Privacy Policy
Effective date: 25 March 2025
1. Who we are
NET30 (“we”, “us”, “our”) is a Shopify application that enables merchants to offer net payment terms (Net 15, Net 30, Net 60) to their B2B customers, and to manage invoicing, payment tracking, and account statements directly inside Shopify admin. NET30 is operated from the United Kingdom.
For privacy enquiries, contact us at hello@net30.app.
2. Scope of this policy
This policy explains how we collect, use, store, and protect data when a Shopify merchant installs NET30 from the Shopify App Store. It covers:
- Data about the merchant and their Shopify store (“Merchant Data”)
- Data about the merchant’s end-customers that we process on the merchant’s behalf (“Customer Data”)
In relation to Customer Data, we act as a data processor and the merchant acts as the data controller. Merchants are responsible for ensuring they have a lawful basis to share their customers’ data with us.
3. Data we collect
3.1 Merchant Data
- Shopify store domain and shop name
- Shopify access token (used to read/write orders, customers, and draft orders via the Shopify API)
- App configuration and settings you create within NET30
3.2 Customer Data (processed on your behalf)
- Customer names and email addresses
- Billing addresses
- Invoice records (line items, amounts, due dates, payment status)
- Payment records manually entered by the merchant
- Credit limit, credit grade, and net terms settings per customer
- Internal notes added by the merchant
3.3 What we do NOT collect
- Payment card numbers or bank account details — no card data ever passes through or is stored by NET30
- Passwords
- Data from store visitors who are not customers approved for net terms
4. How we use your data
We use the data we collect to:
- Provide the NET30 service — generating invoices, tracking payments, and managing net terms
- Send automated payment reminder emails to end-customers on the merchant's behalf (via Resend). These emails are sent only in relation to invoices created within NET30
- Generate and deliver account statements (PDF) to end-customers on the merchant's behalf
- Communicate with merchants about their account, updates, or support
- Maintain the security and integrity of the service
We do not use Customer Data for any purpose other than delivering the NET30 service to the merchant. We do not sell, rent, or share personal data with third parties for marketing purposes.
5. How we store your data
All data is stored in a PostgreSQL database hosted on Railway (railway.app). Railway operates infrastructure in the United States. By installing NET30, merchants acknowledge that data may be transferred to and stored in the US.
We take reasonable technical measures to protect data, including encrypted connections (TLS) for all data in transit and access controls on our database.
6. Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Shopify | App platform; order and customer data source | Store domain, access token |
| Railway | Database and app hosting | All stored app data |
| Resend | Transactional email delivery | Customer name, email, invoice details |
No other third parties receive personal data in connection with NET30.
7. Data retention
We retain Merchant Data and Customer Data for as long as the merchant’s NET30 installation is active. When a merchant uninstalls NET30, we will delete their data within 30 days unless we are required by law to retain it for longer.
Merchants may request immediate deletion of their data at any time (see Section 8).
8. Your rights (GDPR & CCPA)
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data (“right to be forgotten”)
- Portability — request your data in a machine-readable format
- Restriction — request that we limit how we process your data
- Objection — object to certain types of processing
California residents (CCPA): You have the right to know what personal information we collect, to delete it, and to opt out of its sale. We do not sell personal information.
To exercise any of these rights, contact us at hello@net30.app. We will respond within 30 days.
Note for end-customers: If you are an end-customer of a merchant using NET30 and wish to exercise your rights, please contact the merchant directly. We will assist merchants in responding to such requests.
9. Cookies
The NET30 app operates inside Shopify admin and does not set cookies on your storefront or on this marketing website (net30.app). Shopify may set its own cookies as part of the app installation and authentication flow — please refer to Shopify’s Privacy Policy for details.
10. Children’s privacy
NET30 is a business tool intended solely for use by merchants and their business customers. We do not knowingly collect data from anyone under the age of 18.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. Continued use of NET30 after changes are posted constitutes acceptance of the updated policy.
12. Contact
For any questions or concerns about this Privacy Policy or how we handle your data: