Saanvi Apps
Request access

Privacy Policy — SpendGuard

Effective date: January 28, 2026

This Privacy Policy explains how SpendGuard ("we," "us," or "our") collects, uses, and protects information when you use the SpendGuard Shopify app. SpendGuard is operated by Saanvi Apps("Saanvi Apps," "we," "us").

1) What Data We Access from Shopify

When you install SpendGuard, we access the following data from your Shopify store:

  • Product and variant identifiers: Product IDs, variant IDs, SKUs, and product titles
  • Inventory levels: Current inventory quantities for products and variants. For products, we calculate total available inventory across all variants.

We access this data via Shopify's API and webhooks to monitor inventory levels and determine when to pause or resume ads.

2) What Data We Access from Google Ads and Meta Ads

When you connect your Google Ads or Meta Ads account, we access:

  • Account and customer IDs: To identify your Google Ads account or Meta Ad Account ID
  • Ad entity IDs and metadata: Ad names, IDs, and status information
  • Ad status changes: To pause and resume ads based on inventory rules
  • Minimal account metadata: Account name, timezone, and currency (if stored) — only what's necessary for operation
  • Connected user information: Name and email address of the Google or Meta account used to connect. We use this to display the connected account in the app interface and for notifications and support communications.

We do not access click-level data, conversion data, or any end-customer personal information from Google Ads or Meta Ads.

3) What We Store

We store the following information:

  • OAuth tokens: Encrypted tokens for Shopify, Google Ads, and Meta Ads API access
  • Guard configuration: Your guard settings, including selected ads, inventory thresholds, and rules
  • Action logs: Records of when ads were paused or resumed, including timestamps and reasons

OAuth tokens are encrypted at rest. Other data is stored in secured infrastructure with standard disk/database encryption provided by our hosting providers. All data is transmitted over encrypted connections (HTTPS/TLS).

4) What We Do NOT Store

We explicitly do not store:

  • End-customer personal information (names, emails, addresses, phone numbers)
  • Click-level or impression-level ad data
  • Conversion or transaction data
  • Payment card information
  • Any data beyond what's necessary to operate the service

5) Sharing, Transfer, and Disclosure of Google User Data and Meta User Data

We do not sell Google user data or Meta user data. We do not share Google user data or Meta user data for advertising or marketing purposes outside of operating SpendGuard.

We may share, transfer, or disclose Google user data and Meta user data with the following recipients:

  • DigitalOcean: Our hosting/infrastructure provider. SpendGuard (including our application and database) runs on DigitalOcean servers. Google user data and Meta user data (e.g., Google Ads account/ad information, Meta Ad Account information, and the connected user name/email) is stored and processed on this infrastructure. DigitalOcean processes this data only to provide hosting and related infrastructure services to us.
  • Resend: Our email delivery provider. We may share Google user data and Meta user data (e.g., the connected user email address and ad names/statuses included in notifications) with Resend to send alert emails. Resend processes this data only to deliver emails on our behalf.
  • Google APIs: As part of providing the SpendGuard service, we transmit Google user data to Google's APIs (Google Ads API and Google userinfo API) to connect accounts, fetch account and ad information, and pause/resume selected ads. This transmission is necessary to operate the service you requested.
  • Meta APIs: As part of providing the SpendGuard service, we transmit Meta user data to Meta's APIs (Meta Ads API) to connect accounts, fetch account and ad information, and pause/resume selected ads. This transmission is necessary to operate the service you requested.
  • Legal compliance and safety: We may disclose data if required by law or to protect safety/security.
  • Business transfers: Data may be transferred in a merger/acquisition/asset sale, subject to this policy.

6) Why We Use the Data

We use the data solely to:

  • Evaluate inventory thresholds based on your configured rules
  • Automatically pause selected ads when inventory drops below thresholds
  • Automatically resume ads when inventory recovers above thresholds
  • Maintain audit logs of all actions taken
  • Provide you with visibility into guard activity

We do not use your data for advertising, marketing to third parties, or any purpose other than operating SpendGuard as described.

7) Data Retention

We retain data as follows:

  • OAuth tokens: Retained while the app is installed. Tokens are deleted from our systems upon uninstall and access ceases once tokens are removed.
  • Guard configurations: Retained while the app is installed. Deleted upon uninstall.
  • Action logs: Retained for 90 days after the action, then automatically deleted.

You can request deletion of your data at any time (see Section 9).

8) Data Deletion

When you uninstall SpendGuard:

  • OAuth tokens are deleted from our systems and access ceases
  • Guard configurations are deleted
  • Action logs are retained for 90 days, then automatically deleted

You can also request immediate deletion of all your data by contacting us at hello@saanvi.ai with your shop domain and a deletion request. We will process deletion requests within 30 days.

9) Subprocessors

We use third-party service providers (subprocessors) to operate SpendGuard. These include:

  • Hosting: Cloud infrastructure providers for hosting the application
  • Database: Managed database services for storing guard configurations and logs
  • Email: Email service providers for sending notifications and support communications
  • Error logging: Error tracking and logging services for monitoring and debugging

All subprocessors are required to maintain appropriate security measures and use data only as instructed by us.

10) Security

We implement security measures including:

  • Encryption: OAuth tokens are encrypted at rest. All data is transmitted over encrypted connections (HTTPS/TLS)
  • Least-privilege access: We only request the minimum API permissions needed to operate
  • Access controls: Limited access to data on a need-to-know basis
  • Regular security reviews: Ongoing assessment of security practices

However, no system is 100% secure. We cannot guarantee absolute security, but we follow industry best practices appropriate for the data we handle.

11) Your Rights

Depending on your location, you may have rights including:

  • Access to your personal data
  • Correction of inaccurate data
  • Deletion of your data
  • Portability of your data
  • Objection to processing

To exercise these rights, contact us at hello@saanvi.ai.

12) Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Effective date" above. Continued use of SpendGuard after changes constitutes acceptance of the updated policy.

13) Contact / Company Details

If you have questions about this Privacy Policy or your data, contact:

Saanvi Apps
Email: hello@saanvi.ai
Location: India