Privacy Policy

This Privacy Policy describes how Stefano Giordano ("we", "us", "our"), the operator of the Tailor Shopify app ("Tailor", the "App"), collects, uses, and discloses information when you install and use Tailor on your Shopify store.

By installing Tailor, you acknowledge that you have read and agree to this Privacy Policy.

1. Information we collect

1.1 From Shopify merchants (you, the store owner)

When you install Tailor, we collect:

• Shop domain (e.g. your-store.myshopify.com)
• Shop ID assigned by Shopify
• Access token (OAuth, used to interact with Shopify Admin API on your behalf)
• App configuration data you create inside Tailor: option groups, fields, values, price lists, customer tag rules, volume discount brackets, product/collection assignments
• Subscription status and plan managed via Shopify Billing API

1.2 From your customers (storefront)

When a customer interacts with the configurator block on your storefront:

• Customer ID (passed by Shopify only when the customer is logged in, used in real time to determine which price list applies — not persisted)
• Customer tags (passed by Shopify only when the customer is logged in, used in real time to match price-list rules — not persisted)
• Configuration selections (e.g. selected color, size, custom inputs) when the customer adds the configured product to cart. This data is stored as a "phantom variant" record in our database for inventory/order tracking and is automatically deleted within 30 days unless claimed by an order.

We do not collect from customers: names, email addresses, billing/shipping addresses, payment information, IP addresses, device fingerprints, behavioural analytics, or set our own cookies.

1.3 Operational data

For service reliability we log API request paths, response codes, timestamps, error stack traces, and phantom variant cleanup events. These logs do not contain personal data and are retained for up to 30 days.

2. How we use the information

We use the data described above only to:

• Provide the configurator functionality (option groups, pricing engine, multi-tier price lists, volume discounts, collection-based assignment)
• Apply correct pricing to the correct customer based on Shopify customer tags
• Create and manage temporary product variants ("phantom variants") on your store via the Shopify Admin API, with the price configured by your customer
• Bill you according to your selected plan via Shopify Billing API
• Maintain, secure, and improve the App
• Comply with legal obligations

We do not sell, rent, or share your data with third parties for marketing. We do not train AI models on your data. We do not profile your customers.

3. Where data is stored

• Application backend: hosted on Fly.io (EU Frankfurt region)
• Database: Neon Postgres (EU Frankfurt region)

All data transit uses HTTPS/TLS 1.2+. Data at rest is encrypted by our hosting providers.

4. International data transfers

The App is operated from the European Union and data is stored within the EU by default. If you are located outside the EU, your data may be transferred to and processed in the EU; equivalent contractual safeguards (Standard Contractual Clauses where applicable) apply.

5. Data retention

• App configuration data: retained for the duration of your subscription, plus 30 days after uninstall
• Phantom variants: retained 24 hours if unclaimed by an order; permanently retained if claimed (linked to an order)
• Operational logs: retained 30 days
• Audit logs (GDPR compliance events): retained 12 months

6. Your rights (GDPR, CCPA, and similar)

You and your customers have the right to: access, correct, delete, restrict processing, data portability, and object to processing on legitimate-interest basis. You may also lodge a complaint with a data protection authority.

When you uninstall Tailor, we automatically receive Shopify GDPR webhooks (customers/data_request, customers/redact, shop/redact) and we honor them within the timeframes mandated by Shopify and applicable law.

To exercise any of these rights manually, contact us at the email in section 11.

7. Security

We implement commercially reasonable safeguards: HTTPS/TLS 1.2+ in transit, encrypted storage at rest, server-side price calculation (price tampering via browser tools is not possible), authenticated API endpoints (OAuth 2.0 + Shopify session tokens), automated cleanup of unused phantom variants, minimum-scope OAuth permissions.

No system is 100% secure. In the event of a data breach affecting personal data, we will notify Shopify and affected merchants in line with applicable law (within 72 hours where GDPR applies).

8. Children's privacy

Tailor is not intended for use by children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us and we will delete it.

9. Cookies

Tailor does not set its own cookies. The App is rendered inside Shopify's embedded admin which uses Shopify session tokens (not cookies). On the storefront, the configurator block does not set cookies.

10. Changes to this policy

We may update this Privacy Policy. The "Effective date" at the top reflects the latest revision. Significant changes will be communicated via the App admin or by email to the merchant of record.

11. Contact

For privacy questions, data subject requests, or complaints, contact:

Stefano Giordano
Italy
Email: app.configurator.mvp@gmail.com

If you are not satisfied with our response, you may also contact your local data protection authority. In the EU/EEA, you can find your authority at edpb.europa.eu.