Summary
This section is a plain-English overview. The sections that follow are the policy itself.
-
What we store
Your store’s domain, your plan and billing status, the checkout blocks you build, and the access token that lets the app talk to your store.
-
What we don’t
No customer names, emails, addresses, orders, carts, or payment details. Nothing a shopper types into checkout is sent to our servers.
-
When it’s deleted
Uninstalling removes your session immediately. Everything else is erased when Shopify sends the shop redaction request, about 48 hours later.
What we collect
Checkout Enhancer is a merchant tool. Everything it stores is store-level configuration or the credentials needed to apply that configuration to your checkout.
Store information
Your .myshopify.com domain, your store’s Shopify identifier, whether the store is on a Plus or development plan, your Checkout Enhancer plan and billing interval, the identifier of your active subscription, and the date you installed the app.
Account information
When you authenticate, Shopify issues us a session. Depending on your store’s configuration, that session may include the name, email address, locale, and Shopify user ID of the staff member who installed or opened the app, along with an access token. We use these solely to keep you signed in and to make authorised API calls on your store’s behalf.
Block configuration
The blocks you create and everything you configure on them — names, ordering, draft or active status, layout, and each block’s settings such as headings, body text, timer durations, free-shipping thresholds, coupon codes, testimonials, and FAQ entries. This is the content of the app, and it is entered by you.
Images
Images you upload through an Image block are sent directly to Shopify Files and served from Shopify’s CDN. We do not store image files on our own infrastructure.
Logs
Our hosting provider keeps standard operational logs — request times, error traces, and the shop domain associated with a request — which we use to diagnose faults and keep the service running.
What we never collect
The app has no customer-level data, by design and not merely by policy. Our checkout blocks render inside Shopify’s checkout sandbox and read cart state locally to decide what to display; that state is never transmitted to us.
- Customer names, email addresses, phone numbers, or addresses
- Orders, line items, or cart contents
- Payment card details or any financial instrument
- Values a shopper enters into a custom field, gift message, or date picker — these are written to the Shopify order as checkout attributes and stay within Shopify
- Behavioural tracking, advertising identifiers, or fingerprints
Because we hold no customer data, a request under customers/data_request or customers/redact has nothing to return or erase. We acknowledge such requests and take no further action.
How we use it
We use the information above only to:
- Authenticate you and keep your session active
- Save your blocks and publish them to your checkout through Shopify’s metafields
- Determine which features your plan includes, and process billing through Shopify
- Diagnose errors and maintain the reliability of the service
- Respond to you when you contact support
We do not sell your data, share it for advertising, or use it to train machine-learning models.
Storage & security
Data is stored in a managed PostgreSQL database and transmitted over TLS. Access tokens are stored so the app can call the Shopify Admin API on your behalf; they are scoped to the permissions you granted at install (write_products and write_files) and are never exposed to the browser. Every incoming webhook is HMAC-verified before it is processed, and requests that fail verification are rejected.
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you without undue delay.
Retention & deletion
We keep your data for as long as the app is installed, because it is your configuration — deleting it would delete your work.
- On uninstall — your session and access token are deleted immediately, and the app can no longer reach your store.
- About 48 hours later — Shopify sends a shop redaction request, and we erase the store record together with every block and block setting belonging to it.
- On request — you can ask us to erase your data at any time by writing to the address below.
Your rights
Depending on where you live, you may have the right to access, correct, export, or erase the personal data we hold about you, to object to or restrict its processing, and to complain to a data protection authority. The personal data we hold is limited to the account information described above.
To exercise any of these rights, email us. We will respond within 30 days.
Changes
If we change this policy, we will update the date at the top of this page. If a change materially affects how we handle your data, we will tell you inside the app before it takes effect.
Contact
Questions about this policy, or about the data we hold, go to: