Theme Stream Privacy Policy

1. Introduction

Theme Stream ("we", "our", or "the app") is a Shopify app that enables merchants to schedule and display promotional content on their online stores. This privacy policy explains how we collect, use, store, and protect information when you use our app. We are committed to transparency and compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA).

2. Information We Collect

2.1 From Merchants (App Users)

• Shop and account data: Shop domain, OAuth session tokens, and Shopify user details (name, email) provided by Shopify during installation.
• App usage data: Content you create (scheduled banners, positions, block configurations), uploaded images and videos, and preferences you set within the app.
• Technical logs: Server logs for debugging and security (e.g., request timestamps, error logs). We do not log merchant storefront visitor behavior.

2.2 From Store Visitors (Your Customers)

Theme Stream does not collect personal data from your store visitors. The theme block renders scheduled content on your storefront. We do not drop cookies, use tracking technologies, or log how customers navigate your store. Content is served from Shopify's infrastructure; we do not receive or process visitor IP addresses, device identifiers, or browsing behavior.

2.3 Data via Shopify APIs

We access content (metaobjects, files), theme configuration, and shop settings through Shopify's APIs solely to provide app functionality. We do not access customer, order, or checkout data.

3. How We Use Information

We use the information we collect only to operate the app: storing your scheduled content, syncing positions and metaobjects, serving content to your storefront, and managing your subscription. We do not use your data for advertising, profiling, or purposes unrelated to the app.

4. Data Storage and Location

Data is stored in a PostgreSQL database hosted by our infrastructure provider (e.g., Railway). Servers may be located in the United States or other regions. If you are established in the European Economic Area (EEA) and have questions about data transfers, please contact us.

5. Data Retention

• Sessions: OAuth sessions are retained until you uninstall the app or they expire.
• App data: Scheduled content and positions are retained until you delete them or uninstall the app.
• After uninstall: We respond to Shopify's app/uninstalled and shop/redact webhooks. Session data is deleted promptly; shop-related data is purged within 48 hours of uninstall as required by Shopify.

6. Data Rights (GDPR, CPRA, and Similar Laws)

You may have rights to access, correct, delete, or restrict processing of your personal data. We respond to data subject requests via Shopify's mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact). Because we do not store customer or order data, customer data requests typically require no action from us. For merchant data requests, contact us at the email below.

7. Security

We use industry-standard security practices: encrypted connections (TLS), secure OAuth flows, and HMAC verification for webhooks. Access to data is restricted to what is necessary to operate the app.

8. Third Parties

We rely on Shopify for authentication and API access, and on our hosting provider for infrastructure. We do not sell or share your data with third parties for marketing or advertising.

9. Contact

For privacy questions, data requests, or support, contact us at themestreamapp@brandxcommerce.com or visit our Support page.

Theme Stream is built by Image Conscience (e-Com Experts). If your jurisdiction requires a physical address, please include it in your Partner Dashboard app listing or contact us for details.

10. Changes

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent version. Continued use of the app after changes constitutes acceptance.