// Privacy.jsx — privacy policy page const PRIVACY_SECTIONS = [ { id: 'preamble', title: 'Preamble' }, { id: 'who-we-are', title: '01 · Who we are' }, { id: 'information-we-collect', title: '02 · Information we collect' }, { id: 'how-we-use', title: '03 · How we use information' }, { id: 'shopify-data', title: '04 · Shopify merchant data' }, { id: 'sharing', title: '05 · Sharing & disclosure' }, { id: 'cookies', title: '06 · Cookies & analytics' }, { id: 'retention', title: '07 · Retention & deletion' }, { id: 'security', title: '08 · Security' }, { id: 'rights', title: '09 · Your rights' }, { id: 'international', title: '10 · International transfers' }, { id: 'children', title: '11 · Children' }, { id: 'changes', title: '12 · Changes to this policy' }, { id: 'contact', title: '13 · Contact' }, ]; const Privacy = () => { const [active, setActive] = React.useState('preamble'); React.useEffect(() => { const narrow = typeof window !== 'undefined' && window.matchMedia('(max-width: 899px)').matches; // Tight root margins + short mobile viewports can shrink the IO root to ~0; keep a usable band. const rootMargin = narrow ? '-12% 0px -35% 0px' : '-22% 0px -50% 0px'; const obs = new IntersectionObserver((entries) => { entries.forEach(e => { if (e.isIntersecting) { setActive(e.target.id); } }); }, { rootMargin, threshold: [0, 0.08, 0.2] }); PRIVACY_SECTIONS.forEach(s => { const el = document.getElementById(s.id); if (el) { obs.observe(el); } }); return () => obs.disconnect(); }, []); return (
{/* Title block */}
Legal · Effective Jan 1, 2026

Privacy
policy.

How StoreOn Web Solutions collects, uses, and safeguards information from the merchants and visitors we chart our work by.

Full moon · Art. § ∞
Version 3.2 Effective 2026-01-01 Last reviewed 2026-04-12 Reading time ~ 7 min
{/* TOC */} {/* Body */}

At StoreOn Web Solutions, privacy is a craft — one we treat with the same deliberate attention we bring to every line of code. This policy describes, in as plain a voice as we can manage, what information we collect from you and the merchants we serve, why we collect it, and the rights you hold over it.

We are a small, store-owned agency: there is no opaque committee behind these paragraphs. If something here is unclear, write to us and a human will answer.

StoreOn Web Solutions ("StoreOn," "we," "us," "our") is an independent web agency focused on Shopify application development — both public apps distributed on the Shopify App Store and private, custom apps built for individual merchants.

Our legal entity is StoreOn Web Solutions Ltd., registered in the jurisdiction disclosed on request. Our contactable privacy representative is the founder, who receives all inquiries sent to the addresses listed below.

For the purposes of the General Data Protection Regulation (GDPR) and analogous instruments, we act as a data controller for information we collect directly, and as a data processor for information merchants entrust to us through their Shopify stores.

We collect only what we need. The categories of information we may collect include:

  • Identification data. Your name, business name, email address, and — if you choose to share it — a phone number, when you contact us or engage our services.
  • Commercial data. The details of our engagement: project scope, invoices, tax information, and correspondence relating to work performed.
  • Technical data. When you visit our website, basic request metadata — IP address, user agent, referrer, timestamps — is recorded briefly for operational reasons.
  • Shopify data. When installing or using apps we have built, Shopify will transmit limited merchant and, in some cases, customer data to the app. See section 04.
  • Communications. The contents of emails, calls, and project management threads you exchange with us.

We do not purchase personal information from data brokers, nor do we enrich what you provide us with third-party profiles.

We use the information described above for the following purposes:

  • To deliver the services you have engaged us for;
  • To correspond with you about your project, proposals, or inquiries;
  • To issue invoices and meet tax and accounting obligations;
  • To maintain and improve our own website and internal tooling;
  • To comply with legal and regulatory obligations applicable to our profession.

We do not use your information for automated decision-making with legal or significant effects, nor do we profile you for advertising purposes.

A significant portion of our work involves apps that operate inside the Shopify ecosystem. When a merchant installs an app we have built, Shopify grants that app specific scopes of access — for example, to orders, products, or customer records — under the permissions the merchant explicitly approves.

In those cases, we act on the merchant's behalf as a data processor. We handle Shopify data strictly for the purpose of operating the app, and in accordance with Shopify's API License and Terms of Use, the Shopify Partner Program Agreement, and the Shopify Protected Customer Data requirements where applicable.

We honour the mandatory compliance webhooks Shopify requires of app developers — customers/redact, shop/redact, and customers/data_request — within the timeframes Shopify prescribes.

We do not sell personal information. We share it only in narrow, described circumstances:

  • Sub-processors. Infrastructure providers we rely on to operate our services — hosting, email, analytics, payment processors. Each is bound by a data processing agreement consistent with this policy.
  • Legal compliance. When we are required by law, valid court order, or regulatory authority to disclose information.
  • Business transfers. In the unlikely event of a merger, acquisition, or dissolution, information may transfer to a successor entity, with prior notice to you.
  • With your consent. In any other circumstance, only where you have expressly agreed.

Our website uses a small set of cookies: strictly necessary cookies that keep the site functional, and — only where you have consented — an analytics cookie that helps us understand which pages are most useful. We use a privacy-respecting analytics provider that does not create cross-site profiles.

You can withdraw your consent at any time through the cookie banner, or by clearing cookies through your browser.

We retain personal data only for as long as it is necessary for the purposes it was collected for. Concretely:

  • Inquiry correspondence is kept for up to 24 months, then deleted unless an engagement follows;
  • Client project data is kept for the duration of the engagement plus 7 years for accounting purposes;
  • Technical logs are kept for 30 days;
  • Shopify merchant and customer data is retained only while the app is installed and for the short periods Shopify's compliance webhooks require.

We protect information with measures proportionate to its sensitivity: encrypted transport (HTTPS), encryption at rest on services we control, strict access control on sensitive stores, regular dependency review, and principle-of-least-privilege access for staff and contractors.

No system is absolutely secure. In the event of a personal data breach affecting your rights, we will notify you and, where required, the relevant supervisory authority within 72 hours of becoming aware of it.

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate information;
  • Request deletion (the "right to be forgotten");
  • Restrict or object to certain processing;
  • Receive your data in a portable, machine-readable format;
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, write to storeon.shopify.support@gmail.com. We respond within 30 days.

Some of the sub-processors we work with are located outside your jurisdiction. Where personal data is transferred across borders, we rely on appropriate safeguards — standard contractual clauses, adequacy decisions, or equivalent instruments — to ensure your information remains protected to the same standard as described here.

Our services are directed at merchants and businesses, not children. We do not knowingly collect personal information from anyone under the age of 16. If you believe a child has provided us with information, please contact us and we will delete it.

We revise this policy periodically. When the changes are material, we will notify active clients by email and update the "Last reviewed" date at the top of this page. Continued use of our services after a revision constitutes acceptance of the updated policy.

You can reach our privacy representative at:

StoreOn Web Solutions
Attn: Privacy
storeon.shopify.support@gmail.com
— Reply within 7 days

— Thank you for reading. May your orbit be steady. ✦

); }; const bodySectionStyle = { marginBottom: 64, scrollMarginTop: 100 }; const dropStyle = { margin: 0, position: 'relative' }; const dropCapStyle = { float: 'left', fontFamily: 'var(--serif)', fontStyle: 'italic', fontSize: 72, lineHeight: 0.85, marginRight: 12, marginTop: 6, color: 'var(--ink)', fontWeight: 400, }; const listStyle = { padding: 0, listStyle: 'none', margin: '16px 0', display: 'flex', flexDirection: 'column', gap: 12 }; const codeStyle = { fontFamily: 'var(--mono)', fontSize: 13, padding: '2px 6px', background: 'var(--bg-elev)', border: '1px solid var(--rule-soft)', borderRadius: 3, whiteSpace: 'nowrap' }; const linkStyle = { color: 'var(--ink)', textDecoration: 'underline', textDecorationThickness: '0.5px', textUnderlineOffset: 3 }; const Section = ({ id, title, children }) => (

{title}

{children}
); const SectionMark = () => (
✦ ☾ ✦
); Object.assign(window, { Privacy });