Last updated 2026-04-21

Privacy Policy

ResaleProof helps Shopify merchants collect, verify, and apply resale sales-tax exemption certificates. Operating the app requires processing personal information about merchants, their customers, and the certificate data they upload. This policy explains what we collect, why, and how you can exercise your rights over it.

Canonical source of truth for this content is app/routes/legal.privacy.tsx + site/content/legal/privacy.mdx. Both render the same content; update both when the policy changes.

1. Who we are

ResaleProof is an independent Shopify app. For the purposes of GDPR / UK GDPR and similar frameworks, ResaleProof acts as a data processor for the merchant (who is the data controller for their customers’ information). Contact: legal@resaleproof.com.

2. What we collect

Merchant data (you, the store owner)

Customer data (your buyers)

Operational data

3. Why we collect it

4. Third-party sub-processors

We transfer data to a small, audited set of vendors strictly for the purposes above:

We do not sell, rent, or share data with advertisers, data brokers, or analytics vendors beyond the list above.

5. How long we keep it

6. Security measures

7. Your rights

Depending on your jurisdiction (GDPR / UK GDPR, CCPA / CPRA, Colorado Privacy Act, Virginia CDPA, etc.) you may have the right to:

To exercise any of these, contact the merchant whose store you purchased from first — they are the primary data controller. If the merchant hasn’t responded within a reasonable window, reach out directly to legal@resaleproof.com. Merchants can also reach us at the same address to request a data export or deletion on behalf of a customer.

8. International transfers

ResaleProof is operated from the United States. Data may be processed in the US and in vendor regions used by Shopify, Supabase, Postmark, Fly.io, and Sentry. Where applicable we rely on Standard Contractual Clauses and our vendors’ own transfer mechanisms.

9. Children

The service is not directed at, nor intended for, individuals under 16. We do not knowingly collect data from children.

10. Changes to this policy

We’ll update this page if our practices change; the “Updated” date at the top reflects the current revision. Material changes will also be communicated in-app (admin dashboard banner) or via email to the merchant contact on file.

11. Contact

Questions, data-subject requests, or security disclosures: legal@resaleproof.com.