Privacy Policy

Last updated: June 12, 2026

This Privacy Policy explains how TextRetailer, Inc.(“reOtter,” “we,” “us”) collects, uses, and protects information in connection with the reOtter application and website at reotter.com(the “Service”).

reOtter is a retention and reorder analytics application for Shopify merchants. In most cases, the merchant is the controller of their store’s customer data and reOtter acts as a processor/service providerthat handles that data on the merchant’s behalf and under their instructions. reOtter is the controllerof the merchant’s own account information. A Data Processing Addendum (DPA) governing our processing of store customer data is available to merchants on request at dpa@reotter.com.

Our data-protection commitments

In line with Shopify’s Protected Customer Data requirements, we:

  • Minimize data— we request and process only the personal data needed to provide the Service;
  • Are transparent— we tell merchants what personal data we process and why (Sections 1–2);
  • Limit purpose— we use personal data only for the purposes described in this Policy and do not repurpose or sell it;
  • Apply retention limits— we keep personal data only as long as needed to provide the Service or meet legal obligations (Section 4);
  • Encrypt data— in transit and at rest, including backups (Section 5);
  • Respect consent— we honor the marketing-consent and opt-out decisions reflected in a store’s customer records, and we rely on the merchant’s connected channels to apply their customers’ suppression preferences.

1. Information we collect

a. Merchant account information.When you install reOtter we receive your store’s contact details from Shopify (such as store name, domain, and the store contact email and name), and we store the marketing-communication preference you select during onboarding.

b. Store data accessed via Shopify (on the merchant’s behalf).With the merchant’s authorization (granted through Shopify’s permission scopes), we access and store:

  • Order history, including line items, dates, totals, and order status;
  • Customer records associated with those orders, which may include name, email address, phone number, and purchase history;
  • Product, inventory, fulfillment, return, discount, and shipping information.

We use this data solely to provide the Service to the merchant. We do not access payment-card numbers, and we do not sell store or customer data.

c. Usage and device data. We collect standard analytics about how the Service is used (for example, pages viewed, actions taken, device/browser type, and IP address), including via cookies and similar technologies and third-party product-analytics tools.

2. How we use information

  • To provide and operate the Service — compute reorder/replenishment analytics, forecast reorder timing, generate insights and reports, and power merchant-owned reorder reminders and the reorder storefront;
  • To deliver communications to merchants(e.g., onboarding, the analysis report, service notices, and — where you have opted in — product and retention tips);
  • To transmit reorder reminders and related messages to a store’s customers only through the merchant’s own connected channels (such as their email/SMS provider) or via reOtter storefront pages, as configured by the merchant;
  • To secure, maintain, troubleshoot, and improve the Service;
  • To comply with legal obligations.

Legal bases (where GDPR/UK GDPR applies): performance of a contract; our legitimate interests in operating and improving the Service; consent (e.g., for optional marketing email to merchants); and compliance with legal obligations.

3. How information is shared

We do not sell personal information. We share information only:

  • With service providers (subprocessors)that help us run the Service, under contractual confidentiality and data-protection obligations — for example, cloud hosting and infrastructure (Amazon Web Services), server management (Laravel Forge), product analytics (PostHog), and the merchant’s connected message-delivery platforms. A current subprocessor list is available on request at privacy@reotter.com;
  • For legal reasons, where required by law or to protect rights, safety, and the integrity of the Service;
  • In a business transfer (merger, acquisition, or asset sale), subject to this Policy.

4. Data retention and deletion

We retain store and customer data for as long as the merchant’s reOtter account is active, and then as needed to provide the Service or meet legal obligations.

  • On app uninstall, we stop all processing and scheduled reminders for the store.
  • We honor Shopify’s mandatory privacy webhooks: customers/data_request (we compile the data we hold for that customer), customers/redact(we erase or anonymize that customer’s personal data), and shop/redact(we purge the store’s data, sent by Shopify ~48 hours after uninstall).
  • Merchants may also request export or deletion by contacting us at privacy@reotter.com.

5. Security

We protect data with industry-standard measures, including encryption in transit (TLS) and encryption at rest (store access tokens and sensitive fields are encrypted using per-tenant keys), encrypted backups, access controls, and network isolation. No method of transmission or storage is 100% secure, but we work to protect your information.

6. International data transfers

We may process and store information in the United States and other countries. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for cross-border transfers.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of your personal data, and to object or withdraw consent.

  • Merchants may exercise these rights by contacting privacy@reotter.com.
  • A store’s customersshould direct requests to the merchant (the controller); reOtter will assist the merchant in fulfilling them, including via Shopify’s data-request and redaction webhooks.

California residents have rights under the CCPA/CPRA, including to know, delete, and opt out of “sale”/“sharing” (we do not sell or share personal information as defined by that law). We do not discriminate for exercising these rights.

8. Children

The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal data from children.

9. Changes to this Policy

We may update this Policy from time to time. Material changes will be posted here with an updated “Last updated” date and, where appropriate, additional notice.

10. Contact

TextRetailer, Inc.
1133 Tipperary Rd.
Iowa City, IA 52246
Email: privacy@reotter.com

See also our Terms of Service.