Shopify Apps Privacy Policy

Last Updated: April 15, 2025

Introduction

This Privacy Policy describes how your personal information is collected, used, and shared when you install or use any CommerceGurus Shopify apps (“our Apps”) in connection with your Shopify-supported store. CommerceGurus is committed to protecting your personal information and your right to privacy.

Personal Information We Collect

Information from Shopify

When you install our Apps, we are automatically able to access certain types of information from your Shopify account:

• Store information and metadata
• Theme and asset information
• Product and collection data
• Order and checkout information
• Other data as approved by you during installation via Shopify’s APIs

Customer Data Policy

We do not collect information from your customers. It is important to clarify that our Apps do not collect any personal information from your customers. Our interaction is strictly limited to our merchants, and we respect the privacy and data protection rights of all individuals, including our merchants’ customers. Merchants are responsible for managing the personal information of their own customers, and we encourage the adoption of privacy practices that fully comply with all applicable laws and regulations.

Information We Collect Directly

We collect the following types of personal information:

• Information about you and others who may access our Apps on behalf of your store, including:
• Name
• Email address
• Business address
• Phone number
• Billing information
• App installation and uninstallation dates and times
• Ad click dates and interactions
• Session recordings related to app usage

• IP address
• Web browser details
• Time zone
• Cookie information
• Usage patterns and preferences

Technologies We Use

We collect information using:

• “Cookies” are data files placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
• “Log files” track actions occurring in our Apps, including IP address, browser type, ISP, timestamps, and referring/exit pages.
• “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you interact with our Apps.

How Do We Use Your Personal Information?

We use the collected information to:

• Provide and maintain our Apps’ functionality
• Process your transactions and billing
• Communicate with you about our Apps, updates, and support
• Optimize and improve our Apps
• Detect and prevent fraud or security issues
• Comply with our legal obligations

Data Retention

We retain your personal information only for as long as necessary to provide you with our Apps’ services and as described in this Privacy Policy. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Sharing Your Personal Information

We do not sell your personal information. We may share your Personal Information based on the following legal bases:

• Consent: When you have given us specific consent to use your personal information for a specific purpose
• Legitimate Interests: When it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your rights
• Performance of a Contract: Where we need to share your information to fulfill our contractual obligations to you
• Legal Obligations: Where we are legally required to share your information
• To comply with laws or respond to lawful requests and legal process
• To protect our rights and property, our agents, customers, and others
• In connection with a business transfer, sale, or merger

Data Storage

International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction. If you are located outside Ireland and choose to provide information to us, please note that we transfer the data to Ireland and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Subprocessors

We use the following subprocessors to help us provide our services:

• Gadget.dev – Our main Platform as a Service (PaaS) provider for Shopify app code and database hosting
• Google Analytics – For tracking app listing related events and analytics
• Meta – For Shopify app retargeting campaigns
• Mantle — For Shopify app plans and pricing management
• Crisp — For live chat support

We carefully select our subprocessors based on their commitment to data security and privacy. Each subprocessor has been assessed to ensure they maintain appropriate technical and organizational measures to protect your data.

Your Rights

If you are a European resident, you have the right to:

• Access your personal information
• Correct inaccurate information
• Request erasure of your information
• Object to processing of your information
• Request restriction of processing
• Data portability
• Withdraw consent

To exercise these rights, please contact us using the details below.

Children’s Privacy

We do not knowingly solicit data from or market to children under 18 years of age. By using our Apps, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of our Apps. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at [email protected].

Data Protection Rights

Under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. CommerceGurus aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. Your specific rights under GDPR include:

• The right to access, update or delete your personal information
• The right to rectification if your information is inaccurate or incomplete
• The right to object to our processing of your personal data
• The right to request restriction of processing
• The right to data portability
• The right to withdraw consent where we rely on consent as the legal basis
• The right to lodge a complaint with a supervisory authority

Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) regarding your personal information:

• The right to know about personal information collected, disclosed, or sold
• The right to delete personal information (subject to certain exceptions)
• The right to opt-out of the sale of personal information
• The right to non-discrimination for exercising your CCPA rights

We do not sell personal information. However, we will provide the information and means to exercise your rights under CCPA upon verified request.

Legal Requirements and Your Protection

We implement appropriate technical and organizational security measures to protect your personal information. However, please note that no method of transmission over the Internet or electronic storage is 100% secure.

Our Apps comply with Shopify’s requirements regarding mandatory webhooks for data deletion requests and protected customer data handling. We maintain appropriate data protection measures and participate in data protection reviews as required by Shopify.

For California residents, please note that while we do not sell your personal information, you have specific rights under the CCPA/CPRA. You can exercise these rights by contacting us through the details provided above.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

Contact Us

For more information about our privacy practices, questions, or complaints, please contact us by:

Email: [email protected]

Post:
MadeInContext Ltd.,
13 Baggot Street Upper,
Dublin 4,
D04 W7K5,
Ireland.