Privacy Policy

Last updated: 3 Sep 2025

Subscription Styles is a Shopify app that provides customizable designs for the Shopify Subscriptions widget on product pages. We built this app to avoid collecting customer data and to operate with minimal merchant data.

This Privacy Policy explains what information we process, how we use it, and the choices you have. If anything here is unclear, please contact us at CONTACT_EMAIL.

Email: [email protected]

Scope

This policy applies to merchants who install the app and to the storefront components rendered by our theme app extension. It does not apply to your store’s own privacy practices or to Shopify’s processing as a platform.

Summary

We do not collect or store your customers’ personal data from storefronts.
We process limited merchant data (for app operation, billing, and support).
We use Shopify’s Billing API for subscriptions and Shopify’s session for authentication.
We implement Shopify’s mandatory privacy webhooks and honor deletion requests.

Information we process

Merchant data (as controller)

Shop information: shop domain, shop ID, plan type, locale/timezone.
Account & contact: Shopify user ID, email and name (for support/admin access), and app preferences you set.
Billing status: plan name, charge status (via Shopify Billing). We do not store full payment details.
Technical logs: timestamps, IP address of server-to-server requests, error messages, and aggregate usage metrics to maintain the service.

Storefront & customer data (as processor)

The app’s storefront code reads product, variant, and selling plan data to render styles. The app does not intentionally collect, store, or transmit your customers’ personal data. Selections made in our UI are mirrored to Shopify’s native subscription widget within the customer’s browser.

How we use information

Authenticate the app and maintain secure sessions.
Provide the subscription styling features and configuration you choose.
Process billing through Shopify.
Monitor, debug, and improve reliability and performance.
Provide merchant support and notify you about material changes.

Legal bases (EEA/UK)

Contract: to provide the app you installed.
Legitimate interests: security, fraud prevention, service improvement.
Legal obligations: tax, accounting, and privacy compliance.
Consent: where required (e.g., optional analytics if enabled in future).

Cookies & similar tech

In the admin (Shopify embedded app), we use session cookies or tokens provided by Shopify/App Bridge to keep you signed in and protect requests (CSRF/HMAC). Our storefront script does not set marketing cookies.

Data retention

Merchant session and configuration data: retained while the app is installed.
After uninstall: configuration and logs are removed within 30 days, unless a longer period is required by law (e.g., billing records).

Security

All admin and webhook traffic is protected with HTTPS.
Webhooks are verified using Shopify’s HMAC signatures.
Access to production systems is restricted and audited.

Your choices & rights

As a merchant you can uninstall the app at any time from your Shopify Admin. Uninstalling stops access to your store and triggers our data cleanup schedule.

If you are an individual whose data is processed by a merchant’s store, please contact that merchant directly. We act as a processor and will assist the merchant as required by law.

Shopify platform

The app relies on Shopify to host stores, authenticate merchants, and process orders and payments. Shopify’s own privacy terms govern how Shopify handles personal information on its platform.

Mandatory privacy webhooks

We subscribe to and honor Shopify’s privacy webhooks:

CUSTOMERS_DATA_REQUEST – we will provide data to the merchant if we hold any (we generally do not hold customer PII).
CUSTOMERS_REDACT – we will delete customer data, if any exists.
SHOP_REDACT – after app uninstall and the waiting period, we delete remaining shop data not needed for legal purposes.

International transfers

Depending on your location and our hosting providers, data may be processed outside your country. We rely on appropriate safeguards (such as standard contractual clauses) where applicable.

Children

The app is intended for businesses and is not directed to children under 16.

Changes to this policy

We may update this policy to reflect operational or legal changes. If we make material changes we will notify merchants via the app or email.

Contact

For questions or requests about this policy, contact:
CONTACT_EMAIL

This policy is provided for general informational purposes and does not constitute legal advice. Your store’s own privacy policy remains your responsibility.