Last updated: 2026-06-28
Basket Boost ("the App", "we", "us") is a Shopify app that mines a merchant's own
order history to find which products are frequently bought together, and surfaces
those associations as product recommendations and a storefront block. This policy
explains exactly what data the App accesses, why, and how it is handled.
This policy is for merchants who install Basket Boost on their Shopify store.
The App does not have its own end-user accounts; it operates inside the Shopify
admin of the installing store.
Basket Boost is a Protected Customer Data (PCD) Level 1 app. It reads order
line items (product ids and quantities) to compute product affinities. It does
not request, read, or store any customer personal data — no names, emails,
phone numbers, shipping or billing addresses, IP addresses, or payment details.
The baskets handed to the mining engine are arrays of product ids only and cannot
identify a customer.
The App requests exactly these Shopify access scopes — no more:
| Scope | Why |
|---|---|
| read_orders | To read each order's line items (product ids + quantities) within a configurable lookback window, so we can compute which products co-occur in baskets. We do not read customer, shipping, or financial fields. |
| read_products | To mirror product titles, handles, images and price, so the dashboard and the storefront block can show product names instead of raw ids. |
| write_products | To write one app-owned product metafield (basketboost.fbt, type json) holding each product's recommended complements, which the theme block reads. We never edit your product content, price, inventory, or any other field. |
We do not request read_customers, read_all_orders, fulfillment, or any
financial/PII scope.
co-occurrence counts; per-product ranked recommendations; and per-mine snapshot
counts (orders analyzed, multi-item orders, products seen, pairs found,
coverage). These are statistics and product ids only.
currency, for display.
selected plan and subscription status, and your mining settings.
and phase only).
We store no customer personal data of any kind.
The App writes a single product metafield, basketboost.fbt, on products that
have mined recommendations. It contains the recommended products' display data
(title, handle, image, price) and the measured lift/confidence. It is set to
storefront-readable so the theme block can render it. We write nothing else.
Solely to compute and display frequently-bought-together associations for your
store, inside your admin and on your storefront. We do not use your data to
train any model, we do not combine data across merchants, and we do not
sell or share it. There is no AI/LLM processing in this App; the engine is plain
arithmetic over your own baskets.
at basketboost.syncerp.work, with a PostgreSQL database and Redis cache on the
same host. Order and product data is processed transiently to compute statistics
and is not retained as raw orders.
We use no third-party AI provider, analytics broker, or advertising network.
installed, refreshing them on each mine.
app/uninstalled) we mark your shop inactive and stopprocessing.
shop/redact webhook we delete all of your shop's rows fromour database.
customers/data_request and customers/redact webhooks areacknowledged truthfully: we hold no customer personal data to return or erase.
Because the App stores no customer personal data, there is no customer PII to
access, rectify, port, or erase. For the merchant account data we hold (shop
domain, plan, settings), you may request access or deletion by uninstalling the
App or contacting us; uninstall + shop/redact removes it.
Access tokens are encrypted at rest (AES-256-GCM). All traffic is over HTTPS.
Webhooks are verified by HMAC and de-duplicated. Database access is restricted to
the App's own service.
We may update this policy; the "Last updated" date reflects the latest version.
Questions about privacy or data: gheorghe.beschea@overheat.agency.