Privacy Policy

App: Terms and Conditions (TermGuard) · Effective date: May 29, 2026 · termsguard.orbitsdev.com

This Privacy Policy explains how Terms and Conditions (“the App”, “we”, “us”, or “our”) collects, uses, stores, and shares information when a merchant installs and uses the App on a Shopify store, and when store visitors interact with terms-and-conditions features on that storefront.

By installing or using the App, you (the merchant) agree to the practices described in this policy. If you do not agree, please uninstall the App.

1. Who this policy applies to

Merchants — Shopify store owners and staff who install and configure the App in Shopify Admin.
Store visitors / customers — people who browse a merchant’s storefront where the App’s terms checkbox is displayed.

The merchant is the data controller for customer-facing data on their store. We act as a data processor/service provider when handling information on the merchant’s behalf to operate the App.

2. Information we collect

2.1 Merchant and store information

When you install or use the App, we may collect:

Store identifiers — store domain (e.g. example.myshopify.com), Shopify store ID, and app installation ID.
Contact details — store owner name, store email, and related shop profile fields provided by Shopify during installation.
Authentication data — Shopify access tokens and refresh tokens required to operate the App and sync settings to your store.
App configuration — terms text, links, design settings, placement rules, alert messages, custom CSS/scripts, and related preferences you save in the App.
Support communications — information you submit through our contact/support form (name, email, subject, message, optional collaborator code, store password for staging access, and page details).
Operational logs — technical error and activity records stored in our database to maintain, secure, and troubleshoot the App.

2.2 Storefront and analytics information

When a store visitor interacts with the terms-and-conditions checkbox, the App may:

Store acceptance state in the browser — use local storage on the visitor’s device to remember whether they accepted the terms during their session or return visit (keyed to the store domain). This data stays on the visitor’s device unless they clear browser storage.
Record aggregate analytics — count anonymous events such as checkbox checks and blocked checkout attempts, grouped by page type (cart, product, collection, or custom placement) and by date. These analytics do not include customer names, email addresses, IP addresses, or Shopify customer IDs.

2.3 Information we do not collect

We do not require store visitors to create an account in the App.
We do not sell personal information.
We do not use storefront analytics to build individual customer profiles.

3. How we use information

Display and enforce terms-and-conditions acceptance on your Shopify storefront.
Save, sync, and apply your App settings through Shopify metafields and theme app extensions.
Provide analytics summaries to merchants about checkbox usage and blocked checkout attempts.
Authenticate API requests and protect the App from abuse.
Respond to support requests and improve App reliability.
Comply with legal obligations and Shopify platform requirements.

4. How we share information

We share information only when necessary:

Shopify — to operate the embedded app, theme extension, metafields, and mandatory compliance webhooks.
Service providers — hosting, database, email delivery (e.g. transactional support email), and infrastructure vendors that process data on our behalf under confidentiality obligations.
Legal and safety — when required by law, regulation, legal process, or to protect rights, safety, and security.

We do not sell or rent merchant or customer personal information to third parties for their marketing purposes.

5. Data retention

While installed — we retain store settings, tokens, and analytics needed to provide the App.
After uninstall — when the App is uninstalled, we deactivate access and delete or anonymize merchant data within a reasonable period, except where retention is required by law or for legitimate security/audit purposes.
Analytics — aggregate daily statistics are retained to show historical usage in the merchant dashboard until deleted as part of store data removal.
Support requests — retained as long as needed to resolve the inquiry and maintain support records.

6. Security

We use reasonable administrative, technical, and organizational safeguards to protect information, including encrypted Shopify token handling, signed API requests for storefront analytics, and access controls on our servers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. International data transfers

Your information may be processed and stored in countries other than your own. Where required, we take steps designed to ensure appropriate safeguards for cross-border transfers.

8. Your rights and choices

Merchants can uninstall the App at any time from Shopify Admin → Apps.
Merchants can contact us to request access, correction, or deletion of data we hold about their store, subject to legal requirements.
Store visitors can clear browser local storage to remove locally stored terms acceptance state.

Depending on your location, you may have additional rights under applicable privacy laws (such as GDPR, UK GDPR, or CCPA/CPRA). To exercise those rights, contact us using the email below.

9. Shopify mandatory privacy webhooks

The App subscribes to Shopify’s mandatory compliance webhooks and processes them as follows:

customers/data_request — if we hold customer personal data related to a request, we will provide it to the merchant so they can respond to the customer.
customers/redact — we delete or anonymize customer-related data we store, if any, in response to a redaction request.
shop/redact — after a store uninstalls the App and Shopify sends a shop redaction request, we delete or anonymize remaining shop data associated with that store.

Because the App’s storefront analytics are aggregated and anonymous, we typically do not store identifiable end-customer personal data on our servers.

10. Merchant responsibilities

Merchants are responsible for providing their own legally adequate terms and conditions, privacy notices, and consent flows to their customers. The App provides tools to display and require acceptance of terms you configure; it does not provide legal advice.

11. Children’s privacy

The App is not directed to children under 16, and we do not knowingly collect personal information from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version on this page and update the effective date above. Continued use of the App after changes become effective constitutes acceptance of the updated policy.

13. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at support@orbitsdev.com.