Skip to main content

Privacy Policy

Privacy Policy for the Shopify App "[Your App Name]"

Last updated: [Date, e.g., June 18, 2026]

This Privacy Policy describes how your personal information is collected, used, and shared when you install or use the App "[Your App Name]" (hereinafter "the App") in connection with your Shopify-supported store.

1. Who We Are (Data Controller)

The data controller responsible for processing data in accordance with the General Data Protection Regulation (GDPR) is:

[Your Name or Company Name]
[Your Street and House Number]
[Your Zip Code and City]
[Your Country]
Email: [Your Support Email Address]

2. What Data We Collect and Why

Because our App is designed to operate with data minimization in mind, we strictly separate the Merchant's (your) data from your end customers' data.

A. Merchant Data (Shop Information)

When you install the App, we automatically access certain types of information from your Shopify account to authenticate and provide the App:

  • Shop Domain: (e.g., your-shop.myshopify.com) to uniquely identify your store.
  • Temporary Session Data / Access Tokens: To ensure secure communication between Shopify and the App.

Purpose: We use this data exclusively to provide you with the App's functionality, guarantee secure login, and fulfill our contract with you (Art. 6 (1) (b) GDPR).

B. Customer Data (Buyer Information)

Our App does not collect, store, or process any personal data of your end customers (such as names, addresses, email addresses, payment, or order details).

All customer-related processes take place exclusively on Shopify's servers. Our App is limited to [briefly describe what the app does, e.g., customizing the frontend / setting a session cookie].

3. Storage and Deletion of Data

Since we do not build persistent databases with your store or customer data, we only store session data.

  • Session data and tokens are automatically deleted or invalidated as soon as the session expires or you uninstall the App from your Shopify store.
  • No personal data remains on our systems after the App is uninstalled.

4. Compliance with Shopify Mandatory Webhooks

Shopify requires app developers to comply with specific data protection routines. Although our App does not store customer data, we have implemented the following mandatory webhooks to meet the requirements of the GDPR (and other privacy laws):

  • Customer Data Request (customers/data_request): If an end customer requests to view their personal data, Shopify sends a request to our App. Since we do not store customer data, our App automatically responds that no data is held.
  • Customer Redact (customers/redact): If an end customer requests the deletion of their data, Shopify sends a request to us. Since we do not hold customer data, no further deletion steps are required on our end.
  • Shop Redact (shop/redact): If you close your store or uninstall the App and 48 hours have passed, Shopify sends us a data deletion request. In this case, we delete all remaining session data, tokens, and store identifiers (if any) from our temporary storage.

5. Sharing of Your Data

We do not share, sell, or use your data for advertising purposes. Data is only shared in the following context:

  • Hosting Provider: Our App is hosted by [Name of your hosting provider, e.g., Vercel, Heroku, AWS, Hetzner]. This service provider processes data (such as IP addresses in server logs) on our behalf and according to our strict instructions.
  • Legal obligations: If we are legally required to do so (e.g., following an official authority request).

6. Your Rights

If you are a resident of Europe (GDPR), you have certain rights regarding your personal information:

  • The right to access the personal information we hold about you.
  • The right to correct inaccurate data.
  • The right to erasure ("Right to be forgotten").
  • The right to restrict processing.
  • The right to data portability.

To exercise these rights, or if you have questions about our privacy practices, please contact us at: [Your Support Email Address]

Since you are the data controller for your own customers' data, we ask that you process your customers' requests regarding their data directly through your Shopify Admin panel.

7. Changes to this Privacy Policy

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes via the Shopify Dashboard or by email.