Privacy policy

This policy covers the AppFox app installed from the Shopify App Store, the customer-facing editing it provides on your store’s thank-you and order status pages, and this marketing website. It does not cover Shopify itself or other apps you install - those have their own policies.

When you install AppFox, we receive from Shopify:

• Your store name, store domain, and the email address on the store account.
• Your Shopify plan and store settings needed to configure the app.
• Your AppFox plan, billing status, and app configuration choices.

To power order editing, the app reads and updates order data through Shopify’s APIs. This includes order contents (products, variants, quantities, prices), shipping addresses, order status and fulfillment state, and the customer name and email attached to an order - used to send edit confirmations. We access only the data the app needs to function, under the API scopes you approve at install.

• To let customers view and edit their orders within the rules you set.
• To run your approval queue, notifications, and integrations you enable.
• To process payment differences and refunds through Shopify when an edit changes an order total.
• To show you analytics about edits and upsell revenue in your dashboard.
• To provide support and to operate, secure, and improve the service.

• We do not sell your data or your customers’ data. Ever.
• We do not show third-party ads on your storefront or in the edit flow.
• We do not market to your customers or use their data to train models.
• We do not access data beyond the Shopify API scopes you approve.

We share data only with the service providers required to run AppFox - cloud hosting and infrastructure providers, and email delivery for transactional messages like edit confirmations. If you connect an optional integration (for example a helpdesk or Slack), we share only what that integration needs and only after you enable it. We may also disclose data where the law requires it.

When you uninstall AppFox, Shopify notifies us and we delete your store’s data from our systems within 30 days, except where a short retention period is required by law or for billing records. We also honor Shopify’s mandatory data-erasure requests for individual customers - when a customer asks your store to delete their data, the corresponding records held by AppFox are deleted too.

Data is encrypted in transit and at rest. Customer editing happens on your store’s own thank-you and order status pages, scoped to that single order - no account credentials are exposed. Access to production data is restricted to the small set of people who operate the service.

The merchant dashboard uses session cookies required for sign-in inside the Shopify admin. The customer editing experience runs on your store’s checkout-hosted pages and does not set advertising or cross-site tracking cookies. This marketing site does not use third-party tracking cookies.

For your customers’ data, you are the data controller and AppFox acts as a processor - we act on your instructions, given through the app and through Shopify’s privacy webhooks. If you or your customers exercise rights under GDPR, CCPA, or similar laws (access, correction, deletion, portability), we will support the request. Start with Shopify’s built-in tools, or email us directly.

AppFox is a business tool for merchants and is not directed at children. We do not knowingly collect data from anyone under 16, beyond order records your store lawfully holds.

If we make material changes to this policy, we will update the date at the top and notify merchants in the app. Questions, concerns, or data requests: support@getappfox.com.