Privacy Policy

Last updated: March 25, 2026

1. Introduction

Konfigr ("we," "our," or "us") is a Shopify app that transforms parts diagrams into interactive shopping experiences. This Privacy Policy explains how we collect, use, disclose, and safeguard information when merchants install and use the App, and when customers interact with konfig viewers on merchant storefronts.

Merchants: This policy applies to your use of the App and the data generated through it.

Customers: The App does not collect personal information from storefront customers. Product data displayed in the konfig viewer (prices, stock, SKUs) is read directly from Shopify at render time. If you have questions about a merchant's data practices, please contact the merchant directly.

2. Information We Collect

Merchant Information

When you install the App, we collect:

  • Shopify store details: shop name, domain, and contact information provided through Shopify's OAuth process.
  • Session data: authentication tokens required to maintain your logged-in session within the App.
  • Support messages: any information you submit through the in-app contact form.

Konfig Data

When you create and manage konfigs, the following data is generated:

  • Diagram images: uploaded to Shopify's Files API and hosted on Shopify's CDN.
  • Hotspot positions: coordinate data stored as percentages.
  • Product links: references to existing Shopify products and variants.
  • Display settings: per-konfig options such as inventory visibility, zoom, and SKU display.

All konfig data is stored as JSON in Shopify product metafields (namespace: konfigr). There is no external database for konfig content — data lives entirely within your Shopify store and travels with the product.

Customer Information

The App does not collect personal information from storefront customers. The konfig viewer reads product data (prices, stock levels, SKUs, images) from the Shopify Storefront API at render time. This is publicly available Shopify product data, not personally identifiable information.

Automatically Collected Information

We collect standard server logs (IP address, browser type, request timestamps) for security and performance monitoring. The storefront viewer uses client-side JavaScript to detect the active Shopify theme for cart integration compatibility — this does not transmit data to our servers.

3. How We Use Your Information

  • Provide the App: Authenticate your session, render the konfig editor, manage konfig data, and deliver the storefront viewer.
  • Billing: Process subscription charges through Shopify's native billing system. We do not handle payment details directly.
  • Support: Respond to messages submitted through the contact form.
  • Notifications: Send install and uninstall event notifications to our internal team for operational awareness.
  • Improvements: Analyse usage patterns to improve App performance and features.

4. Data Storage & Third-Party Services

We use the following services to operate the App:

  • Shopify: Konfig data (product metafields), diagram images (Files CDN), live product data (Storefront API), and billing (App Subscriptions).
  • Fly.io: Application hosting.
  • Neon (PostgreSQL): Session storage only. No konfig content or customer data is stored here.
  • Slack: Internal notifications for install/uninstall events (shop name only).
  • Nodemailer: Delivery of support contact form submissions to our support email.

We do not sell, rent, or share personal information with third parties for marketing purposes.

5. Data Security

We implement appropriate security measures to protect your data. Konfig content is stored within Shopify's infrastructure and inherits Shopify's security protections. Session data is stored in an isolated database with encrypted connections. Access to administrative systems is restricted to authorised personnel. However, no method of transmission over the Internet is 100% secure.

6. Your Rights and Choices

  • Access & control: You can view, edit, and delete all konfig data directly through the App's admin interface.
  • Uninstallation: Uninstalling the App removes session data. Konfig metafield data remains on your Shopify products until you delete it, as it is stored within your store.
  • Data deletion: Contact us at any time to request deletion of any data we hold about your store.

7. International Data Transfers

Data may be processed in the United States or other countries where our service providers operate. We implement safeguards to ensure appropriate protection for cross-border transfers. Merchants are responsible for ensuring compliance with local privacy regulations, including GDPR if applicable.

8. Children's Privacy

The App is not intended for use by children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy periodically. Changes will be posted here with an updated date. Continued use of the App constitutes acceptance of any updates.

10. Contact Us

If you have questions about this Privacy Policy, please contact us.