Privacy Policy

1. Introduction

AltFlow ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify apps and visit our website. This policy applies to merchants who install our apps and their customers whose data may be processed through our services.

By using our services, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not install or use our apps.

2. Information We Collect

2.1 Merchant Information

When you install and use our Shopify apps, we collect:

• Store name, URL, and Shopify shop domain
• Contact information (name, email address, phone number)
• Store settings and configuration data
• Product information (titles, descriptions, images, inventory)
• Order information (order numbers, amounts, status)
• App usage data and analytics
• Billing and subscription information

2.2 Customer Data

Our apps may process customer data on behalf of merchants, including:

• Customer names and contact information
• Order history and transaction details
• Uploaded images and product customization data
• IP addresses and browser information
• Device information and usage patterns

2.3 Automatically Collected Information

We automatically collect certain information when you use our apps:

• Log data (IP address, browser type, pages visited, time stamps)
• Device information (operating system, unique device identifiers)
• Cookies and similar tracking technologies
• Performance metrics and error reports

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our apps and services
• Process transactions and manage subscriptions
• Enable core app functionality (e.g., image uploads, product management)
• Respond to your comments, questions, and support requests
• Send technical notices, updates, security alerts, and administrative messages
• Monitor and analyze trends, usage, and activities to improve user experience
• Detect, prevent, and address technical issues and security vulnerabilities
• Comply with legal obligations and enforce our terms of service
• With your consent, send promotional communications about new features or services

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and the context:

• Contract Performance: Processing is necessary to perform our contract with you (providing app services)
• Legitimate Interests: We process data for our legitimate business interests (improving our services, fraud prevention)
• Legal Compliance: We process data to comply with legal obligations
• Consent: You have given explicit consent for specific processing activities

5. Data Sharing and Disclosure

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and storage providers
• Payment processors
• Analytics services
• Customer support tools
• Email service providers

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

5.2 Shopify Platform

Our apps integrate with and rely on Shopify's platform. Data is exchanged with Shopify in accordance with their API Terms of Service and Privacy Policy. We access your Shopify store data only through approved API scopes necessary for app functionality.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests (subpoenas, court orders, government requests)
• Protection of our rights, privacy, safety, or property
• Enforcement of our terms of service
• Investigation of potential violations or fraud

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

5.5 No Selling of Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Retention

We retain your information for as long as necessary to:

• Provide our services and fulfill the purposes described in this policy
• Comply with legal obligations (tax, accounting, audit requirements)
• Resolve disputes and enforce our agreements

When you uninstall our app, we will delete or anonymize your data within 90 days, unless we are required to retain it for legal purposes. You may request immediate deletion by contacting us.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication using OAuth 2.0
• Regular security assessments and vulnerability testing
• Access controls and least-privilege principles
• Secure coding practices and regular security updates
• Employee training on data protection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Access and Portability

You have the right to access and receive a copy of your personal information in a structured, commonly used, and machine-readable format.

8.2 Correction and Update

You have the right to request correction of inaccurate or incomplete personal information. You can update most information through your Shopify admin panel.

8.3 Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions. You can delete your data by uninstalling our app or contacting us directly.

8.4 Objection and Restriction

You have the right to object to our processing of your information or request restriction of processing in certain circumstances.

8.5 Withdraw Consent

If we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

8.6 Marketing Communications

You can opt out of receiving promotional emails by clicking the "unsubscribe" link in any marketing email or contacting us. You cannot opt out of transactional or service-related messages.

8.7 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at privacy@altflow.app. We will respond to your request within 30 days.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data from the EEA to other countries, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. Types of cookies we use:

• Essential Cookies: Required for app functionality and security
• Analytics Cookies: Help us understand how users interact with our apps
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our apps.

11. Children's Privacy

Our services are not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. Compliance with Privacy Laws

We comply with applicable privacy laws and regulations, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Personal Information Protection and Electronic Documents Act (PIPEDA)
• Shopify's API Terms of Service and Data Protection requirements

We subscribe to mandatory webhooks as required by Shopify to handle data subject requests (customer data requests, customer redaction, shop redaction).

13. Third-Party Links and Services

Our apps may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top
• Sending you an email notification (for significant changes)
• Displaying a prominent notice in our apps

Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

15. Data Protection Officer

If you have questions about how we handle your personal data, you can contact our Data Protection Officer at dpo@altflow.app.

16. Complaints and Supervisory Authority

If you believe your privacy rights have been violated, you have the right to lodge a complaint with a supervisory authority in your jurisdiction. For EEA residents, you can find your data protection authority at https://edpb.europa.eu/about-edpb/board/members_en.

17. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all requests within 30 days.