Privacy Policy
RankRobin
Effective date: May 16, 2026
This Privacy Policy applies to the RankRobin app ("the App") published by HELTRA LLC ("we", "us", "our"). It covers data collected by this specific app. Shared commitments that apply across every Culsin app - sub-processors, international transfers, DPA availability, CCPA, security incidents, change notification - are described on the Culsin Privacy index.
By installing the App you agree to this policy. Your use of Shopify is governed by Shopify's own legal documents; this policy only applies to the App.
Who we are
HELTRA LLC
254 Chapman Rd, Ste 208 #17026
Newark, Delaware 19702, United States
Privacy inquiries: privacy@culsin.com
Data we collect
The App reads order and product data from the merchant's Shopify store to compute sales-based rankings. Specifically:
- Product IDs, titles, and images
- Collection IDs, titles, and handles
- Order line items: product ID, quantity, and total price in shop currency
- Shop metadata: domain, currency, timezone, country, and plan
Order data is aggregated into per-product, per-day totals (units, revenue, order count) and the raw order records are not retained. The App does not store customer names, email addresses, shipping addresses, payment details, or any other personally identifiable customer information.
How we use this data
The aggregated sales data is used solely to rank products inside the merchant's collections and to generate the seasonal bestseller collections the merchant has configured. We do not use the data for marketing, analytics, or any purpose beyond providing the App's functionality.
We process this data on the legal basis of contract performance - it is necessary to fulfil the service the merchant has installed the App to provide.
Data storage
Aggregated sales data and App configuration are stored in a Turso database (LibSQL). Turso runs on AWS infrastructure. During initial backfill, intermediate order exports are temporarily cached in Cloudflare R2 and deleted after processing. Data is stored per-shop and is not shared between merchants. Data in transit is encrypted via TLS; data at rest is encrypted by the database provider.
Who has access
Only the Shopify merchant who installed the App can view App data, through the App interface inside their Shopify admin. We do not sell or share data with any third party, except as described under Sub-processors below.
Data retention
Data is retained for as long as the App is installed. When the App is uninstalled, all shop data is permanently deleted within 48 hours, in line with Shopify's GDPR requirements.
Your rights
The App honours Shopify's mandatory GDPR webhooks:
- customers/redact - the App does not store customer personal data, so this request is a no-op. We acknowledge and confirm that no such data is held.
- shop/redact - all shop data is permanently deleted within 48 hours of uninstall.
- customers/data_request - the App does not store customer personal data. We acknowledge the request with a note confirming no such data is held.
If you are a store customer and want to request access to or deletion of your data, contact the merchant whose store you bought from. If you cannot reach them, contact us at privacy@culsin.com. We will respond within 30 days.
Sub-processors
The App uses the following sub-processors:
- Turso (ChiselStrike, Inc.) - database hosting. Stores aggregated sales data and App configuration on AWS infrastructure.
- Cloudflare, Inc. - hosts the App backend and this website. Provides R2 object storage for temporary caching during the initial order backfill.
- Mantle (Charged Commerce, Inc.) - billing and subscription management.
- Axiom, Inc. - application logging for debugging. May include shop domains and request metadata.
See the Culsin Privacy index for our sub-processor change notification commitment.
Cookies
The App does not set cookies or use tracking technologies. The Shopify admin interface is governed by Shopify's own privacy policy.
DPA, transfers, CCPA, security
Data processing addendum availability, international transfer mechanisms (SCCs), California (CCPA/CPRA) rights, and security incident notification are covered on the Culsin Privacy index - they apply to this app the same way they apply to every Culsin app.