Privacy Policy

Last updated: December 19, 2025

This Privacy Policy describes how Price Hider ("we", "us", or "our") collects, uses, and shares information when you install and use our Shopify application.

1. Information We Collect

To provide our services, we collect and process the following types of information:

1.1 Shop & Merchant Information

When you install Price Hider, we collect:

  • Shop domain and name
  • Shop owner email address
  • Shopify Shop ID
  • Technical Logs: We collect server logs for security and debugging purposes, which may include your IP address and User Agent string.

1.2 Customer Data for Visibility Logic

Our app controls price visibility based on visitor criteria. To function, the app reads (but does not permanently store) the following data from visitors on your storefront:

  • Customer authentication status (logged in vs. guest)

1.3 App Settings

We store your app configuration in Shopify metafields associated with your shop, including:

  • Rules for which products or collections have hidden prices
  • Email notification preferences
  • Custom text and styling settings

1.4 Session Data

We store minimal session data required to authenticate your access to the app settings:

  • Shop domain
  • Access tokens (encrypted)

1.5 Quote Request Data

When a customer submits a quote request through your store, we process:

  • Customer email address
  • Customer message
  • Product/variant information

Important: We process this data transiently to generate the request. The actual data is stored as a Draft Order in YOUR Shopify admin. We do not persist customer quote data in our own database.

2. How We Use Information

We use the collected information solely to:

  • Service Provision: Determine which customers should see prices and which should see the "Request Quote" button.
  • Functionality: Create Draft Orders in your Shopify admin when customers request quotes.
  • Communication: Send email notifications to you or the customer (if enabled).
  • Security: Authenticate your store and prevent unauthorized access.
  • Improvement: Debug technical issues using server logs.

We do NOT:

  • Sell your data to third parties.
  • Use your data for advertising purposes.
  • Share customer data with anyone except as necessary to provide the service (e.g., email delivery).

3. Data Storage and Security

3.1 Where Data is Stored

  • App Settings: Stored in Shopify metafields (within your Shopify account).
  • Session Data & Logs: Stored in our secure database hosted on Fly.io.
  • Draft Orders: Stored directly in your Shopify admin.
  • Transient Data: Customer quote details are processed in memory during the request and are not written to our database disk.

3.2 International Data Transfer

Your information, including shop data and session logs, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ (e.g., servers hosted in the United States). By using our App, you consent to this transfer.

3.3 Data Retention

  • Session Data: Deleted when you uninstall the app.
  • Server Logs: Retained for 30 days for debugging, then deleted.
  • App Settings: Deleted by Shopify upon uninstallation.

4. Cookies

We use essential session cookies within the Shopify Admin interface (_shopify_app_session) to authenticate your session and ensure the security of the application. These cookies are strictly necessary for the app to function.

5. Third-Party Services

We share data with the following third-party services solely to provide our app's functionality:

Service Purpose Data Shared
Shopify App platform & Data storage Shop data, Metafields, Draft Orders
Resend Email delivery Recipient email, email subject/body content
Fly.io App hosting & Database Session data, IP addresses, Server logs

Each service has its own privacy policy and data handling practices.

6. GDPR Compliance (European Users)

If you or your customers are in the European Economic Area (EEA), the following applies:

Role Definition

  • Data Controller: You (the Merchant) are the Controller of your customers' data.
  • Data Processor: We (Price Hider) act as the Processor, handling data on your behalf to provide the price hiding and quoting service.

Your Rights

You have the right to access, rectify, erase, and export your data.

GDPR Webhooks

We comply with Shopify's mandatory GDPR webhooks:

  • customers/data_request — We report what customer data we hold (none stored permanently).
  • customers/redact — We ensure no customer data remains in our logs.
  • shop/redact — We delete all shop data from our database within 48 hours of receiving this request.

To exercise your rights, contact us at support@hjelm.co.

7. CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the Right to Know, Right to Delete, and Right to Non-Discrimination.

We do not sell personal information.

To exercise your rights, please contact support@hjelm.co.

8. Data Deletion

When You Uninstall

Upon uninstallation:

  1. Session data is automatically removed from our database.
  2. App settings stored in Shopify metafields are removed by Shopify.
  3. Draft Orders created by the app remain in your Shopify admin (as they are your property).

Requesting Deletion

You may request manual deletion of your shop's data at any time by contacting support.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this policy. For significant changes, we may send a notification email or display a notice within the app.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: support@hjelm.co