Data Retention Policy
Last updated: 2026-04-24
This Data Retention Policy describes how long Econocraft Materials LLC ("Econocraft") retains data processed through Autoprinter (the "Service") and how that data is deleted. This policy supplements the Privacy Policy and the Data Processing Agreement.
1. Retention Schedule
The table below summarizes retention periods. Each entry is described in more detail in the sections that follow.
| Data type | Retention period | Trigger for deletion |
|---|---|---|
| Shopify order data pulled via the Admin API | While Autoprinter is installed | Purged within 30 days of Shopify app/uninstalled webhook |
| Active print job records | While Autoprinter is installed | Purged within 30 days of app/uninstalled webhook |
| Completed print job records (including rendered HTML and any shipping-label PDF URLs) | 30 days after completion | Automatic rolling prune; full purge within 30 days of app/uninstalled |
| Merchant account and shop configuration | While Autoprinter is installed | Purged within 30 days of app/uninstalled webhook |
| Shopify OAuth access tokens | While Autoprinter is installed and the token remains valid | Revoked/deleted on uninstall, token rotation, or credential revocation |
| Shopify session tokens | Short-lived per Shopify session-storage defaults | Invalidated on token refresh or session expiry |
| Device pairing tokens (hashed) | While the paired device remains active | Deleted when the device is revoked or the app is uninstalled |
| Sentry error events | 90 days | Sentry free-tier automatic expiry |
| Audit log entries (print job create, claim, complete, fail) | 90 days | Automatic rolling purge |
Customer data access request on customers/data_request webhook |
Retained under the normal schedule | Responsive data is provided to the Merchant; this webhook does not trigger deletion |
Customer-specific data on customers/redact webhook |
Purged within 30 days of webhook receipt | Shopify customers/redact webhook |
Shop-specific data on shop/redact webhook |
Purged immediately on webhook receipt | Shopify shop/redact webhook |
2. Order Data and Print Job Records
Shopify order data (including customer names, shipping and billing addresses, phone numbers, email addresses, line items, and order metadata) and active print job records are retained for the duration of the merchant's Autoprinter installation. Completed print job records, including the rendered HTML stored alongside each job and any shipping-label PDF URLs forwarded by the Chrome Extension, are automatically pruned 30 days after completion. The dashboard performs this prune on each load, and the Settings page also offers a manual purge control.
On receipt of the Shopify app/uninstalled webhook, all order data and print job records associated with the uninstalling shop are purged within 30 days.
3. Merchant Account and Shop Configuration
Merchant account information, templates, routing rules, workstation records, printer assignments, and other configuration data are retained for the duration of the merchant's Autoprinter installation. On app/uninstalled, this data is purged within 30 days along with order data and print job records.
4. Shopify Tokens
The Service uses two different kinds of Shopify-issued tokens.
OAuth access tokens. The Service stores the Shopify OAuth access token issued at installation so that it can call the Shopify Admin API on the Merchant's behalf. OAuth access tokens are retained while Autoprinter is installed and the token remains valid. They are deleted when the Merchant uninstalls the app, when Shopify rotates or revokes the token, or when the credential is otherwise invalidated.
Session tokens. The Service also uses short-lived Shopify-issued session tokens for in-session authentication. These tokens are rotated in accordance with Shopify's session-storage defaults. Expired tokens are invalidated; new tokens are issued on refresh. Econocraft does not retain session tokens beyond their Shopify-defined lifetime.
5. Device Pairing Tokens
Each paired client (Desktop Utility or Chrome Extension) authenticates with a device token that is stored in hashed form using SHA-256. The raw token is returned to the client once at pairing time and is never stored by Econocraft. Hashed tokens are retained for the life of the paired device and are deleted when the device is revoked (via the Workstations page or the Settings page) or when the app is uninstalled.
6. Error Tracking (Sentry)
Error events, including stack traces and redacted HTTP request metadata, are transmitted to Sentry for diagnostic purposes. Sentry retains these events for 90 days under its free-tier default retention policy. Headers named authorization, cookie, and x-shopify-access-token are stripped from every event before upload. Sentry does not receive order data.
7. Audit Log
The Service maintains an internal audit log of print job lifecycle events (create, claim, complete, fail). This log is used for diagnostic purposes and to support customer troubleshooting. Entries are retained for 90 days, after which they are automatically purged.
8. Shopify Lifecycle and Privacy Webhooks
Econocraft implements the Shopify app-lifecycle webhook and the three mandatory Shopify privacy webhooks.
app/uninstalled(app-lifecycle webhook) — triggered when the Merchant uninstalls Autoprinter. On receipt, all remaining merchant data is purged within 30 days.customers/data_request(mandatory privacy webhook) — triggered when Shopify passes along a customer data-access request. On receipt, Econocraft provides the Merchant with the responsive customer and order data that remains in Autoprinter. This webhook does not trigger deletion.customers/redact(mandatory privacy webhook) — the specified customer's personal data is purged within 30 days of webhook receipt, in compliance with Shopify's service-level requirement.shop/redact(mandatory privacy webhook) — Shopify sends this webhook 48 hours after a shop uninstalls the app, for shops that have requested redaction, in accordance with Shopify's data-redaction policies. On receipt, the specified shop's remaining data is purged immediately.
9. Deletion Methods
"Purged" means the affected records are deleted from the production PostgreSQL database and are no longer reachable through the Service. Database backups containing the purged records are retained by Railway on rolling windows under Railway's platform policies; backup data is overwritten in the ordinary course and is not used for any purpose other than platform-level disaster recovery. If a backup containing previously purged data is restored for disaster-recovery reasons, Econocraft will re-run the applicable deletion process so the restored records are removed again.
10. Legal Holds
Econocraft may retain data longer than the periods described above if required by applicable law, subpoena, court order, or other legal process, or to enforce its rights under the Terms of Service. Retention under a legal hold is limited to the data strictly required and ends as soon as the legal obligation is satisfied.
11. Contact
Retention inquiries and data deletion requests:
Econocraft Materials LLC 14255 N 79th St STE 4 Scottsdale, AZ 85260 United States Email: garrett@econocraftmaterials.com (canonical) or support@autoprinter.app