This policy explains what personal data nohold collects through its marketing site and waitlist, why we collect it, and what rights you have. We keep collection minimal. nohold is currently in pre-launch, so the only personal data we actively collect from this site is your email, when you join the waitlist.
Who we are
nohold (“we,” “us”) operates this site and the waitlist. If you have any questions about this policy or your data, email privacy@nohold.app.
What we collect
- Email address. When you submit the waitlist form, we store the email you provide.
- Standard request data. Our hosting provider (Cloudflare) records basic technical information about every request (IP address, user agent, timestamps, referrer) to operate, secure, and protect the site.
- No analytics, no advertising trackers, no third-party cookies. We do not load Google Analytics, advertising pixels, or session-replay tools on this site.
Why we collect it
- To notify you when nohold is generally available.
- To respond if you reach out for support, sales, or a question about nohold.
- To keep the site running and protect it from abuse.
Our legal basis under GDPR is your consent (you actively submitted the waitlist form) and our legitimate interests (keeping the site available and secure).
How long we keep it
Waitlist emails are kept until nohold launches and we have notified you, or until you ask us to remove your address, whichever comes first. After we contact you about launch, we keep your email only if you opt to continue receiving updates. Hosting logs are retained by Cloudflare for short windows per their default retention policy.
For data we process on behalf of a merchant via the installed app, see § 15.
Who we share it with
- Cloudflare. Hosts this site, runs the waitlist function, and stores the waitlist database. Acts as a processor on our behalf.
For the full list of subprocessors used by both the marketing site and the nohold product, see our Subprocessors page.
We do not sell personal data. We do not share waitlist emails with marketing networks or data brokers. For sub-processors used by the installed product app, see § 14.
Cookies
nohold.app does not set tracking or advertising cookies. Cloudflare may set strictly necessary cookies for security and abuse prevention; these do not require consent under GDPR/ePrivacy.
Your rights
Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to or restrict processing. Residents of the EEA, UK, and California have these rights under GDPR/UK GDPR and CCPA respectively.
To exercise any of these rights, including removing yourself from the waitlist, email privacy@nohold.app from the address you signed up with. We will respond within 30 days.
International transfers
Cloudflare serves this site from globally distributed edge locations and stores the waitlist database in its D1 service. Data may be processed outside your country. Cloudflare provides appropriate safeguards for international transfers, including Standard Contractual Clauses where applicable.
Children
nohold is a B2B product for merchants. The site is not directed at children, and we do not knowingly collect personal data from anyone under 16.
Changes to this policy
If we change this policy materially, we will update the effective date at the top and, where reasonable, notify the people on our waitlist. The latest version always lives at this URL.
Contact
Questions, requests, or complaints about this policy or your data: privacy@nohold.app.
App data we process
When a merchant installs nohold, we receive a copy of each order placed on their Shopify store via Shopify’s orders/create webhook. Each order contains:
- Customer name (first and last)
- Customer email
- Customer phone (when provided)
- Shipping and billing addresses
- Line items, quantities, and totals
We process this data solely to (a) detect which line items are pre-order vs in-stock, (b) split the fulfillment of mixed orders inside Shopify, and (c) create the matching sales orders in the merchant’s Brightpearl account. We do not use it for marketing, profiling, advertising, or any purpose outside the fulfillment workflow.
Our role
For the customer data inside an order, nohold acts as a data processor; the merchant is the data controller. We process the data on the merchant’s behalf, under their instructions, and only for the purposes described in § 12.
If you are an end-customer of a merchant using nohold, please direct data-rights requests to the merchant first. They control your data, and we will support them in fulfilling your request.
Sub-processors (product app)
We pass customer data to the following sub-processors as needed to operate the app:
- Brightpearl. When an order is split, we send the customer’s name, email, phone, address, and order line items to the merchant’s own Brightpearl account so the resulting sales orders carry the right customer and delivery details. Brightpearl is the merchant’s chosen ERP, not our vendor; we send data the merchant chose to integrate.
- Google Cloud Platform (Cloud Run, Cloud Tasks, Cloud KMS, Secret Manager). Hosts our application, schedules background jobs, and manages encryption keys. EU region (
europe-west1). - Neon. Managed Postgres database for storing webhook events and order-split metadata.
Our current sub-processors list lives at /subprocessors.
Retention and deletion (product app)
We store each order’s webhook payload for the duration of the merchant’s install, then delete it through Shopify’s GDPR webhook flow:
- End-customer deletion. When Shopify fires the
customers/redactwebhook (typically 10 days after the merchant requests deletion), we redact that customer’s name, email, phone, and address from our database within 30 days. - Shop deletion. When Shopify fires
shop/redact(~48 hours after the merchant uninstalls the app), we hard-delete the merchant and all associated records (orders, webhook events, dispatch queue, audit logs).
We do not run a fixed-window auto-purge during an active install; data is retained only as long as the merchant relies on the integration.
Security (product app)
- TLS for all data in transit (Shopify webhooks, Brightpearl, Neon, internal services).
- AES-256-GCM encryption for session cookies; Google Cloud KMS for stored Shopify and Brightpearl tokens.
- Encrypted-at-rest managed database (Neon) with row-level security per merchant.
- Shopify webhook authenticity verified with HMAC-SHA256 against the app secret; requests with an invalid digest are rejected with HTTP 401.
- Internal worker services are not publicly addressable; they are reachable only by authenticated Google Cloud Tasks and Cloud Scheduler service accounts.
Shopify Protected Customer Data
nohold accesses the following protected customer fields, all sourced from the merchant’s Shopify orders, under the “Store management” reason category in our Partner Dashboard declaration:
- Customer name (first and last)
- Customer email
- Customer phone (default and billing)
- Customer address (shipping and billing)
nohold supports all three mandatory Shopify compliance webhooks: customers/data_request, customers/redact, and shop/redact.
What we send to customers
When a merchant enables the customer-communication feature (Growth plan and up), nohold may send transactional emails to the email address Shopify already collected on the order:
- Per-shipment notification when a mixed-cart order is split into two shipments.
- Delay notice when the merchant updates the expected ship date on a still-open preorder, or when 30 days have elapsed (per the FTC Mail/Internet/Telephone Order Rule).
- Cancellation confirmation if the customer clicks the cancel link in a delay notice.
Sender domain is notifications.nohold.app, configured with SPF, DKIM, and DMARC. We never ask for payment, surface payment URLs, or store card data. See § 19 below.
Payments
nohold is a fulfillment integration. It does not collect, request, process, store, or facilitate payments under any circumstance. The payment-status badges and the optional “release only when paid” rule both read Shopify’s existing financial state; they never initiate a charge or expose a payment surface.