall webhook
  • Billing records may be retained for up to 7 years for tax compliance

6. GDPR Compliance (European Merchants)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the data we hold about your store
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to data portability: Request your data in a machine-readable format
  • Right to object: Object to certain types of data processing

To exercise any of these rights, email privacy@hyperionlab.co. We will respond within 30 days.

Our legal basis for processing your store's data is the performance of a contract (providing the SortLab service you have agreed to use) and our legitimate interests in operating and improving the App.

7. CCPA Compliance (California Merchants)

California residents have rights under the California Consumer Privacy Act (CCPA). We do not sell personal information. For any CCPA requests, contact privacy@hyperionlab.co.

8. Shopify-Specific Disclosures

SortLab accesses the following Shopify API scopes, as authorized during installation:

  • read_products: To read product data for sorting
  • write_products: To update product position within collections
  • read_orders: To read historical order data for revenue-based sorting
  • read_inventory: To read inventory levels for inventory-based sorting rules
  • read_analytics: To read Shopify analytics for enhanced sorting signals

We comply with Shopify's API Terms of Service and Partner Program Agreement.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email (to the store owner address on record) and by posting the new policy at this URL with an updated effective date.

10. Contact Us

For privacy-related questions or data requests, contact us at:

  • Email: privacy@hyperionlab.co
  • Mailing address: Hyperion Apps LLC, 1309 Coffeen Avenue STE 19519, Sheridan, Wyoming 82801, USA