Privacy Policy

Weekly Brief (“Weekly Brief,” “we,” “us,” or “our”) is a Shopify application operated by Growzilla that delivers a weekly performance summary of Shopify and connected advertising data to merchants. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to merchants who install our application from the Shopify App Store and to visitors of weeklybrief.xyz.

We collect only the information needed to deliver the service.

Information from your Shopify store

When you install the app, Shopify grants us read-only access to the following resources via the Shopify Admin API: shop profile, orders, products, customers, and reports. We do not request, and cannot perform, any write operations on your store.

Information from connected advertising accounts

If you choose to connect a Meta (Facebook) Ads account, we receive read-only access to ad account insights such as ad spend, impressions, clicks, ROAS, and CPA. We do not receive or store your Meta login credentials.

Information you provide directly

The email address associated with your Shopify account, plus any configuration you set inside the app (such as delivery day or recipient list).

Usage information

Standard server logs (IP address, timestamps, user agent) for security, debugging, and abuse prevention.

We use the information described above to:

• Generate and deliver your weekly performance brief.
• Authenticate your store and maintain your session.
• Monitor service health, security, and abuse.
• Communicate with you about the service, updates, and outages.
• Comply with legal obligations.

We do not sell your data, we do not rent it, and we do not use it for advertising or profiling. We do not use customer-level data for any purpose other than producing aggregate statistics shown in your brief.

We share data only with the following categories of service providers, strictly to operate Weekly Brief:

• Hosting and infrastructure: Vercel for site delivery; managed cloud database providers for storage.
• Email delivery: A transactional email provider to send your weekly brief.
• Error monitoring: Industry-standard error and performance monitoring tools.

These providers are bound by contracts that restrict their use of your data to the services they perform for us. We may also disclose information when required by law, when necessary to protect our rights, or in connection with a corporate transaction (such as a merger or acquisition).

We retain merchant configuration and performance history for the lifetime of your account so we can build accurate week-over-week comparisons. Server logs are retained for up to 90 days. If you uninstall the app, we delete or anonymize your data within 30 days unless retention is required by law.

Depending on your jurisdiction, you may have the right to access, correct, export, restrict, object to, or delete the personal information we hold about you, or to withdraw consent at any time. To exercise these rights, email privacy@weeklybrief.xyz. We will respond within the time required by applicable law (generally 30 days).

California residents have rights under the CCPA, including the right to know what personal information is collected, the right to delete personal information, and the right not to be discriminated against for exercising those rights. We do not sell personal information.

Residents of the EEA, UK, and Switzerland have rights under the GDPR and equivalent laws. Our lawful basis for processing is the performance of our contract with the merchant and our legitimate interest in operating and securing the service.

In line with Shopify’s requirements, we implement the following mandatory webhooks:

• customers/data_request — when Shopify forwards a customer data access request, we provide any personal data we hold for that customer.
• customers/redact — when Shopify forwards a customer deletion request, we delete personal data for that customer.
• shop/redact — when a store has been closed and 48 hours have elapsed, we delete all data associated with that store.

We use industry-standard administrative, technical, and physical safeguards to protect your information, including encryption in transit (TLS), encryption at rest, least-privilege access controls, and regular security reviews. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Weekly Brief is operated from the United States. If you access the service from outside the United States, your information may be transferred to, stored, and processed in countries other than your own. We use appropriate safeguards, including standard contractual clauses, where required.

Weekly Brief is intended for use by businesses and is not directed to children under 16. We do not knowingly collect personal information from children.

Our marketing site uses a minimal set of strictly necessary cookies. The application itself uses session cookies to keep you logged in. We do not use third-party advertising or tracking cookies.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. Material changes will be communicated to merchants by email or in-app notice prior to taking effect.

For privacy questions or to exercise your rights, contact us at privacy@weeklybrief.xyz. For general support, contact hello@weeklybrief.xyz.

Weekly Brief is operated by Growzilla.