Privacy Policy

Effective Date: 23.06.2025

This Privacy Policy explains how Tododo ("we", "us", or "our") collects, uses, and protects data when you use our Shopify app (the “App”). We are committed to being transparent about data practices and ensuring compliance with all applicable privacy laws.

1. About the App

Tododo is a Shopify embedded admin application designed to help merchants manage tasks related to their store’s products. It allows users to create and edit product content, upload images, write descriptions, and manage metadata. The App is integrated with Shopify and functions entirely within the merchant’s store environment.

2. Information We Collect via Shopify APIs

To provide the App’s services, we access limited information through Shopify’s APIs. This includes:

• Product data (title, description, tags, images, variants, metafields)
• Store asset information (e.g., uploaded files for products)
• Store name, domain, and basic configuration (used to establish the connection)

We do not access or store any personal data about customers, such as names, email addresses, or order histories.

3. Information Collected Directly from Merchants

When you install the App, we receive your store's basic profile information from Shopify, including your shop domain and the store owner's contact email. This information is used strictly for authentication, subscription validation, and sending important service updates (such as policy changes). We do not collect personal addresses or phone numbers.

We do not maintain usage logs tied to individuals. Any diagnostic logs we may generate are anonymous and used strictly for debugging or performance optimization.

4. Information from Customers of Merchants

We do not collect or interact with customer data. Our App operates only in the Shopify Admin and does not place cookies, scripts, or trackers on storefront pages visited by customers. We do not receive or process any data about how customers use merchant stores.

5. How We Use the Information

Any data accessed from Shopify is used only to:

• Display and manage product data inside the App UI
• Enable content editing and media upload features
• Validate subscription status using Shopify’s Billing API

We do not use any data for advertising, analytics, profiling, or any other secondary purposes.

6. Data Storage and Retention

We do not persistently store personal or sensitive information. Any temporary data (such as uploaded images) is stored securely and deleted automatically after processing is complete or within 24–48 hours.

All data is transmitted securely using industry-standard encryption (HTTPS/TLS). If we must retain metadata for licensing or billing (e.g., store domain and plan level), it is stored securely and never shared.

7. Data Storage and Hosting

Our App is hosted on secure cloud infrastructure provided by Render, with servers located in Oregon, United States. We do not own physical servers, nor do we maintain persistent databases for merchant personal data.

International Data Transfers: Because our servers are located in the United States, if you are accessing the App from the European Economic Area (EEA) or the UK, your connection data will be transferred outside of your jurisdiction. We ensure that our hosting provider (Render) complies with strict data protection standards, including GDPR, and relies on legally approved data transfer mechanisms to safeguard any temporary data processed during your session.

8. Data Rights & Shopify Privacy Webhooks

We comply fully with Shopify’s mandatory privacy webhooks (customers/data_request, customers/redact, and shop/redact). Because our App does not collect or store any customer data, any requests to view or delete customer data routed to us through Shopify are automatically resolved, as no such data exists in our systems.

Regarding your merchant data, we acknowledge your rights under laws such as:

• GDPR (Europe): Right to access, correct, restrict, delete, or object to data processing.
• CCPA (California): Right to know what data is collected, request deletion, or opt out of sale (note: we do not sell data).
• PDPA (Singapore): Similar rights to access, correct, and withdraw consent.

If you have questions or concerns, please contact us using the information below. We will respond to requests within the timeframes required by law.

9. Data Protection Officer (DPO)

If required by law, we will appoint a Data Protection Officer (DPO) to monitor compliance. At this time, our operations do not require mandatory appointment of a DPO, but privacy responsibilities are managed internally by our compliance lead.

10. Marketing and Tracking

This App does not perform marketing functions and does not use merchant or customer data for direct marketing, retargeting, or analytics. If these practices ever change, we will first obtain clear and lawful consent in accordance with applicable data privacy regulations.

11. Cookies and Analytics

We do not use cookies or third-party analytics in the App interface. Shopify may use session-based cookies to manage authentication and permissions, but these are handled independently from our App.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If significant changes are made, we will notify you via email or in-app notification. We encourage you to review this policy periodically to remain informed about how we protect your data.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, you may contact us at:

Email: dev@mkuriata.com
Business Name: mkuriata
Address:
Mickiewicza 1A/5
55-300 Środa Śląska
Poland

By using the App, you agree to the terms of this Privacy Policy.