For the Clock in Shopify app · Effective date: June 3, 2026
This Privacy Policy explains how Branch Build (“we,” “us,” or “Branch Build”) collects, uses, shares, and protects information in connection with the Clock in application (the “App”), a staff time-clock and attendance tool for Shopify Point of Sale and the Shopify admin. By installing or using the App, you agree to the practices described here.
The App is provided to Shopify merchants (the “Merchant”). When a Merchant uses the App to manage their staff and shifts, the Merchant is the data controller of their employees’ personal information, and we act as a data processor, handling that information solely to provide the App on the Merchant’s behalf and under their instructions. Employees and staff members who have questions about their data should contact their employer (the Merchant) in the first instance; we will assist Merchants in responding to such requests.
The App is designed to collect only what is needed to run a staff time clock. It requests a single Shopify permission, read_locations, and does not access customer data, orders, payments, or financial information.
When the App is installed and when staff access it through the Shopify admin, Shopify provides us with: the store’s domain, store location names and IDs, and—for users who sign in—their Shopify user ID, first and last name, email address, locale, and whether they are the account owner or a collaborator. We use this to authenticate users, secure the App, and provide its functionality. We also store a Shopify access token so the App can communicate with the Shopify API on the store’s behalf.
Merchants create employee records that may include an employee’s name, an optional PIN used to clock in, a role (e.g., Staff, Manager, Owner), assigned store locations, and an associated Shopify staff ID. This information is provided by the Merchant and used to identify employees and control access to clock-in features.
As staff use the App, we record clock-in and clock-out timestamps, break start/end times and whether breaks are paid, shift status, the store location of each shift, and any manager notes added to a shift. This is the core data the App exists to manage.
We store Merchant-chosen settings such as time zone, overtime thresholds, and authentication mode (these are not personal data). Like any web service, our hosting provider also processes standard technical information such as IP addresses and request logs to operate and secure the service.
We do not sell personal information, and we do not use it for advertising or for building marketing profiles.
Where the GDPR or UK GDPR applies, we rely on: performance of a contract (to provide the App to the Merchant); legitimate interests (to secure and improve the App and prevent abuse); legal obligation (to comply with applicable law); and, where required, consent. For employee data, the Merchant determines and is responsible for the applicable legal basis as data controller.
We share information only as needed to run the App:
| Recipient | Purpose |
|---|---|
| Shopify Inc. | The platform the App runs on; source of store, location, and user account data, and the system the App reads from via the Shopify API. |
| Railway (Railway Corp.) | Cloud hosting and database infrastructure where the App and its data are stored and run. |
We may also disclose information if required by law, to enforce our terms, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets (in which case we will require the recipient to honor this policy).
We retain employee and time-tracking data for as long as the App is installed and the data is needed to provide the service. When a Merchant uninstalls the App, their data is scheduled for deletion and removed after a limited retention window. Merchants may also request deletion of their data at any time by contacting us. We honor Shopify’s mandatory data-protection webhooks, including shop/redact (store data deletion after uninstall) and customers/redact / customers/data_request (the App does not store customer data, so these typically return no customer information).
We use commercially reasonable measures to protect personal information, including encryption of data in transit (HTTPS), access controls, and reputable hosting infrastructure. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
Our service providers may process and store data in countries other than your own, including the United States. Where required, such transfers are made under appropriate safeguards (for example, Standard Contractual Clauses).
Depending on your location (including under the GDPR/UK GDPR and the CCPA/CPRA), you may have the right to access, correct, delete, restrict, or object to the processing of your personal information, to data portability, and to withdraw consent. Because employee data is controlled by the Merchant, employees should direct such requests to their employer; we will support the Merchant in fulfilling them. Merchants and other individuals may exercise their rights by contacting us at branch.build.to@gmail.com. You also have the right to lodge a complaint with your local data protection authority.
The App is an embedded Shopify admin application and uses only essential cookies and similar technologies required to keep you signed in and to operate securely. It does not use advertising or cross-site tracking cookies.
The App is a business tool intended for use by Merchants and their staff. It is not directed to children, and we do not knowingly collect personal information from children.
We may update this Privacy Policy from time to time. Material changes will be reflected by updating the “Effective date” above and posting the revised policy at this URL. Your continued use of the App after changes take effect constitutes acceptance.
If you have questions or requests regarding this Privacy Policy or your personal information, contact us at:
Branch Build
Email: branch.build.to@gmail.com