Privacy Policy — LocaleFlow

Who we are

Controller: [Your Company Legal Name] (“we”, “us”, “our”)
Address: [Street, City, Country]
Email: privacy@[yourdomain].com

What we collect

From your Shopify store (via Shopify APIs)

• Store identifiers: shop domain, shop ID, store name, primary locale, timezone.
• Content to translate: products, collections, pages, blogs, navigation, theme content, metafields.
• App configuration: language settings, approvals, workflow preferences.
• Technical data: API scopes granted, app install/uninstall events, error logs.

From account users

• Admin user name and email for workspace access and notifications.
• Support communications and app feedback.

We do not collect

• Shopper payment card numbers.
• End-customer passwords.
• Sensitive categories unless you provide them to us for support.

Why we use your data

• Provide and operate the app, including translations and language management.
• Detect source text changes and keep translations in sync.
• Authenticate your store and secure API access.
• Support, troubleshooting, and product improvement.
• Billing through Shopify, tax and compliance.

Legal bases (EEA/UK)

• Performance of a contract (to deliver the app features you install).
• Legitimate interests (security, fraud prevention, product improvement).
• Legal obligation (tax, accounting, regulatory requests).
• Consent where required (e.g., optional notifications).

Retention

• Operational data is retained while the app is installed.
• Upon uninstall, access tokens are revoked promptly.
• Store-specific data (translations, logs, settings) is deleted within 30 days after uninstall, unless law requires longer.
• Support tickets and invoices may be kept up to 6 years for compliance.

Sharing and processors

We use service providers (processors) to host, store, and process data on our behalf. They may include cloud hosting, error monitoring, logging, and email delivery. We require confidentiality, security, and data-processing terms from each provider.

We also share data with Shopify as needed to operate within the Shopify ecosystem. We do not sell personal data.

International transfers

Where data is transferred outside your region, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, plus technical and organizational measures.

Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing.

• To make a request, contact n@blicker.dk.
• If we process data on behalf of a Shopify merchant, we will direct end-customer requests to that merchant.

Security

We apply least-privilege access, encryption in transit, secure key management, and regular monitoring. No method is 100% secure, but we strive to protect your data with appropriate controls.

Shopify uninstall and data deletion

• Uninstall the app from your Shopify Admin to stop data flow.
• We revoke tokens promptly and schedule remaining store data for deletion within 30 days.
• You can request expedited deletion at n@blicker.dk.

Cookies

We may use strictly necessary cookies for authentication and session management within the app. Any optional analytics will be disclosed and, where required, controlled by consent.