Checkout Enhancer

Privacy Policy

Checkout Enhancer stores the configuration you create — your checkout blocks and their settings. It does not store your customers’ personal data.

Last updated July 12, 2026

Summary

This section is a plain-English overview. The sections that follow are the policy itself.

  • What we store

    Your store’s domain, your plan and billing status, the checkout blocks you build, and the access token that lets the app talk to your store.

  • What we don’t

    No customer names, emails, addresses, orders, carts, or payment details. Nothing a shopper types into checkout is sent to our servers.

  • When it’s deleted

    Uninstalling removes your session immediately. Everything else is erased when Shopify sends the shop redaction request, about 48 hours later.

What we collect

Checkout Enhancer is a merchant tool. Everything it stores is store-level configuration or the credentials needed to apply that configuration to your checkout.

Store information

Your .myshopify.com domain, your store’s Shopify identifier, whether the store is on a Plus or development plan, your Checkout Enhancer plan and billing interval, the identifier of your active subscription, and the date you installed the app.

Account information

When you authenticate, Shopify issues us a session. Depending on your store’s configuration, that session may include the name, email address, locale, and Shopify user ID of the staff member who installed or opened the app, along with an access token. We use these solely to keep you signed in and to make authorised API calls on your store’s behalf.

Block configuration

The blocks you create and everything you configure on them — names, ordering, draft or active status, layout, and each block’s settings such as headings, body text, timer durations, free-shipping thresholds, coupon codes, testimonials, and FAQ entries. This is the content of the app, and it is entered by you.

Images

Images you upload through an Image block are sent directly to Shopify Files and served from Shopify’s CDN. We do not store image files on our own infrastructure.

Logs

Our hosting provider keeps standard operational logs — request times, error traces, and the shop domain associated with a request — which we use to diagnose faults and keep the service running.

What we never collect

The app has no customer-level data, by design and not merely by policy. Our checkout blocks render inside Shopify’s checkout sandbox and read cart state locally to decide what to display; that state is never transmitted to us.

  • Customer names, email addresses, phone numbers, or addresses
  • Orders, line items, or cart contents
  • Payment card details or any financial instrument
  • Values a shopper enters into a custom field, gift message, or date picker — these are written to the Shopify order as checkout attributes and stay within Shopify
  • Behavioural tracking, advertising identifiers, or fingerprints

Because we hold no customer data, a request under customers/data_request or customers/redact has nothing to return or erase. We acknowledge such requests and take no further action.

How we use it

We use the information above only to:

  • Authenticate you and keep your session active
  • Save your blocks and publish them to your checkout through Shopify’s metafields
  • Determine which features your plan includes, and process billing through Shopify
  • Diagnose errors and maintain the reliability of the service
  • Respond to you when you contact support

We do not sell your data, share it for advertising, or use it to train machine-learning models.

Sharing & subprocessors

We share data only with the infrastructure providers required to run the app:

ProviderPurposeData involved
ShopifyPlatform, authentication, billing, file storageStore and account information, uploaded images
Fly.ioApplication hostingRequests in transit, operational logs
NeonManaged PostgreSQL databaseStore information, sessions, block configuration

We may also disclose information where we are legally required to do so. We will not do so voluntarily.

Storage & security

Data is stored in a managed PostgreSQL database and transmitted over TLS. Access tokens are stored so the app can call the Shopify Admin API on your behalf; they are scoped to the permissions you granted at install (write_products and write_files) and are never exposed to the browser. Every incoming webhook is HMAC-verified before it is processed, and requests that fail verification are rejected.

No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you without undue delay.

Retention & deletion

We keep your data for as long as the app is installed, because it is your configuration — deleting it would delete your work.

  • On uninstall — your session and access token are deleted immediately, and the app can no longer reach your store.
  • About 48 hours later — Shopify sends a shop redaction request, and we erase the store record together with every block and block setting belonging to it.
  • On request — you can ask us to erase your data at any time by writing to the address below.

Your rights

Depending on where you live, you may have the right to access, correct, export, or erase the personal data we hold about you, to object to or restrict its processing, and to complain to a data protection authority. The personal data we hold is limited to the account information described above.

To exercise any of these rights, email us. We will respond within 30 days.

Cookies

The admin interface sets only the session cookies required to keep you signed in and to protect against cross-site request forgery. We use no analytics, advertising, or third-party tracking cookies. Our checkout blocks set no cookies at all.

Changes

If we change this policy, we will update the date at the top of this page. If a change materially affects how we handle your data, we will tell you inside the app before it takes effect.

Contact

Questions about this policy, or about the data we hold, go to:

jawadpugc@gmail.com