Privacy Policy

This Privacy Policy explains how Price History & Schedules ("the App," "we," "us," or "our") collects, uses, stores, and protects information when you install and use our Shopify embedded admin application.

The App is designed for Shopify store administrators and operates on a multi-tenant model where each Shopify store has its own isolated data environment.

By installing the App, you agree to the practices described in this Privacy Policy.

To provide our price history tracking, price scheduling, analytics, and data export features, we collect the following types of information:

2.1 Shop Information

• Shopify shop identifier (shop domain, shop ID)
• Store name and timezone
• Access tokens required to communicate with Shopify APIs

2.2 Product and Variant Data

• Product identifiers (product IDs, variant IDs, SKUs)
• Product titles and variant names
• Current and historical pricing information (prices, compare-at prices)
• Inventory tracking identifiers

2.3 App Configuration

• Price scheduling rules and configurations created by store administrators
• Export preferences and settings
• Feature preferences and notification settings

2.4 Usage Analytics

• Feature usage patterns within the App
• Error logs and performance metrics necessary for troubleshooting and service improvement

We want to be transparent about what we do not collect:

• Customer Personal Data: We do not access, collect, or store any of your customers' personal information (names, email addresses, shipping addresses, etc.)
• Payment Information: We do not access or store credit card numbers, payment credentials, or financial account information
• Admin Credentials: We do not store your Shopify admin password or authentication credentials
• Order Data: We do not collect information about customer orders or transactions
• Customer Browsing Behavior: We do not track or store any storefront visitor or customer activity

We collect the data described above for the following purposes:

We only request the minimum Shopify API scopes necessary to deliver the App's functionality (read_products,write_products, and related product listing scopes).

5.1 Database

Your data is stored in a PostgreSQL database hosted by Supabase. Supabase provides managed database services with built-in security features including encryption at rest and in transit.

5.2 Application Hosting

The App's web application and background services (including scheduled jobs and webhook processors) are hosted on Railway, a cloud platform provider.

5.3 Shopify Integration

The App communicates with Shopify through official Shopify APIs and webhooks. We receive real-time updates about product changes via Shopify webhooks to keep price history data accurate and up-to-date.

6.1 Automatic Deletion Upon Uninstall

When you uninstall the App from your Shopify store:

• We receive an uninstall notification from Shopify via webhook
• All data associated with your shop (price history, schedules, configurations, and analytics) is queued for automatic deletion
• Data deletion is completed within 30 days of uninstallation

6.2 Manual Data Deletion Request

You may request deletion of your data at any time, even before uninstalling the App:

• Send an email to support@cymage-labs.com with the subject line "Data Deletion Request"
• Include your Shopify store domain (e.g., your-store.myshopify.com)
• We will process your request and confirm deletion within 14 business days

6.3 Shopify Compliance Webhooks

We respond to Shopify's mandatory compliance webhooks:

• Shop Data Erasure Requests: We delete all shop-related data upon receiving a shop/redact webhook
• Customer Data Requests: Since we do not collect customer personal data, we respond confirming no customer data is stored

We implement industry-standard safeguards to protect your data:

• Encryption in Transit: All data transmitted between your browser, our servers, and Shopify uses TLS/HTTPS encryption
• Encryption at Rest: Database data is encrypted using AES-256 encryption provided by our infrastructure providers
• Access Controls: Access to production systems and data is restricted to authorized personnel only
• Secure Authentication: We use Shopify's OAuth 2.0 flow for authentication and securely store access tokens
• Regular Updates: We keep our dependencies and infrastructure updated to address known security vulnerabilities

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

As a merchant using our App, you have the following rights regarding your data:

8.1 Right to Access

You may request a copy of the data we store about your shop. Contact us at support@cymage-labs.com to submit an access request.

8.2 Right to Correction

If you believe any data we hold is inaccurate, please contact us to request a correction.

8.3 Right to Deletion

You may request deletion of your data at any time (see Section 6.2). Uninstalling the App will also trigger automatic data deletion.

8.4 Right to Data Portability

You may request an export of your data in a machine-readable format. Contact us to arrange this.

8.5 Exercising Your Rights

To exercise any of these rights, email support@cymage-labs.com with your request and your Shopify store domain. We will respond within 14 business days.

The App relies on the following third-party services to operate:

We do not sell, rent, or share your data with third parties for marketing purposes. Data is only shared with the service providers listed above as necessary to operate the App.

Your data may be processed and stored in data centers located outside your country of residence. Our infrastructure providers (Supabase and Railway) maintain data centers in various regions. By using the App, you consent to such transfers in accordance with the security measures described in this policy.

The App is intended for use by Shopify store administrators (businesses) and is not directed at individuals under the age of 18. We do not knowingly collect information from children.

We may update this Privacy Policy from time to time. When we make changes:

• The "Last Updated" date at the top of this policy will be revised
• For significant changes that materially affect your rights or how we handle your data, we will provide notice through the App interface or via email to the store admin email associated with your Shopify account
• Continued use of the App after changes become effective constitutes acceptance of the revised policy

We encourage you to review this Privacy Policy periodically.

This Privacy Policy is made available in the following locations:

1. App Website: Publicly accessible at https://chronos.cymage-labs.com/privacy
2. Embedded App Settings: Linked in the Settings page under the "Support" section within the Shopify Admin embedded app
3. Website Footer: Linked in the footer of our main website at https://chronos.cymage-labs.com

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@cymage-labs.com

Subject Line Suggestions:

• Privacy Policy Question
• Data Access Request
• Data Deletion Request
• Data Correction Request

We typically respond within 1-2 business days.

This Privacy Policy and any disputes arising from it are governed by the laws of the jurisdiction in which the App operator is established, without regard to conflict of law principles.