Privacy Policy — Annotrack

The Fresh Lab Ltd  |  Last updated: March 2026

1. Overview

This Privacy Policy explains how The Fresh Lab Ltd (“we”, “us”, “our”) collects, uses, and protects data when you install and use the Annotrack app (“the App”) from the Shopify App Store. By installing the App, you agree to the terms of this policy.

2. Who We Are

The Fresh Lab Ltd is the data controller for information processed through the App.

  • Company: The Fresh Lab Ltd
  • Registered in England & Wales
  • Email:

3. What Data We Collect

The App collects and stores only the data necessary to provide its core functionality.

Store & merchant data:

  • Your Shopify shop domain and associated session tokens (used for authentication)
  • Annotations you create (notes, dates, categories, tags, and any associated text)
  • Custom categories and templates you configure within the App
  • Aggregate order and revenue data fetched from your Shopify store (used to generate impact charts)

Customer data:

The App does not collect, store, or process any personal data belonging to your store's customers. No customer names, email addresses, or order-level personal information are retained by the App.

4. How We Use Your Data

We use the data we collect solely to:

  • Authenticate your session and verify your Shopify store identity
  • Store and retrieve your annotations, categories, and templates
  • Display impact reports and analytics overlaying your annotations against store performance data
  • Manage your subscription and billing via Shopify's billing API

We do not use your data for advertising, profiling, or any purpose beyond operating the App.

5. Legal Basis for Processing (UK GDPR)

We process your data on the following legal bases:

  • Contractual necessity: processing is required to deliver the App's functionality under our agreement with you
  • Legitimate interests: improving the App and maintaining security

6. Data Storage & Security

Your data is stored on secure servers hosted by Railway (railway.app), located within the European Economic Area or equivalent jurisdictions with adequate data protection. We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure.

7. Data Retention

We retain your data for as long as you have the App installed on your store. If you uninstall the App, we will delete all data associated with your shop within 30 days of receiving the uninstall notification from Shopify.

8. Third-Party Services

The App integrates with the following third-party services:

  • Shopify: all billing, authentication, and store data access is handled via Shopify's APIs. Shopify's privacy policy applies to data held within their platform.
  • Railway: infrastructure hosting provider. Railway processes data only as directed by us and does not use it independently.

We do not sell or share your data with any other third parties.

9. Your Rights

Under UK GDPR, you have the right to:

  • Access the data we hold about your store
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing
  • Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk

To exercise any of these rights, please contact us at info@thefreshlab.co.uk.

10. Cookies

The App is embedded within the Shopify admin and does not set any independent cookies. Shopify may set cookies as part of their admin platform — please refer to Shopify's own privacy policy for details.

11. Changes to This Policy

We may update this policy from time to time. When we do, we will update the date at the top of this document. Continued use of the App after any changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this policy or how we handle your data, please contact us at info@thefreshlab.co.uk.