Privacy Policy

1. Information We Collect

When you install and use POD Mockup Uploader, we may collect and process the following types of information:

From Shopify (via OAuth and APIs):

• • Shopify store domain (for example, yourstore.myshopify.com)
• • Basic shop and owner contact details (such as store name, owner name, and email)
• • Product and variant information (such as titles, options, and color variants)
• • App subscription status and plan information (for example, which app plan your store is on)

From you / within the app:

• • Uploaded image files, including:
  • ◦ Base mockup images (for each t-shirt color)
  • ◦ Placeholder images
  • ◦ Design graphics applied to t-shirt products
• • Template configuration data:
  • ◦ Color mappings (for example, light vs dark shirt groups)
  • ◦ Placement and scale settings
  • ◦ Template names and descriptions
• • Usage events needed to operate the Service (for example, when templates are created or applied, and store-level lifecycle events such as when a first template is created or first applied)
• • Support communications you send to us (for example, emails to our support address)

We do not directly collect or store your customers' payment card information or Shopify account passwords.

We do not request or store Shopify customer or order personal data — such as customer names, email addresses, shipping addresses, or order histories — for the operation of this app. This app is merchant-facing and does not process end-customer personal data.

2. How We Use Your Information

We use the information described above to:

• • Provide and operate the Service, including:
  • ◦ Creating and storing mockup templates
  • ◦ Generating, uploading, and assigning mockup images to product variants
• • Authenticate your store and maintain your app session via Shopify OAuth
• • Manage billing and subscriptions through Shopify's Billing system (we do not process card details directly; billing is handled by Shopify)
• • Communicate with you about the Service, including support replies and important updates
• • Monitor and improve the Service, including:
  • ◦ Understanding which features are used
  • ◦ Detecting abuse or misuse (for example, excessive automated requests)
• • Comply with legal, regulatory, and tax obligations, where applicable

We use Mixpanel, a third-party analytics service, to collect pseudonymous usage events within the app (such as when templates are created or mockups are applied). We configure Mixpanel to use the minimum information necessary and do not use this data to identify or profile individual buyers. This data is used solely to understand feature usage and improve the Service, and is not shared with advertising networks or used for retargeting.

We process this data on the basis of:

• • Fulfilling our contract with you (providing the app you installed),
• • Our legitimate interests in running and improving the Service, and
• • Compliance with legal obligations.

3. Data Retention & Deletion

Uploaded images (mockups and graphics):

• • Uploaded images and generated mockups stored in our infrastructure (for example, on Cloudflare R2) are retained for as long as your store maintains an active subscription to the app, plus up to 30 days after your subscription ends.
• • After that period, we may delete or irreversibly anonymize these files as part of routine cleanup processes.

Account and store information:

• • Shop and account-related information (for example, store domain, plan status, and template metadata) is retained while your store has the app installed and for up to 30 days after uninstall, unless we are required to keep it longer by law (for example, for tax or accounting records).
• • If you uninstall the app, we receive an APP_UNINSTALLED notification from Shopify and flag your data for deletion after that retention period.

Shopify compliance webhooks:

• • We comply with Shopify's mandatory privacy and compliance webhooks. When Shopify sends us requests to delete or provide access to personal data — for example, in connection with the shop/redact, customers/redact, or customers/data_request topics — we act on those requests within the timelines required by Shopify and applicable law.

Your rights to deletion:

• • You may request deletion of your account-level data that we control by contacting us at [email protected].
• • We may need to retain certain information if required by law (for example, for tax or accounting records).

4. Data Sharing and Third Parties

We share data only with service providers necessary to operate the Service. These include:

• • Shopify – for authentication, billing, and integration with your Shopify store.
• • Cloudflare, Inc. – for secure storage and delivery of uploaded image files and generated mockups (for example, using Cloudflare R2).
• • Vercel Inc. – for hosting the application frontend and backend infrastructure that powers the embedded app.
• • Neon.tech – for managed database hosting used to store app configuration and related operational data.
• • Other infrastructure providers – such as logging, monitoring, or backup services that help us run and maintain the Service.
• • Analytics or monitoring providers (if used) – to understand aggregated usage and app performance. When we use analytics, we aim to use aggregated or pseudonymized data where possible.

We do not sell your personal data.

We do not share customer-level Shopify order or payment information with third parties except as necessary to operate the Service or comply with the law.

5. International Transfers

Our Service and third-party providers may be located in countries outside your own, including outside the EU/EEA. When personal data is transferred internationally, we take steps to ensure an adequate level of protection consistent with applicable law (for example, GDPR), such as using contracts with appropriate data protection clauses.

6. Your Rights

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

• • Access – request a copy of the personal data we hold about you.
• • Rectification – request correction of inaccurate or incomplete data.
• • Erasure – request deletion of your data, subject to legal retention requirements.
• • Restriction – request that we limit how we use your data.
• • Objection – object to certain types of processing, such as direct marketing (we currently do not use your data for direct marketing).
• • Data portability – request a copy of your data in a structured, machine-readable format where applicable.
• • Withdrawal of consent – where we rely on consent, you may withdraw it at any time (this will not affect processing carried out before withdrawal).

You can exercise these rights by contacting us at [email protected]. We may need to verify your identity before fulfilling certain requests.

7. Cookies and Similar Technologies

Our app may use cookies or similar technologies:

• • To maintain your session within the embedded app interface (for example, authentication/session cookies),
• • To support technical operations such as CSRF protection or load balancing,
• • To support analytics (we currently use Mixpanel to collect pseudonymous usage events as described in Section 2).

You can adjust your browser settings to block or delete cookies. However, some features of the Service may not work properly if cookies are disabled.

8. Security

We implement reasonable technical and organizational measures to protect your information, including:

• • Encrypted connections (HTTPS/SSL) wherever possible,
• • Access controls and least-privilege principles for our systems,
• • Regular updates and security patches for our infrastructure.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You use the Service at your own risk.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we may also notify you through the app interface or by email, where appropriate.

Your continued use of the Service after an updated Privacy Policy is posted constitutes your acceptance of the changes.

10. Contact Us