Privacy Policy

Loot Ledger Privacy Policy

Last updated: January 8, 2026

1. Introduction

Loot Ledger (“Loot Ledger,” “we,” “us,” or “our”) is a web-based application operated by Simran Bains, designed to help merchants manage video game inventories and collections, including syncing relevant data with third-party platforms such as Shopify.

This Privacy Policy applies to the Loot Ledger website, web application, and any integrations or connectors provided by Loot Ledger. It explains how we collect, use, store, and protect information when merchants use Loot Ledger.

2. Scope & Roles

Loot Ledger operates in a hybrid role:

  • As a data processor / service provider, when processing Shopify merchant data (including customer and order data) strictly on behalf of the merchant and in accordance with their instructions.
  • As a data controller, for Loot Ledger account information such as account credentials, configuration settings, and operational metadata.

3. Information We Collect

Merchant Account Data

  • Account identifiers
  • Business name
  • Contact email address
  • Application configuration and settings

Shopify Data (Merchant-Controlled)
When a merchant connects Shopify, Loot Ledger may access and store:

  • Products and variants
  • Inventory levels and locations
  • SKUs and barcodes
  • Cost and price fields
  • Orders
  • Customer data, including names, contact details, and addresses

Loot Ledger accesses only the data necessary to provide the core syncing, inventory management, pricing, and analytics functionality requested by the merchant.

4. How We Use Information

We use collected data solely to:

  • Sync inventory, product, order, and customer data between Loot Ledger and Shopify
  • Provide inventory tracking, collection management, market pricing data, and analytics
  • Maintain data consistency across connected platforms
  • Operate, maintain, and improve Loot Ledger functionality

We do not:

  • Sell, rent, or trade merchant or customer data
  • Use data for advertising or marketing
  • Aggregate or benchmark merchant data across merchants

5. Data Sync & Merchant Control

  • Merchants explicitly initiate Shopify connections
  • Merchants may selectively link inventory items to Shopify
  • Linked items and associated data may sync automatically to reflect updates on either platform
  • Certain data types, such as orders and customers, may sync automatically as part of core functionality
  • Merchants may disconnect Shopify at any time

6. Data Retention & Deletion

  • When a merchant disconnects Shopify or uninstalls the app, synced Shopify data is deleted from Loot Ledger systems
  • Deleted data may remain in encrypted backups for up to 30 days, after which it is permanently removed
  • Merchants may request data access, export, or deletion at any time by contacting devteam@lootledger.app

7. Legal Bases for Processing

Where applicable (including GDPR jurisdictions), Loot Ledger processes data based on:

  • Performance of a contract
  • Merchant instructions and authorization
  • Legitimate interests related to operating, securing, and improving the service

8. GDPR Rights

Loot Ledger supports rights available under GDPR, including:

  • Access to personal data
  • Correction
  • Data portability
  • Deletion

Requests may be submitted via devteam@lootledger.app and will be handled within a reasonable timeframe.

9. CCPA / CPRA Rights

Loot Ledger does not sell or share personal data as defined under CCPA/CPRA.

California residents may request:

  • Disclosure of personal data collected
  • Deletion of personal data

Requests may be submitted via devteam@lootledger.app.

10. Cookies & Tracking Technologies

Loot Ledger uses essential cookies and similar technologies required to operate the website and application, such as maintaining user sessions and security. Loot Ledger does not use cookies for advertising or cross-site tracking.

11. Security Measures

Loot Ledger implements reasonable administrative, technical, and organizational safeguards, including:

  • Encryption of data in transit and at rest
  • Role-based access controls
  • Logging and monitoring of system access
  • Restricted production access limited to authorized personnel

12. Third-Party Infrastructure

Loot Ledger is hosted on Microsoft Azure. Data may be processed and stored using cloud infrastructure necessary to operate the service.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the service or website.

14. Contact

For privacy-related inquiries or requests:
devteam@lootledger.app