Privacy Policy

Last updated: 2026-06-20 · Draft — pending counsel review.

Nomorro ("we", "us") provides the Nomorro reorder-reminder app, Topoff ("the App"), to merchants ("Merchants") on Shopify. This policy explains what personal data we process and how.

1. Who we are

Nomorro. Questions: privacy@nomorro.com.

2. Data we process

From Merchants: shop domain, store/contact email, and app configuration.

On behalf of Merchants (their customers' data): customer email address; optionally first/last name; and order data (products purchased, quantities, timestamps, order totals, financial status). We request the minimum needed to send reorder reminders — primarily email + order data. We do not process phone numbers, shipping/billing addresses, or payment details.

3. Why we process it

Predict when a customer will run out of a consumable and send a timely reorder reminder email.
Produce ROI/analytics reports for the Merchant (e.g., revenue recovered).
Operate, secure, and support the App.

4. Legal bases (GDPR)

Merchants: performance of our contract and our legitimate interests in operating the App.

Customers' data: we act as a processor on behalf of the Merchant (the controller), who is responsible for the lawful basis for their customer communications. Every reminder includes a one-click unsubscribe.

5. Sharing & subprocessors

We share data only with infrastructure subprocessors:

Amazon Web Services (AWS) — hosting, database, email delivery; United States.
Shopify — the platform the App runs on.

We do not sell personal data or share it for advertising.

6. Retention & deletion

We retain customer data only while the Merchant has the App installed. On uninstall — or on a Merchant's or customer's request — we delete the associated data, implemented automatically via Shopify's GDPR customers/redact and shop/redact webhooks. Unsubscribes are honored immediately via a suppression list.

7. Security

Data is encrypted in transit (TLS) and at rest (encrypted database storage). Access is least-privilege and restricted.

8. Your rights

You may have rights to access, correct, delete, or restrict processing of your personal data. Customers should contact the Merchant they purchased from; Merchants can contact us at privacy@nomorro.com. We also support deletion via Shopify's data-redaction webhooks.

9. International transfers

Data is processed in the United States (AWS us-east-1). Where required, we rely on appropriate safeguards for international transfers.

10. Changes

We may update this policy; the "last updated" date reflects the latest version.