Privacy Policy
Last Updated: January 16, 2026
Introduction
This Privacy Policy explains how Success Variable LLC ("we," "us," or "our") collects, uses, discloses, and protects your information when you use the Auto Capture application ("App" or "Service") for BigCommerce.
By installing, accessing, or using Auto Capture, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree to this policy, please do not install or use our App.
This policy applies to all users of Auto Capture, including BigCommerce store owners, administrators, and authorized personnel who access the App through the BigCommerce control panel.
Who We Are
Auto Capture is operated by:
For any privacy-related inquiries, data subject requests, or concerns about how we handle your data, please contact us at the email addresses above.
Information We Collect
We collect the following categories of information:
Store Information
- Store hash (unique BigCommerce store identifier)
- Store name and URL
- Store owner email address
- OAuth access tokens (encrypted, for API access)
- Authorized permission scopes
User Information
- BigCommerce user ID
- User email address
- Session data for authentication
Order Information
- Order IDs and status information
- Order totals and currency codes
- Payment method types
- Customer email addresses (from orders)
- Item counts and inventory data
- Order timestamps
Billing Information
- Stripe customer ID
- Subscription status and plan information
- Payment method type and last 4 digits (not full card numbers)
- Billing period dates
Usage and Log Data
- Webhook event logs (order events processed)
- Actions taken by the automation system
- Error logs for troubleshooting
- Feature usage patterns (aggregated)
How We Collect Information
We collect information through the following methods:
OAuth Authorization
When you install Auto Capture from the BigCommerce Marketplace, you authorize our application to access your store data through BigCommerce's OAuth flow. This grants us access tokens with specific, limited permissions.
Webhooks
We register webhooks with BigCommerce to receive real-time notifications about order events (creation and status updates). This allows us to automate order processing according to your configured settings.
API Calls
When processing orders, we make API calls to BigCommerce to retrieve order details, check inventory levels, and perform authorized actions like payment capture or status updates.
Direct Input
You provide information directly when configuring automation settings, adding email recipients for notifications, or managing your subscription.
How We Use Your Information
We use the collected information for the following purposes:
Service Delivery
- Authenticating your access to the App
- Processing orders according to your automation settings
- Automatically updating order statuses
- Capturing authorized payments when triggered
- Checking inventory levels for in-stock orders
- Sending email notifications about capture events
Billing and Account Management
- Processing subscription payments through Stripe
- Tracking usage for billing purposes
- Managing your subscription and plan changes
Analytics and Improvements
- Providing dashboard statistics and insights
- Identifying and fixing technical issues
- Improving App functionality and performance
Communication
- Sending transactional emails (capture notifications, daily digests)
- Responding to support requests
- Notifying you of important service updates
Legal Basis for Processing
We process your personal data under the following legal bases, as required by GDPR and similar regulations:
Contract Performance
Processing is necessary to fulfill our contractual obligations to you, including providing the automation services you have subscribed to.
Legitimate Interests
We process data for our legitimate business interests, including service improvement, security, fraud prevention, and analytics. We balance these interests against your privacy rights.
Consent
Where required, we obtain your consent before processing, such as for marketing communications or optional features. You may withdraw consent at any time.
Legal Obligations
We may process data to comply with legal requirements, such as tax regulations, court orders, or regulatory requests.
Data Sharing and Third Parties
We do not sell your personal data. We share information only in the following circumstances:
Service Providers (Sub-processors)
We use the following third-party services to operate Auto Capture:
| Provider | Purpose | Data Shared |
|---|---|---|
| BigCommerce | Platform integration | Store data, orders, API calls |
| Neon (PostgreSQL) | Database hosting | All stored data (encrypted) |
| Stripe | Payment processing | Billing data, email |
| Trigger.dev | Background job processing | Order data for processing |
| Resend | Email delivery | Recipient emails, order info |
| Vercel | Application hosting | Request logs, performance data |
Legal Requirements
We may disclose information if required by law, court order, or governmental request, or to protect our rights, property, or safety, or that of our users or others.
Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have.
Data Security
We implement robust security measures to protect your data:
- Encryption in Transit: All data transmitted between your browser, BigCommerce, and our servers uses TLS/HTTPS encryption.
- Encryption at Rest: Sensitive data, including OAuth tokens and session data, is encrypted in our database.
- Access Controls: We employ strict access controls and follow the principle of least privilege.
- Secure Token Storage: BigCommerce access tokens are stored securely and never exposed to client-side code.
- Webhook Verification: All incoming webhooks are verified using BigCommerce's signature mechanism.
- Session Security: User sessions are managed using iron-session with secure, HTTP-only cookies.
- Regular Audits: We conduct regular security reviews and keep our dependencies updated.
Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Store credentials | Until app is uninstalled |
| Session data | 7 days (auto-expires) |
| Order records | 12 months, or until uninstall |
| Webhook logs | 90 days |
| Billing records | As required by tax law (typically 7 years) |
Upon Uninstallation
When you uninstall Auto Capture from your BigCommerce store, we will:
- Deactivate your store record and revoke API access
- Delete session data immediately
- Remove webhook registrations from BigCommerce
- Retain billing records as required by law
- Delete remaining data within 30 days upon request
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
GDPR Rights (EU/EEA/UK)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a portable format
- Restriction: Limit how we process your data
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw previously given consent
CCPA Rights (California)
- Know: Know what personal information we collect and how it's used
- Delete: Request deletion of your personal information
- Opt-out: Opt out of the sale of personal information (we do not sell data)
- Non-discrimination: Not be discriminated against for exercising your rights
Exercising Your Rights
To exercise any of these rights, please contact us at privacy@successv.dev. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
Cookies and Tracking
Auto Capture uses minimal cookies strictly necessary for the operation of the service:
| Cookie | Purpose | Duration |
|---|---|---|
| auto_capture_session | Session authentication | 7 days |
We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users. The session cookie is essential for authenticating your access to the App and cannot be disabled.
International Data Transfers
Your data may be transferred to and processed in countries other than your own. Our servers and third-party service providers operate primarily in the United States.
For transfers from the EU/EEA/UK to the United States, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Service providers' Data Processing Agreements (DPAs)
- Compliance with applicable data protection frameworks
Children's Privacy
Auto Capture is a business-to-business application designed for use by BigCommerce store owners and their authorized personnel. We do not knowingly collect personal information from children under the age of 16.
If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@successv.dev.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons.
When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- We will notify you via email or through the App dashboard
- For significant changes, we may require your acknowledgment before continued use
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Success Variable LLC
Privacy Inquiries: privacy@successv.dev
General Support: support@successv.dev
We aim to respond to all privacy-related inquiries within 5 business days.