// Legal
Privacy Policy
Last Updated: March 20, 2026
("the App," "we," "us," or "our") provides a dynamic product configurator and custom options engine ("the Service") to merchants who use Shopify to power their online stores. The Service enables merchants to build multi-step product configuration flows, apply dynamic pricing, manage custom field options, and assign configurator rules to specific products.
This Privacy Policy describes how personal information is collected, used, stored, and shared when you install or use the App in connection with your Shopify-supported store. By installing or using the App, you agree to the practices described in this policy.
Section 1 — Information We Collect
When you install the App, we automatically access certain types of information from your Shopify account. We collect this information directly from your Shopify store, through the Shopify API, or through the technologies described below.
1.1 Store and Account Information
We collect the following information to set up and operate the App on your behalf:
- Store owner name, email address, and billing contact details
- Store name, domain, Shopify plan type, and default currency
- App activity status, including installation, uninstallation, plan upgrades, and plan downgrades
1.2 Product and Catalog Information
To power the product configurator and custom options engine, we access:
- Product titles, variant details, images, SKUs, and pricing data
- Product identifiers used to apply configurator rules and link configuration flows to specific products
1.3 Order and Configuration Information
When customers place orders involving configured products, we collect:
- Order identifiers and line item details associated with product configurations
- Customer-selected field values, option choices, and calculated pricing data submitted through the configurator
- Configuration status information (pending, completed, or expired)
1.4 Custom Fields and File Uploads
Merchants and their customers may submit data through custom product options, including:
- Text inputs, dropdown selections, color and image swatch choices, date and time selections, numerical values, and range slider inputs
- Files uploaded through the file upload field type (available on eligible subscription plans)
File uploads are processed through the Shopify Files API using the store's authenticated access and are subject to Shopify's own data handling policies.
1.5 Theme and Storefront Data
To render product configurators on your storefront, we access:
- Theme and storefront data necessary to embed our theme app extension and display configurator interfaces on product pages
- App Proxy requests routed through your store's domain to serve configurator data to customers
1.6 Billing and Subscription Information
We process subscription and billing data through Shopify's built-in billing system:
- Subscription plan selection (Free, Startup, Growth, or Premium)
- Shopify subscription identifiers for recurring charge management
- Subscription status (active, pending, or cancelled)
We do not collect, process, or store credit card numbers, payment card details, or any financial payment instruments directly. All payment processing is handled exclusively by Shopify.
1.7 Technical and Usage Data
To maintain and improve the App, we may collect:
- Browser type, operating system, and device information
- App interaction data, access timestamps, and feature usage patterns
- Log files that record actions occurring within the App, including referring pages and date/time stamps
- Cookies and similar tracking technologies as described in Section 7
Section 2 — How We Use Your Information
We use the personal information we collect to provide, operate, and improve the Service. Specifically, we use your information to:
- Set up and configure your App account and multi-tenant store environment
- Create, manage, and display product configurators, sections, fields, and options
- Evaluate product rules and determine which configurators apply to specific products
- Calculate dynamic pricing based on customer-selected options and price modifiers
- Process and store customer product configurations for order fulfillment
- Manage your subscription plan, enforce plan-based feature limits, and process billing through Shopify
- Provide technical support and respond to your inquiries
- Communicate with you about product updates, new features, and service changes
- Monitor App performance, diagnose technical issues, and improve the user experience
- Comply with legal obligations and enforce our Terms of Service
We do not sell your personal information or your customers' personal information to third parties. We do not use your data for unrelated advertising or marketing purposes.
Section 3 — Consent
3.1 How We Obtain Your Consent
By installing the App and granting the requested Shopify API permissions (write_products, write_cart_transforms, write_files), you consent to the collection and use of information as described in this Privacy Policy. When you provide personal information to complete a transaction, subscribe to a plan, or configure the App, we understand that you consent to our collecting and using that information for the stated purpose.
If we require your information for a secondary purpose not described in this policy, we will request your explicit consent before proceeding.
3.2 How to Withdraw Your Consent
You may withdraw your consent at any time by:
- Uninstalling the App from your Shopify admin panel
- Contacting us at the email address provided in Section 12 to request cessation of data collection
- Adjusting your communication preferences to opt out of non-essential emails
Please note that withdrawing consent may limit or prevent us from providing certain features of the Service.
Section 4 — Data Storage and Security
4.1 Data Storage
Your data is stored in a secure MySQL database hosted on our infrastructure. We implement the following safeguards:
- Multi-tenant data isolation — all data is scoped to your unique store identifier, ensuring strict separation between merchants
- UUID-based identifiers — primary keys use universally unique identifiers to prevent sequential enumeration
- Parameterized queries — all database operations use parameterized statements to prevent SQL injection
- Connection pooling with defined limits to manage database access securely and efficiently
4.2 Security Measures
We take reasonable precautions and follow industry best practices to protect your personal information:
- All data transmitted between your browser and our servers is encrypted using TLS/SSL
- Shopify OAuth 2.0 authentication ensures that only authorized store owners and staff can access the App
- Webhook payloads are validated using HMAC signatures to verify authenticity
- Access tokens are stored securely and used only for authorized API operations
- We follow Shopify's security guidelines for embedded app development
While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.
Section 5 — Sharing Your Information
We may share your personal information with trusted third parties only to the extent necessary to provide and operate the Service:
- Shopify — to ensure the App integrates properly with your store, process billing, handle authentication, manage file uploads, and execute cart transformation functions
- Hosting and infrastructure providers — to securely host the App, serve storefront assets, and store data
- Analytics and monitoring tools — to understand App performance, identify errors, and improve features (if applicable)
We may also disclose your personal information if required to do so by law, regulation, legal process, or enforceable governmental request, or if we believe such action is necessary to protect our rights, your safety, or the safety of others.
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
Section 6 — Data Retention
We retain your personal information for as long as your App is installed and your account is active, and for a reasonable period thereafter to fulfill our legal and business obligations.
- Store and configurator data is retained for the duration of your use of the App
- Customer configuration data (field values, calculated prices, option selections) is retained as long as necessary to support order fulfillment and store operations
- Subscription and billing records are retained as required for accounting and legal compliance
- Upon uninstallation, we process the app/uninstalled webhook and may retain certain data for a limited period to facilitate reinstallation or comply with legal requirements
You may request deletion of your data at any time by contacting us using the information in Section 12.
Section 7 — Cookies and Tracking Technologies
The App may use cookies, web beacons, pixels, and similar technologies to:
- Maintain your authenticated session within the Shopify admin panel
- Remember your preferences and App settings
- Analyze usage patterns to improve the Service
These technologies do not collect personal information beyond what is necessary for the App to function. We do not use cookies to track your activity across third-party websites.
You may configure your browser to refuse cookies, though doing so may impair certain features of the App. For more information about cookies and how to manage them, visit www.allaboutcookies.org.
Section 8 — Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
8.1 General Rights
- Access — request a copy of the personal information we hold about you
- Correction — request that we correct inaccurate or incomplete information
- Deletion — request that we delete your personal information
- Portability — request a machine-readable copy of your data
- Objection — object to certain types of processing of your personal information
8.2 European Economic Area (EEA) Residents
If you are a resident of the European Economic Area, you have rights under the General Data Protection Regulation (GDPR). We process your information to fulfill our contractual obligations to you and to pursue our legitimate business interests as described in this policy. Your information may be transferred outside of Europe, including to countries that may not provide the same level of data protection as your home country. By using the App, you consent to such transfers.
8.3 California Residents
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.
8.4 GDPR Compliance Webhooks
We have implemented Shopify's mandatory GDPR webhook handlers to process:
- Customer data requests — respond to requests for personal data held about a specific customer
- Customer data erasure — redact personal data associated with a specific customer upon request
- Shop data erasure — redact all personal data associated with a store upon request
To exercise any of these rights, please contact us using the information provided in Section 12.
Section 9 — Subscription Plans and Feature Access
The App offers tiered subscription plans (Free, Startup, Growth, and Premium), each providing different levels of access to features such as the number of configurators, fields, templates, and file upload capabilities. Your plan selection and usage data are processed solely to enforce feature limits and manage your subscription. Plan and billing data are not shared with third parties beyond Shopify's billing infrastructure.
Section 10 — Changes to This Privacy Policy
We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, the App's features, or applicable legal requirements. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy and, where appropriate, through in-app notifications or email.
Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated terms.
Section 11 — Age of Consent
By using the App, you represent that you are at least the age of majority in your jurisdiction of residence. If you are the age of majority and have authorized a minor dependent to use the App, you accept responsibility for their use and any associated data collection.
Section 12 — Contact Information
If you have questions about this Privacy Policy, would like to access, correct, amend, or delete your personal information, register a complaint, or request further information about our privacy practices, please contact us: