Privacy Policy
How Various Archives processes personal data for visitors, sellers, support requests, and the Various Archives Connector Shopify Sales Channel app.
Data Controller and Contact
Various Archives, LLC, a Delaware limited liability company, is the controller for the personal data described in this policy unless stated otherwise.
Registered office: 131 Continental Drive, Suite 305, Newark, DE 19713, United States.
Contact: contact@various-archives.com. We have not appointed a Data Protection Officer at this stage.
Who This Policy Applies To
- Visitors to the Various Archives website, available at https://various-archives.com.
- People who create a buyer account to save wishlists, carts, and preferences.
- People who use wishlist, cart, search, waitlist, newsletter, or contact features.
- Seller applicants and individuals acting on behalf of seller businesses.
- Shopify merchants who install Various Archives Connector.
- People whose data may appear in Shopify compliance webhooks or sales-channel order records.
Information You Provide
- Buyer accounts: name if provided, email address, password credentials (stored hashed) or Google sign-in identifiers, department and newsletter preferences, and wishlist and cart contents saved to the account.
- Waitlist and newsletter: email address and optional preferences if provided.
- Contact and support: name if provided, email address, message content, attachments, and related communications.
- Seller applications: store or business name, contact name, business email, phone or address if provided, website and social links, verification materials if requested, and onboarding communications.
Information Collected Automatically
When you use the website, we and our service providers may collect technical and usage data such as IP address, device and browser details, pages viewed, timestamps, referral information, diagnostics, and security logs.
Wishlist and cart features may use browser local storage so the feature can work without a buyer account. When you sign in, wishlist and cart contents are stored with your account instead.
Various Archives Connector Data
Various Archives Connector is a Shopify Sales Channel app. It lets approved merchants publish products from their Shopify admin to Various Archives and attribute sales created through the channel.
The public Sales Channel app is designed to process only the data needed to sync products, manage publication status, attribute orders created through the channel, reconcile refunds or cancellations, and bill marketplace commission through Shopify Billing.
- Merchant and shop data: shop ID, shop domain, myshopify domain, shop name, currency, region or country if available, publication/channel IDs, app status, onboarding status, and publishing mode.
- Credentials: Shopify API access tokens and token metadata, stored for API access and used only to provide the app. Tokens are treated as confidential service credentials.
- Product data: product and variant IDs, titles, handles, descriptions, prices, images, tags, vendor or brand fields, inventory status, approval status, publication status, and related catalog metadata.
- Order and refund data: Shopify order ID, order name, currency, subtotal or net amount, financial status, cancellation or refund status, attribution token or channel attribution, commission amount, billing status, and credit adjustments.
- Billing data: Shopify billing subscription and usage charge identifiers, capped amount, billing period, usage line item ID, billing status, credit balance, and commission records.
- Webhook and diagnostic data: webhook topic, processing status, timestamps, errors, retry metadata, and operational logs needed to maintain the integration.
Protected Customer Data
The public Sales Channel app does not request or use individual protected customer fields such as customer name, email, phone, or address for its core functionality.
Orders, refunds, transactions, and related order resources can be protected customer data because they relate to a buyer. We process only the order and refund fields needed for sales-channel attribution, commission calculation, refund/cancellation reconciliation, billing, support, and compliance.
If Shopify sends mandatory compliance webhook payloads that include customer identifiers, we use those identifiers only to process access or deletion requests and to keep the required compliance audit trail.
Why We Process Data
- Operate the website and marketplace experience.
- Respond to inquiries, seller applications, and support requests.
- Send newsletter or waitlist communications where you have consented.
- Review seller applications, verify professional status, and maintain marketplace integrity.
- Sync merchant products and publication status through the Shopify Sales Channel app.
- Attribute sales created by Various Archives and calculate usage-based commission.
- Reconcile refunds, cancellations, billing credits, and billing disputes.
- Secure, debug, monitor, and improve the service.
- Comply with legal obligations and Shopify compliance webhooks.
Legal Bases
Depending on the context, we rely on performance of a contract, steps taken before entering a contract, legitimate interests, consent, and legal obligations.
For merchants using Various Archives Connector, core app processing is necessary to perform the app service and support Shopify usage-based billing. For website analytics and newsletter communications, we rely on consent where required.
Marketing Communications
If you join our newsletter or opt in to updates, we may send emails about Various Archives. You can unsubscribe through the link in each email or by contacting us.
Cookies and Similar Technologies
We use essential technologies to operate the site and optional analytics technologies only where consent is required and has been provided.
Who We Share Data With
We do not sell personal data. We share data only as needed with service providers, team members on a need-to-know basis, Shopify, sellers where relevant to support a buyer issue, and authorities or courts where required by law.
- Vercel for hosting and content delivery.
- Railway for application infrastructure.
- Neon for the buyer account database.
- Google for optional Google sign-in.
- Sentry for error monitoring.
- Supabase for database services where used.
- Meilisearch for search infrastructure.
- Infomaniak for email and domain services.
- Brevo for newsletter delivery where used.
- PostHog for product analytics, subject to consent where required.
- GitHub for source code hosting.
- Shopify for the Various Archives Connector app, sales-channel functionality, billing, and compliance webhooks.
International Data Transfers
Because we use global infrastructure providers, personal data may be processed outside your country, including in the United States and other jurisdictions.
Where required, we rely on recognised transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, or transfer terms made available by our providers.
Retention
- Buyer accounts: for as long as your account is active. When you delete your account, account data is deleted or anonymised, subject to limited security and legal retention needs.
- Newsletter and waitlist contacts: up to 3 years from the last interaction or until unsubscribe.
- Contact and support requests: typically up to 24 months after resolution, unless a longer period is needed for disputes, security, or legal compliance.
- Seller applications: up to 24 months after the final decision, unless onboarding, fraud prevention, or legal needs require longer.
- Website technical and security logs: limited retention followed by deletion or anonymisation.
- Merchant, product, attribution, order, refund, and billing data for Various Archives Connector: retained while the app is installed and the shop is active, then deleted when Shopify sends the shop/redact compliance webhook after uninstall, subject to any mandatory legal retention that applies outside Shopify-scoped app data.
Shopify Compliance Webhooks
Shopify routes mandatory privacy requests to us through customers/data_request, customers/redact, and shop/redact webhooks. We process these automatically.
A customers/data_request webhook is used to identify any data we hold for the customer. A customers/redact webhook is used to delete or null customer identifiers where present. A shop/redact webhook is used to delete shop-scoped app data after uninstall.
Security
We use reasonable technical and organisational measures designed to protect personal data, including access controls, encrypted transport, confidential handling of credentials, operational logging, and limited access based on need.
No method of transmission or storage is perfectly secure, but we work to reduce risk and respond promptly to security issues.
Your Rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, request portability, or withdraw consent. To exercise rights, email contact@various-archives.com. We may ask for information to verify your identity.
If you are in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority.
EU Representative
Various Archives, LLC is not established in the European Union. We have assessed that our current processing activities are occasional, do not involve large-scale processing of special categories of data, and are unlikely to result in a risk to the rights and freedoms of individuals. On that basis, we have not appointed an EU representative at this time.
We will reassess this position as our activities evolve.
Children
The website is not directed to children. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data, contact us so we can delete it where appropriate.
Automated Decision Making
We do not use automated decision making that produces legal or similarly significant effects on individuals.
Changes to This Policy
We may update this policy to reflect changes in our practices, features, providers, or legal requirements. We will update the Last updated date and may provide additional notice when appropriate.
Contact
For any question about this Privacy Policy or personal data, contact contact@various-archives.com.