Customer Account Forms

Privacy Policy

Last updated: June 24, 2026

This Privacy Policy describes how Customer Account Forms ("we", "us", or "our") collects, uses, and protects information when merchants install and use our application and when their customers interact with forms powered by the app.

1. Who we are

Customer Account Forms is a merchant-facing application that helps store owners build forms for customer account and order pages. Contact us at dmakvana33@gmail.com for privacy-related requests.

2. Information we process

Depending on how the app is used, we may process the following categories of data:

3. Where data is stored

Customer form submissions and form definitions are stored inside the merchant's own store using metaobjects and metafields. We do not copy submission content to a separate merchant data warehouse.

OAuth session data needed for admin authentication may be stored on our application servers (hosted on Fly.io) in an encrypted session store. This is limited to data required to keep the merchant logged in to the app.

4. How we use information

5. Legal bases (EEA/UK merchants)

Where applicable, we process data to perform our contract with the merchant, to comply with legal obligations, and based on our legitimate interests in operating a secure and reliable app. Merchants are responsible for establishing a lawful basis for collecting customer form data from their buyers.

6. Data sharing

We do not sell personal information. We may share limited data with:

7. GDPR and data subject requests

We subscribe to mandatory compliance webhooks, including customer data requests, customer redaction, and shop redaction. When a customer data request is received, we compile matching form submissions and store an export in the merchant's shop metafields so the merchant can fulfill the request. Customer redaction requests delete matching submission metaobjects from the merchant's store.

8. Data retention

Submission data remains in the merchant's store until the merchant or an approved redaction process deletes it. OAuth sessions are removed when the app is uninstalled or sessions expire. Server logs are retained for a limited period for security and troubleshooting.

9. Security

We use HTTPS, access controls, and platform-provided authentication mechanisms to protect data in transit and at rest. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Merchant responsibilities

Merchants are the data controllers for customer information they collect through forms. Merchants must provide their own storefront privacy notices, obtain any required consents, and respond to customer inquiries about data collected through their forms.

11. Children

The app is intended for merchants and is not directed to children. Merchants should not use the app to knowingly collect information from children without appropriate consent and safeguards.

12. International transfers

If you access the app from outside the country where our servers are located, your information may be transferred internationally. We take steps designed to protect data in line with this policy.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the latest version. Continued use of the app after changes become effective constitutes acceptance of the revised policy.

14. Contact

Questions about this Privacy Policy or our data practices: dmakvana33@gmail.com.