Privacy Policy

This Privacy Policy describes how mehiduho collects, uses, and shares information when merchants install or use the PWYW Slider app on their Shopify store, and when customers interact with the app-enabled experience. We comply with applicable privacy laws including GDPR and CCPA/CPRA.

Who we are

Controller/Provider: mehiduho
Email: [[email protected]]

Data we collect

From merchants (store owners)

• Shop identifiers (e.g., myshopify_domain), access scopes, and OAuth tokens (stored as an offline session).
• App configuration you set (slider range, texts, style), and basic usage analytics (non-personal, aggregated).

From buyers (store customers)

The app does not create a customer account or profile. When a buyer uses the slider and proceeds to checkout, we create a Shopify Draft Order on your behalf with the chosen price. Shopify remains the processor for checkout and payment. We do not collect card details.

• Order context passed to Shopify (variant ID, quantity, chosen price).
• Optionally, the buyer’s logged in customer ID if Shopify includes it in the proxy request.
• Standard server logs (IP address, user-agent) for security and troubleshooting.

How we use information

• To provide the app’s core functionality: create Draft Orders using the customer’s slider price.
• To operate, secure, and improve the app (e.g., logs, performance metrics, error diagnostics).
• To communicate with merchants about updates, support, and service notices.
• To comply with legal obligations and enforce terms.

Legal bases (GDPR) Performance of contract (providing the app), legitimate interests (security and improvement), and compliance with law.

Sharing

• Shopify: We use Shopify Admin API to create Draft Orders. Buyer checkout occurs on Shopify.
• Service providers: Hosting, logging, and database providers who process data under contract.
• Legal: If required to comply with law, protect rights, or investigate misuse.

We do not sell personal data. For CCPA/CPRA, we do not “sell” or “share” personal information for cross-context behavioral advertising.

Data retention

• Merchant offline sessions are retained while the app is installed, then deleted upon app/uninstalled webhook or within 30 days.
• Operational logs are kept for up to 90 days unless needed longer for security or legal reasons.
• We do not persist buyer payment data; checkout is handled by Shopify.

Security

We use industry-standard measures including HTTPS/TLS in transit, restricted access to production systems, and HMAC validation for App Proxy requests. However, no method of transmission or storage is 100% secure.

Your privacy rights

Depending on your location, you may have rights to access, correct, delete, or port your personal data, object to or restrict certain processing, and withdraw consent where applicable.

• Merchants: Contact us at [[email protected]].
• Buyers: Please contact the merchant (store owner) directly; we act as their service provider.

Cookies & similar technologies

The app itself relies primarily on Shopify’s session and authentication mechanisms. We may use strictly necessary cookies for admin authentication or rate-limiting; no advertising cookies are used.

International data transfers

We may process data in countries outside your own. Where required, we use appropriate safeguards such as Standard Contractual Clauses or rely on adequacy decisions.

Children’s privacy

The app is not directed to children and should be used only on merchant stores intended for general audiences.

Changes to this policy

We may update this policy from time to time. Updates will be posted here with a new “Last updated” date. If changes are material, we will provide additional notice through the app or email (for merchants).

Contact us

Questions or requests about this policy can be sent to:
[Your Company Name, Ltd.]
[[email protected]]
[Street, City, Country]