Privacy Policy

Last updated: March 17, 2026

1. Introduction

Go Re-up ("we," "our," or "us") is operated by GoGo Web Design. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at goreup.com (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

If you have questions, contact us at support@gogowebdesign.com.

2. Information We Collect

2.1 Practitioner Account Data

When you create an account, we collect:

  • Full name
  • Email address
  • Password (hashed, never stored in plain text)
  • Practice name (optional)
  • Practice logo and brand colors (optional)

2.2 Patient Data

Go Re-up is designed to store minimal patient data. We collect only:

  • Patient name
  • Patient email address

We do not collect, store, or process any protected health information (PHI), including diagnoses, health conditions, medical history, treatment plans, or any other health-related data. Our application explicitly warns practitioners not to enter health information.

2.3 Shopify Integration Data

When you connect your Shopify store, we store:

  • Your Shopify store domain and name
  • An OAuth access token (encrypted with AES-256-GCM)
  • Product catalog data (titles, prices, images, availability)

We do not store your Shopify admin password or any customer payment card information.

2.4 Protocol & Order Data

We store information about supplement protocols you create, including:

  • Protocol name and scheduling configuration
  • Products and quantities
  • Send history (dates, delivery status, payment status)
  • Shopify draft order IDs and payment links

2.5 Email Tracking Data

When emails are sent to patients, we may track whether the email was delivered, opened, or clicked. This data is used to provide practitioners with visibility into order status. Patients are not individually profiled based on this data.

2.6 Billing Data

Subscription billing is processed by Stripe. We store your Stripe customer ID and subscription status. We do not store credit card numbers, bank account details, or other payment credentials — Stripe handles all payment data directly.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Process supplement protocols and send payment links to patients
  • Sync products and create draft orders on your Shopify store
  • Send transactional emails (payment links, order notifications)
  • Process your subscription billing through Stripe
  • Provide email delivery tracking and reporting
  • Send you service-related notifications (unpaid order alerts)
  • Respond to your inquiries and support requests

We do not sell, rent, or share your personal information or your patients' information with third parties for marketing purposes.

4. Third-Party Services

We share data with the following third-party services solely to provide the Service:

  • Supabase — Database hosting and user authentication. All application data is stored on Supabase infrastructure.
  • Shopify — Product catalog sync, draft order creation, and payment processing for your patients. Patient emails are sent to Shopify to create draft orders.
  • Stripe — Practitioner subscription billing. Only your billing information is shared with Stripe.
  • Resend — Transactional email delivery. Patient email addresses and payment links are processed by Resend to deliver order emails.
  • Vercel — Application hosting and deployment.

Each of these services has their own privacy policy governing how they handle data.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption
  • Shopify access tokens are encrypted at rest using AES-256-GCM
  • Passwords are hashed using industry-standard algorithms (via Supabase Auth)
  • Database access is restricted by row-level security policies scoped to each practitioner
  • Webhook signatures are verified for all incoming external requests (Shopify, Stripe, Resend)

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data and all associated patient data, protocols, and send history within 30 days.

If a Shopify store owner uninstalls the Go Re-up app or requests data deletion, we will delete all data associated with that store connection in compliance with Shopify's data protection requirements.

7. Your Rights (GDPR & International Users)

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data protection laws, you have the following rights:

  • Right of Access — You may request a copy of the personal data we hold about you.
  • Right to Rectification — You may request that we correct inaccurate or incomplete data.
  • Right to Erasure — You may request that we delete your personal data ("right to be forgotten").
  • Right to Restriction — You may request that we restrict processing of your data.
  • Right to Data Portability — You may request a machine-readable copy of your data.
  • Right to Object — You may object to processing of your data for certain purposes.
  • Right to Withdraw Consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@gogowebdesign.com. We will respond to your request within 30 days.

7.1 Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Performance of a contract — Processing your account data and patient data to provide the Service you've subscribed to.
  • Legitimate interests — Email delivery tracking, service improvement, and fraud prevention.
  • Consent — Where required by applicable law.

7.2 International Data Transfers

Your data may be transferred to and processed in the United States, where our hosting infrastructure is located. By using the Service, you acknowledge that your data will be processed in the United States. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

8. Practitioner Responsibilities

As a practitioner using Go Re-up, you are the data controller for the patient data you enter into the Service. You are responsible for:

  • Obtaining appropriate consent from your patients before entering their data and sending them communications
  • Ensuring you do not enter protected health information (PHI) into the Service
  • Complying with all applicable laws regarding patient communications and data privacy in your jurisdiction
  • Responding to any data subject access requests from your patients

Go Re-up acts as a data processor on your behalf for patient data.

9. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use advertising cookies, third-party tracking pixels, or analytics tools that profile individual users. Email open tracking uses standard techniques provided by our email service provider (Resend).

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

GoGo Web Design
Email: support@gogowebdesign.com