Spree Commerce Stripe App — Privacy Policy
Effective Date: January 20, 2025 Last Updated: March 15, 2026 Data Controller: Vendo Connect Inc. Contact: hello@spreecommerce.org
1. Introduction
This Privacy Policy describes how Vendo Connect Inc. (“we,” “us,” or “Spree Commerce”) collects, uses, and protects information in connection with the Spree Commerce application available on the Stripe App Marketplace (the “App”).
By installing or using the App, you agree to the practices described in this policy. This policy applies specifically to the App and supplements our general Privacy Policy available at https://spreecommerce.org/privacy/.
2. What the App Does
The Spree Commerce Stripe App enables Spree Commerce store administrators to connect their Stripe account to their Spree Commerce installation using restricted API keys. The App facilitates the generation of properly scoped API keys so that Spree Commerce can process payments, refunds, and related operations on behalf of the store.
3. Information We Access
When you install and use the App, the following Stripe account data may be accessed through the restricted API key permissions you authorize:
- Payment data: Payment intents, charges, and refund records necessary to process and manage transactions in your Spree store.
- Customer data: Customer records associated with transactions processed through your Spree store, as needed for order management and refund processing.
- Account identifiers: Your Stripe account identifier, used to associate your Stripe account with your Spree Commerce installation.
- Tax data: Tax calculation and reporting data, if tax features are enabled in your Spree store.
We access only the data necessary to provide payment processing functionality within your Spree Commerce store. The specific permissions are defined at the time of App installation and correspond to the restricted API key scope you authorize.
4. How We Use Your Information
We use the accessed data solely for the following purposes:
- Processing payments, refunds, and disputes initiated through your Spree Commerce store.
- Synchronizing transaction records between your Stripe account and your Spree Commerce installation.
- Displaying payment and order status information within the Spree Commerce admin panel.
- Troubleshooting and resolving payment-related issues.
We do not use your Stripe account data for marketing, advertising, profiling, or any purpose unrelated to the payment processing functionality of the App.
5. Data Storage and Security
- API keys provided during setup are stored securely within your Spree Commerce installation’s database. We do not transmit or store your API keys on any external server operated by Vendo Connect Inc.
- Transaction data is stored within your own Spree Commerce installation and your Stripe account. We do not maintain a separate copy of your Stripe data on our infrastructure.
- All communication between the App and Stripe’s API occurs over encrypted HTTPS connections.
- We follow industry-standard security practices to protect the integrity and confidentiality of your data.
6. Data Sharing
We do not sell, rent, or share your Stripe account data with any third parties.
Your data may be shared only in the following limited circumstances:
- With Stripe, as required for the App to function (all API calls go through Stripe’s own infrastructure).
- As required by law, to comply with applicable legal obligations, court orders, or government requests.
7. Data Retention
We do not independently retain your Stripe account data. Transaction records and API keys reside within your Spree Commerce installation, which you control. If you uninstall the App or revoke the restricted API key, the App’s access to your Stripe account data ceases immediately.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access: Request information about what data is accessed through the App.
- Deletion: Revoke the App’s access at any time by uninstalling the App from your Stripe dashboard or revoking the restricted API key.
- Portability: Your data remains in your Stripe account and your Spree Commerce installation at all times.
- Correction: Update your information directly in your Stripe dashboard or Spree Commerce admin panel.
For EU/EEA residents, we process data under Article 6(1)(b) of the GDPR (performance of a contract) and Article 6(1)(f) (legitimate interests in providing payment processing services). You may exercise your rights under the GDPR by contacting us at hello@spreecommerce.org.
For California residents, we comply with the California Consumer Privacy Act (CCPA/CPRA). We do not sell your personal information.
9. Cookies and Tracking
The App itself does not use cookies or tracking technologies. The App operates through Stripe’s API and does not serve web content that would require cookies.
10. Children’s Privacy
The App is not directed at individuals under the age of 16. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last Updated” date at the top of this page. Continued use of the App after changes constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Vendo Connect Inc. Email: hello@spreecommerce.org Website: https://spreecommerce.org
