← LocalesFit

Privacy Policy

Last updated: 2026-05-06

LocalesFit (the “app”, “we”, “us”) is a Shopify embedded application operated by Tradik. This policy describes what data the app collects, why we collect it, where it is stored, and how we respond to merchant and end-customer privacy requests.

1. What we collect

• Shopify session token + shop domain — issued by Shopify’s OAuth/Token Exchange flow. Required to authenticate admin requests on behalf of the merchant who installed the app.
• Per-shop typography settings — the list of enabled locales, auto-detect flag, and scope flags (apply on products / pages / blogs) that the merchant configures in the embedded admin.
• Subscription state — a cached copy of the merchant’s Shopify Managed Pricing plan (Free / Standard) for fast feature gating. The source of truth is Shopify.
• Operational logs — request timestamps, status codes, and shop domain for troubleshooting. Logs are rotated and retained for at most 30 days.

2. What we do NOT collect

• Customer personal data (names, emails, addresses, phone numbers, payment details).
• Order data, cart content, or checkout events. We read product / page / article bodies transiently for the optional language-detection feature; no copy is persisted.
• Storefront visitor analytics, IP addresses, cookies, fingerprints, or session recordings.
• Cross-site tracking identifiers — the storefront runtime does not load any third-party tags.

3. How we use it

Stored merchant settings are read at two points: (a) when the merchant opens the embedded admin (to render the current configuration); and (b) when the storefront theme block needs the active locale list (read from a Shopify shop metafield, no external call). Subscription state is updated via the app_subscriptions/update webhook from Shopify.

4. Where data lives

Settings are stored in a SQLite database on a single server in the European Union, accessed only via Cloudflare Tunnel (no public ingress). We do not use third-party analytics, advertising, or tracking platforms. We do not transfer merchant data outside the EU/EEA.

5. Sub-processors

• Shopify Inc. — for OAuth, Admin API, App Proxy, theme extension delivery, Managed Pricing.
• Cloudflare, Inc. — for the Tunnel transport that exposes the app to Shopify. Cloudflare does not have access to application data at rest.

6. GDPR mandatory webhooks

We implement the three Shopify-mandated compliance webhooks at the following routes:

• POST /webhooks/customers/data_request — we never store customer-identifiable data, so the response is an empty payload acknowledging the request.
• POST /webhooks/customers/redact — same as above; no data exists to redact.
• POST /webhooks/shop/redact — on shop uninstall plus the 48-hour Shopify grace period, every ShopSettings, Session, and Subscription row tied to the shop is permanently deleted.

7. Merchant data deletion

Uninstalling the app from a shop triggers immediate cleanup via the app/uninstalled webhook. Reinstalling the app starts with a clean slate. To request manual deletion at any time, email [email protected].

8. Cookies

The embedded admin uses Shopify’s App Bridge session cookies (managed by Shopify, not us). The storefront runtime sets one entry in sessionStorage (cleared when the tab closes) used to cache the per-shop config; nothing is written to document.cookie.

9. Security

All endpoints are HTTPS-only. Webhooks verify Shopify’s HMAC SHA-256 signature; mismatches return HTTP 401 and are logged. App Proxy requests, when used, are verified against the documented signature scheme. The embedded admin enforces session-token authentication on every request.

10. Changes to this policy

We will update the Last updated date and post material changes on this page. For questions or to exercise your rights, contact [email protected].