Patchey KDS legal
Privacy Policy
This policy explains how Patchey KDS handles limited information needed to provide kitchen operations tools for Shopify merchants.
Effective date and operator
Effective and last updated: July 10, 2026. Patchey KDS is operated by the Patchey KDS developer.
Information obtained from Shopify
Patchey KDS receives the information needed to authenticate the merchant's shop and present recent operational orders as kitchen tickets. This includes the shop domain, authentication and session information, and recent operational order content such as order identifiers, order numbers, creation time, operational statuses, tags, line items, quantities, variants or options when available, SKUs, line-item attributes, and order notes.
For fullscreen kitchen tickets only, Patchey KDS retrieves a customer name when present on the order's shipping contact and one order contact method: phone when available, otherwise email. It does not request `read_customers` access or street, city, postal, country, or billing-address fields, and it never displays an address.
Information stored by Patchey KDS
Patchey KDS stores only minimal, shop-scoped data required to provide and secure the service. This can include Shopify session records, kitchen ticket and item checklist state, timestamps, display settings, secure fullscreen display sessions and tokens, onboarding state, and limited operational analytics events.
Patchey KDS does not store full Shopify order payloads. Shopify remains authoritative for orders and billing. Customer name and contact details are retrieved on demand for the fullscreen kitchen display and are not stored in Patchey's database.
When an authenticated fullscreen kitchen display receives a ticket with a customer name, phone or email, or order note, Patchey KDS records security audit metadata: the shop, Shopify order resource identifier, internal display-session identifier, access type, and timestamps. These records do not contain customer names, email addresses, phone numbers, addresses, order-note contents, session tokens, request headers, IP addresses, or Shopify response bodies.
How information is used
Patchey KDS uses the limited information described above to:
- authenticate and secure merchant access to the app;
- display recent orders as kitchen tickets;
- save kitchen workflow progress and display preferences;
- provide operational statistics and troubleshoot the service;
- meet applicable Shopify privacy and data-deletion obligations.
Data minimization and prohibited uses
Patchey KDS limits its use of Shopify information to what is needed for its kitchen operations service. It does not sell personal data, use personal data for advertising, build customer profiles, or make legally significant automated decisions about individuals.
Service providers and international processing
Shopify provides the commerce platform, authentication, order, and billing services that Patchey KDS depends on. Render provides application hosting and managed PostgreSQL infrastructure. These providers may process information in locations where they and their service providers operate. Patchey KDS does not make certification claims about international data-transfer mechanisms.
Security
Patchey KDS uses HTTPS/TLS for data in transit, authenticated application sessions, and a managed PostgreSQL database. No security measure can guarantee absolute security, but Patchey KDS takes reasonable steps to protect the limited information it processes.
Retention and deletion
Operational information is retained only for as long as reasonably needed to provide, secure, and support the service. Patchey KDS does not retain its security audit metadata indefinitely. These audit records are automatically deleted after 90 days from their most recent recorded access. Shop-scoped stored data is deleted through Shopify's required shop-redaction process.
Privacy requests and Shopify webhooks
Merchants may contact Patchey KDS about information associated with their shop. Customers should normally direct privacy requests to the relevant Shopify merchant. Patchey KDS handles Shopify's mandatory `customers/data_request`, `customers/redact`, and `shop/redact` privacy webhooks. These workflows support data-request handling and shop-scoped deletion where applicable. Security audit records intentionally contain no customer identifier or direct customer value, so a `customers/redact` request removes the affected shop's audit records rather than attempting to infer a customer-to-order link from retained data.
Changes to this policy
Patchey KDS may update this policy as its service or legal obligations change. The effective date at the top of this page will be updated when material changes are published.
Contact
Contact Patchey KDS about this policy at patcheykds@gmail.com.