Privacy Policy

1. Introduction

Uplift Product Customizer ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application ("Uplift Product Customizer App" or "App").

2. Information We Collect

2.1 Information Collected Through Shopify APIs

When you install and use Uplift Product Customizer, we collect the following information through Shopify's APIs:

Product Data:

• Product information (titles, descriptions, handles, IDs)
• Variant data (prices, options, inventory levels)
• Product images and media files
• Product metafields for configuration storage

Store Data:

• Store domain and basic store information
• Currency and locale settings
• Theme compatibility information

Order Data (if applicable):

• Order information for addon tracking
• Line item properties for customizations
• Fulfillment status for custom products

2.2 Information We Collect Directly

Account Information:

• Shopify store owner email address
• App configuration preferences
• Support communication history

Usage Data:

• App interaction logs
• Performance metrics
• Error reports and debugging information
• Feature usage analytics

Configuration Data:

• Product customization configurations
• Canvas layer settings
• Conditional logic rules
• Color swatch configurations

2.3 Information Collected from Customers

Customer Interaction Data:

• Product customization choices
• Canvas interactions and modifications
• Add-on selections
• Cart customization data

Note: We do not directly collect customer personal information (names, addresses, payment details). This data remains with Shopify and your store.

3. How We Use Your Information

3.1 Primary Purposes

App Functionality:

• Provide product customization features
• Manage canvas layers and recoloring
• Process conditional logic rules
• Synchronize with your Shopify store

Performance & Optimization:

• Monitor app performance
• Debug technical issues
• Improve user experience
• Optimize loading times

Support Services:

• Respond to support requests
• Troubleshoot technical problems
• Provide onboarding assistance
• Send important app updates

3.2 Legal Bases (EU Users)

Under GDPR, we process your data based on:

• Legitimate Interest: App functionality and performance
• Contract Performance: Providing services you've requested
• Consent: Marketing communications (where applicable)
• Legal Obligation: Compliance with privacy laws

4. Data Sharing and Disclosure

4.1 Limited Sharing

We DO NOT sell, rent, or trade your personal information. We may share information only in these limited circumstances:

Service Providers:

• Hosting providers (Fly.io) for app infrastructure
• Database services for secure data storage
• Analytics providers for app performance monitoring

Legal Requirements:

• Compliance with applicable laws and regulations
• Response to legal process or government requests
• Protection of our rights and property
• Prevention of fraud or security threats

Business Transfers:

• In connection with mergers, acquisitions, or asset sales (with notice)

4.2 Shopify Integration

• Data flows through Shopify's secure APIs
• Subject to Shopify's privacy and security standards
• We comply with Shopify's Partner Program requirements

5. Data Retention

5.1 Retention Periods

Active Stores:

• Configuration data: Retained while app is installed
• Usage logs: 12 months for performance optimization
• Support communications: 3 years for service quality

After App Uninstall:

• All store data deleted within 48 hours
• Anonymized analytics may be retained for service improvement
• Audit logs retained for 6 years for legal compliance

5.2 Customer Data

• Customer interaction data deleted when customers are deleted from your store
• Configuration data anonymized upon customer deletion requests
• No direct customer personal data storage

6. Data Security

6.1 Technical Safeguards

Encryption:

• Data encrypted in transit (TLS/SSL)
• Database encryption at rest
• Secure API communications with Shopify

Access Controls:

• Multi-factor authentication for system access
• Role-based access controls
• Regular security audits and monitoring

Infrastructure Security:

• Secure hosting with SOC 2 compliant providers
• Regular security updates and patches
• Automated backup and recovery systems

6.2 Data Protection Measures

• Regular security assessments
• Employee security training
• Incident response procedures
• Third-party security certifications

7. Your Privacy Rights

7.1 Access and Control

Data Access:

• Request copies of your data
• Review configuration and usage information
• Export your app settings and configurations

Data Correction:

• Update incorrect information
• Modify app configurations
• Correct account details

Data Deletion:

• Delete specific configurations
• Remove historical data
• Request complete data deletion

7.2 Regional Rights

EU/UK Users (GDPR/UK GDPR):

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

California Users (CCPA/CPRA):

• Right to know about data collection
• Right to delete personal information
• Right to correct inaccurate data
• Right to opt-out of data sales (we don't sell data)
• Right to non-discrimination

Other Jurisdictions:

• We respect privacy rights under applicable local laws
• Contact us for information about rights in your region

8. International Data Transfers

8.1 Cross-Border Processing

Data Location:

• Primary servers located in Virginia, USA (Fly.io)
• Backup systems in secure facilities
• EU data processed within EU where possible

Transfer Safeguards:

• Standard Contractual Clauses (SCCs) for EU data
• Adequacy decisions where applicable
• Additional safeguards for sensitive jurisdictions

8.2 EU Data Protection

• Data Protection Officer available for EU matters
• Local representation in applicable EU jurisdictions
• Compliance with GDPR transfer requirements

9. Cookies and Tracking

9.1 App Usage

Essential Cookies:

• Session management for app functionality
• Authentication and security
• App configuration preferences

Analytics:

• Performance monitoring (anonymized)
• Error tracking for debugging
• Usage patterns for improvement

9.2 Your Choices

• Essential cookies required for app functionality
• Analytics can be disabled upon request
• No advertising or tracking cookies used

10. Children's Privacy

• Our app is designed for business use
• Not intended for children under 13
• No knowing collection of children's data
• Immediate deletion if children's data identified

11. Marketing Communications

11.1 App Updates

Service Communications:

• Critical security updates
• Feature announcements
• App performance notifications

Marketing (Optional):

• Newsletter subscriptions (opt-in)
• Product updates and tips
• Industry insights and best practices

11.2 Communication Preferences

• Opt-out available for marketing emails
• Service communications remain necessary
• Preference management in app settings

12. Data Breach Response

12.1 Incident Management

Detection and Response:

• 24/7 monitoring for security incidents
• Immediate containment procedures
• Forensic analysis and remediation

Notification:

• Affected users notified within 72 hours
• Regulatory authorities notified as required
• Transparent communication about impacts

12.2 Prevention

• Regular security testing and audits
• Employee training on data protection
• Continuous monitoring and improvement

13. Compliance and Auditing

13.1 Regulatory Compliance

Privacy Laws:

• GDPR (EU General Data Protection Regulation)
• CCPA/CPRA (California privacy laws)
• PIPEDA (Canada Personal Information Protection)
• Other applicable regional privacy laws

Industry Standards:

• SOC 2 compliance through hosting providers
• ISO 27001 information security standards
• Shopify Partner Program requirements

13.2 Regular Reviews

• Annual privacy policy reviews
• Quarterly security assessments
• Ongoing compliance monitoring
• Third-party audits when applicable

14. Updates to This Policy

14.1 Policy Changes

Notification:

• 30 days advance notice for material changes
• Email notification to app administrators
• Prominent notice in app interface

Version Control:

• Version history maintained
• Previous versions available upon request
• Clear change summaries provided

14.2 Continued Use

• Continued app use constitutes acceptance
• Right to discontinue use if disagreeing with changes
• Data deletion available upon policy disagreement

15. Contact Information

15.1 Privacy Inquiries

15.2 Regulatory Contacts

EU Data Protection Officer:

Email: support@upliftproductcustomizer.com

California Privacy Rights:

Email: support@upliftproductcustomizer.com

16. Definitions

• Personal Data: Information relating to an identified or identifiable person
• Processing: Any operation performed on personal data
• Data Controller: Entity determining purposes and means of processing
• Data Processor: Entity processing data on behalf of controller
• Third Party: Any entity other than you, us, or our service providers

---