This Privacy Policy describes how Customer Account Forms ("we", "us", or "our") collects, uses, and protects information when merchants install and use our application and when their customers interact with forms powered by the app.
1. Who we are
Customer Account Forms is a merchant-facing application that helps store owners build forms for customer account and order pages. Contact us at dmakvana33@gmail.com for privacy-related requests.
2. Information we process
Depending on how the app is used, we may process the following categories of data:
- Merchant account data — store domain, staff user information provided during OAuth authorization, and API access tokens required to operate the embedded admin app.
- Form configuration data — form titles, field definitions, appearance settings, and related configuration stored as metaobjects and metafields in the merchant's store.
- Customer submission data — responses customers submit through forms, including text fields, selections, file uploads, customer identifiers, and optional order references. This data is stored as metaobjects in the merchant's store.
- Technical logs — standard server logs such as request timestamps, IP addresses, and error messages needed to secure and operate the service.
3. Where data is stored
Customer form submissions and form definitions are stored inside the merchant's own store using metaobjects and metafields. We do not copy submission content to a separate merchant data warehouse.
OAuth session data needed for admin authentication may be stored on our application servers (hosted on Fly.io) in an encrypted session store. This is limited to data required to keep the merchant logged in to the app.
4. How we use information
- Provide, maintain, and improve the app
- Authenticate merchants and process subscriptions
- Display and manage form submissions for merchants
- Respond to GDPR and compliance webhooks mandated by the platform
- Send optional email notifications when configured by the merchant
- Monitor security, prevent abuse, and troubleshoot errors
5. Legal bases (EEA/UK merchants)
Where applicable, we process data to perform our contract with the merchant, to comply with legal obligations, and based on our legitimate interests in operating a secure and reliable app. Merchants are responsible for establishing a lawful basis for collecting customer form data from their buyers.
6. Data sharing
We do not sell personal information. We may share limited data with:
- Infrastructure providers — hosting and database services used to run the app (for example Fly.io).
- Email providers — only when a merchant enables email notifications and an email delivery service is configured.
- Legal authorities — when required by law or to protect rights and safety.
7. GDPR and data subject requests
We subscribe to mandatory compliance webhooks, including customer data requests, customer redaction, and shop redaction. When a customer data request is received, we compile matching form submissions and store an export in the merchant's shop metafields so the merchant can fulfill the request. Customer redaction requests delete matching submission metaobjects from the merchant's store.
8. Data retention
Submission data remains in the merchant's store until the merchant or an approved redaction process deletes it. OAuth sessions are removed when the app is uninstalled or sessions expire. Server logs are retained for a limited period for security and troubleshooting.
9. Security
We use HTTPS, access controls, and platform-provided authentication mechanisms to protect data in transit and at rest. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Merchant responsibilities
Merchants are the data controllers for customer information they collect through forms. Merchants must provide their own storefront privacy notices, obtain any required consents, and respond to customer inquiries about data collected through their forms.
11. Children
The app is intended for merchants and is not directed to children. Merchants should not use the app to knowingly collect information from children without appropriate consent and safeguards.
12. International transfers
If you access the app from outside the country where our servers are located, your information may be transferred internationally. We take steps designed to protect data in line with this policy.
13. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect the latest version. Continued use of the app after changes become effective constitutes acceptance of the revised policy.
14. Contact
Questions about this Privacy Policy or our data practices: dmakvana33@gmail.com.