Bookhead Privacy Policy

Last Updated: February 19, 2026

This Privacy Policy describes how Bookhead (“we,” “us,” or “our”) collects, uses, stores, and shares personal information when you use our website at bookhead.net, our applications, integrations, and related services (collectively, the “Services”). This policy applies to all users of our Services, including bookstore merchants (“Merchants”), their customers whose data we process on behalf of Merchants (“End Customers”), and visitors to our website.

1. Services We Provide

Bookhead provides inventory management tools for independent bookstores. Our Services integrate with third-party platforms including Shopify, Squarespace, Booklog, IBIDie, iMRCHNT, eBay, Biblio, and Canva, as well as our ISBN Magic bibliographic tool (Google Sheets add-on and API).

Through these integrations, we access and process data from Merchants’ accounts on these platforms to provide inventory management, synchronization, order management, and related functionality.

1.1 Shopify Integration and Data Access

When you install Bookhead on Shopify, we request the following permissions (scopes):

We request only the permissions required to provide our Services. If additional permissions are required for new features (such as order synchronization), we will request your authorization before accessing any new data.

Current Shopify permissions:

  • Product data (read and write): To create, update, and manage book product listings in your Shopify store, including product tags used for automated collections
  • Inventory data (read and write): To read and update inventory levels across store locations
  • Location data (read): To identify store locations for inventory management
  • Order data (read): To receive and display Shopify orders alongside your inventory

We respond to all of Shopify’s mandatory privacy webhooks:

  • customers/data_request — We provide any stored customer data upon request
  • customers/redact — We delete customer personal data when requested
  • shop/redact — We delete all store data within 30 days of app uninstallation

2. Information We Collect

2.1 Information from Merchants

When you create a Bookhead account or subscribe to our Services, we collect:

  • Name, email address, and contact information
  • Business name and address
  • Billing and payment information (for non-Shopify Merchants, processed by Stripe; we do not store full credit card numbers. Shopify Merchants are billed through Shopify’s billing system, and we do not collect or process their payment information directly)
  • Login credentials and API keys for connected platform accounts

2.2 Information from Connected Platforms

When a Merchant connects their accounts on Shopify, Squarespace, Booklog, IBIDie, iMRCHNT, eBay, Biblio, Canva, or other supported platforms, we access and process:

  • Product and inventory data: titles, ISBNs, descriptions, prices, stock quantities, images, and categories
  • Order data: order IDs, line items, order totals, timestamps, fulfillment status, and shipping information
  • End Customer data: names, email addresses, and shipping addresses as included in order records
  • Store configuration data: locations, tax settings, and channel-specific settings

We process the minimum personal data required to provide our inventory management and synchronization functionality to Merchants.

The specific data accessed varies by platform and the permissions granted by the Merchant during installation. Not all data types listed above are accessed from every platform. For example, the Shopify integration accesses only product and collection data, while other platform integrations may include order and customer data.

2.3 AI-Powered Features

Bookhead offers AI-powered features, including a chat-based assistant that helps Merchants understand and manage their inventory. When you use these features, product and inventory data from your connected platforms may be sent to Anthropic’s API for processing. We do not send End Customer personal data (such as names, email addresses, or shipping addresses) to AI providers. Data sent to Anthropic is processed under Anthropic’s commercial API terms and is not used to train their models.

2.4 Information Collected Automatically

When you visit our website or use our Services, we automatically collect:

  • IP address, browser type, and operating system
  • Pages visited, referring URLs, and interaction data
  • Cookies and similar tracking technologies (see Section 7)

2.5 ISBN Magic

If you use our ISBN Magic Google Sheets add-on or API, we process ISBNs you submit to retrieve bibliographic metadata. We do not store the contents of your Google Sheets. ISBN Magic’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing our Services: Managing and synchronizing inventory, processing orders, generating analytics, and managing product listings on behalf of Merchants
  • Account management: Creating and maintaining your account, processing payments, and communicating with you about your subscription
  • Improving our Services: Analyzing usage patterns, diagnosing technical issues, and developing new features
  • Customer support: Responding to inquiries and troubleshooting issues
  • Legal compliance: Meeting our obligations under applicable laws and regulations

We do not use End Customer personal data for marketing, advertising, profiling, or any purpose other than providing our inventory management Services on behalf of the Merchant.

4. How We Share Your Information

We share personal information only in the following circumstances:

4.1 Platform Integrations

We transmit product, inventory, and order data between the platforms you have connected through our Services. This is the core functionality of Bookhead, and data is only shared between platforms that you have explicitly authorized.

4.2 Sub-processors

We use the following third-party service providers to operate our Services:

Sub-processor Purpose Location
DigitalOcean Cloud infrastructure and hosting United States
Cloudflare DNS, CDN, and security United States
Render Application hosting United States
Stripe Payment processing United States
Google Analytics Website analytics United States
SendGrid Transactional email United States
Anthropic AI-powered features (API) United States

We maintain data processing agreements with our sub-processors that require them to protect personal data in accordance with this policy.

We may disclose personal information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

If Bookhead is acquired, merged, or sells substantially all of its assets, personal information may be transferred as part of that transaction. We will notify affected users of any such change.

We do not sell, rent, or trade personal information to third parties for their marketing purposes.

5. Data Security

We implement industry-standard security measures to protect personal data, including:

  • Encryption in transit: All data transmitted between your browser, our servers, and connected platforms is encrypted using TLS/SSL
  • Encryption at rest: Personal data stored in our databases is encrypted at rest
  • Encrypted backups: Database backups are encrypted
  • Access controls: Staff access to personal data is limited to authorized personnel who require it for their job functions, and all access is logged
  • Strong authentication: We enforce strong password requirements and use secure API key management for platform integrations
  • Separation of environments: Test and production data are maintained in separate environments
  • Incident response: We maintain a security incident response policy and will notify affected parties in the event of a data breach in accordance with applicable law

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes described in this policy:

  • Merchant account data: Retained for the duration of your subscription and for up to 12 months following account cancellation, after which it is deleted unless retention is required for legal or accounting purposes
  • End Customer data (order and customer records): Retained for the duration of the Merchant’s subscription. Upon Merchant account deletion or platform disconnection, End Customer data is deleted within 30 days
  • Automatically collected data (logs, analytics): Retained for up to 24 months
  • Billing records: Retained for up to 7 years as required for tax and accounting compliance

Merchants may request deletion of their data at any time by contacting us at support@bookhead.net.

7. Cookies

We use cookies and similar technologies on our website for:

  • Essential cookies: Required for the website and Services to function (session management, authentication)
  • Analytics cookies: Used to understand how visitors interact with our website (Google Analytics)

We do not use advertising or behavioral targeting cookies. You can control cookies through your browser settings. Disabling essential cookies may impair your ability to use our Services.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete data
  • Deletion: Request that we delete your personal data
  • Portability: Request a copy of your data in a structured, machine-readable format
  • Objection / Opt-out: Object to certain processing of your data, including opting out of any data sharing or sale (we do not sell data)
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us at support@bookhead.net. We will respond within 30 days.

8.1 For End Customers

If you are an End Customer of a Merchant using Bookhead, please direct data access, correction, or deletion requests to the Merchant. Bookhead processes End Customer data on behalf of the Merchant and will cooperate with the Merchant to fulfill such requests. If a Merchant is unable to assist, you may contact us directly.

8.2 Shopify Merchants

When a Merchant uninstalls the Bookhead app from Shopify, we will delete all End Customer personal data associated with that store within 30 days of receiving Shopify’s data deletion webhook. We comply with Shopify’s mandatory privacy webhooks, including customers/data_request, customers/redact, and shop/redact.

9. International Data Transfers

Bookhead is based in the United States. If you are located outside the United States, your personal data will be transferred to and processed in the United States. We take appropriate safeguards to ensure your data is protected in accordance with applicable data protection laws, including the use of standard contractual clauses where required.

10. Children’s Privacy

Our Services are intended for use by businesses and are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will delete it promptly.

11. Do Not Track

We do not currently respond to “Do Not Track” browser signals, as there is no industry-standard interpretation of these signals.

12. Platform-Specific Provisions

12.1 Shopify

Bookhead accesses Shopify store data through Shopify’s API with permissions granted by the Merchant during app installation. We comply with Shopify’s protected customer data requirements and process only the minimum data required to provide our Services. We respond to all Shopify mandatory privacy webhooks.

12.2 Squarespace

Bookhead accesses Squarespace store data through the Squarespace API with permissions granted by the Merchant via OAuth. Data processing is limited to inventory management and order management.

12.3 Canva

Bookhead integrates with Canva to enable Merchants to create marketing materials using their product data. We access only the data necessary to provide this integration and comply with Canva’s developer terms.

12.4 Other Platform Integrations (Booklog, IBIDie, iMRCHNT, eBay, Biblio)

Bookhead connects with these platforms using API connections or file-based data exchange as authorized by the Merchant. We process product, inventory, and order data as necessary to provide inventory management Services.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Merchants of material changes via email or through our Services. The updated policy will be posted on this page with the revised “Last Updated” date. Your continued use of our Services after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Bookhead Email: support@bookhead.net

bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead bookhead
support | privacy policy | terms of service