StuckOrders ← Back to home
Plain-English note: This is a plain-English summary provided for transparency, not legal advice. Review with your own counsel before relying on it.

Privacy Policy

Last updated: June 15, 2026

StuckOrders ("we," "us," or "our") is a SaaS exception-queue tool for Shopify and ShipStation warehouse and fulfillment teams. This policy explains what information we collect, why we collect it, how we protect it, and your rights over it. We keep this short and direct.

1. Information we collect

We split data collection into two groups: visitors to this website, and paying customers who connect their tools.

Website visitors (the audit-request form)

When you submit a request for a free stuck-order audit, we collect:

  • Your name and company name
  • Your work email address
  • An optional free-text message you choose to include
  • UTM parameters and the HTTP referrer from your browser (so we can understand how you found us)
  • Your IP address, which is processed by Cloudflare Turnstile (bot protection) and recorded in standard server request logs

This information is stored in a Cloudflare D1 database on Cloudflare's US infrastructure. We use it solely to contact you about your audit request and related follow-up. We do not sell it, rent it, or share it with advertisers.

Connected customer data (paying customers)

Once you subscribe and connect your tools, StuckOrders reads — but does not write to — your existing systems:

  • Shopify: OAuth connection limited to the read_orders and read_fulfillments scopes only.
  • ShipStation: A read-only API key you provide.
  • Slack: An incoming webhook URL for sending digest notifications to a channel you designate.
  • Customer-uploaded CSVs: Files you upload manually for returns, receiving, or other exception types.

Connection credentials are stored in an AES-256-GCM encrypted vault. Access within your account is role-based (admin, manager, operator, or viewer). Every configuration change is recorded in an append-only audit log.

2. How we use your information

  • Audit-request leads: To contact you, schedule a walkthrough, and follow up on your request. Nothing else.
  • Connected customer data: To surface stuck and exceptional orders in your StuckOrders queue, generate Slack digests, and produce exports you request.
  • Service improvement: Aggregated, non-identifiable usage patterns may be used to improve the product.

We do not use your data for advertising, we do not build advertising profiles, and we do not sell or rent personal information.

3. Legal bases for processing (GDPR)

If you are located in the EU or UK, our legal bases for processing are:

  • Consent — for the contact form when you voluntarily submit it.
  • Legitimate interest — to operate and improve the service, respond to inquiries, and maintain security.
  • Contract performance — to deliver the subscription service to paying customers.

4. Sub-processors and third parties

We use a small number of third-party services to operate StuckOrders:

  • Cloudflare — hosting (Cloudflare Pages), database (D1), transactional email (Cloudflare Email Sending), bot protection (Turnstile), and optional cookieless web analytics.
  • Stripe — subscription billing. Stripe collects and holds your payment card details directly; StuckOrders never stores full card numbers.
  • Slack — optional incoming-webhook notifications to a channel you configure.

We do not use any other advertising networks, data brokers, or marketing-analytics platforms.

5. Cookies and analytics

We do not set advertising or tracking cookies. If Cloudflare Web Analytics is enabled on this site, it operates without cookies or cross-site tracking. Cloudflare Turnstile may set a short-lived functional cookie solely to verify the bot-protection challenge; no advertising data is derived from it.

6. Security

  • Connection credentials are encrypted with AES-256-GCM at rest.
  • All connections to StuckOrders and to your source systems use TLS in transit.
  • Access is role-based; each team member sees only what their role permits.
  • Every configuration change is written to an append-only audit log.
  • StuckOrders accesses your Shopify and ShipStation data read-only — we cannot place, modify, or delete orders on your behalf.

No security measure is perfect. If you believe you have found a security issue, please contact us at [email protected].

7. Data retention

Lead and contact-form data is kept until you request deletion. We do not apply an automatic expiry to this data, but we will delete it promptly upon request.

Customer account data is retained for the duration of your subscription plus a short period to handle billing disputes, then deleted or anonymized. You may request export or deletion at any time by emailing [email protected].

8. International data transfers

StuckOrders is operated from the United States. Data you submit — including lead information and connected customer data — is processed on Cloudflare's US infrastructure. If you are accessing the service from outside the US, your data will be transferred to and processed in the United States.

9. Children

StuckOrders is a business-to-business service intended for warehouse and fulfillment professionals. It is not directed to individuals under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has submitted information to us, please contact us and we will delete it.

10. Your rights

California residents (CCPA/CPRA)

You have the right to:

  • Know what personal information we have collected about you and how it is used
  • Access a copy of the personal information we hold about you
  • Request deletion of your personal information
  • Opt out of the sale or sharing of your personal information — note that StuckOrders does not sell or share personal information for cross-context behavioral advertising

EU and UK residents (GDPR / UK GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten")
  • Data portability (receive a copy in a machine-readable format)
  • Object to processing based on legitimate interest
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local supervisory authority

11. How to exercise your rights

Email us at [email protected] with your request. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

12. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "last updated" date at the top of this page. Continued use of the service after changes are posted constitutes your acceptance of the revised policy.

13. Contact

All privacy requests and legal notices should be directed to:

StuckOrders
Email: [email protected]