CarryLeads uses Shopify API data only to help the merchant who installed the app find leads and prepare outreach copy.
- Data read from Shopify: shop name, shop contact email, and product titles, product types, vendors, and tags.
- Purpose: build a product profile, score lead fit, manage shortlists, track campaign history, and generate merchant-editable outreach copy.
- Google Places API (third-party processor): your search inputs — lead type, location, keywords, and product focus — are sent to Google to find matching businesses. CarryLeads stores only the returned Google Place IDs plus app-owned metadata such as score, stage, notes, and campaign status; it does not permanently store Google phone, address, website, or rating fields.
- OpenAI (third-party processor): when you generate outreach copy, your business profile, product context, tone, signature, and reply-to email are sent to OpenAI to draft the message. No customer data is sent to OpenAI.
- Data not requested in v1: customer names, customer emails, phone numbers, billing addresses, shipping addresses, payment details, orders, storefront tracking data, or manual file uploads.
- Storage: OAuth session records are stored so Shopify can authenticate the embedded app. Lead metadata, credit ledger entries, settings, campaigns, and generated copy are stored for app functionality.
- Retention and deletion: when you uninstall the app or Shopify sends a shop redaction webhook, CarryLeads deletes the stored data for that shop — leads, settings, credit ledger, campaigns, and generated copy — and removes OAuth session records.
- Sharing: CarryLeads does not sell merchant or customer data and does not share Shopify data with advertising networks.
For data access, correction, or deletion requests, contact basantikabra61@gmail.com.