Privacy Policy — SwiftStore

01 Overview

SwiftStore ("we", "us", "our") is a Shopify application that helps merchants improve their store's PageSpeed scores. This Privacy Policy describes how we collect, use, store, and share information when you install and use SwiftStore through the Shopify App Store.

By installing SwiftStore, you agree to the terms of this Privacy Policy. If you do not agree, please do not install or use the app.

We are committed to handling your data responsibly and in compliance with applicable privacy laws including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Shopify's Partner requirements.

02 What we collect

We collect only the information necessary to provide the speed optimization service:

Data type	What specifically	Why we need it
Store information	Shop domain, Shopify plan, store currency, timezone	Identify your store and provide the service
Access token	Encrypted Shopify OAuth access token	Read and write theme assets on your behalf
Theme data	Theme Liquid file contents (layout, snippets, sections)	AI scan to detect speed issues
Script tags	URLs and metadata of installed app scripts	App performance audit
Speed scores	PageSpeed scores, Core Web Vitals metrics, timestamps	Dashboard, history chart, revenue impact
Contact information	Name and email (if you contact support)	Respond to support requests
Billing data	Plan tier, subscription status (via Shopify Billing API)	Feature access control

We do not collect: customer personal data, order details, payment card information, customer emails, browsing behaviour of your store visitors, or any data not listed above.

03 How we use your data

We use collected data exclusively to:

Provide and operate the SwiftStore speed optimization service
Run PageSpeed scans and display your score history
Perform the AI theme scan to detect and fix speed issues
Inject optimization snippets into your theme via the Shopify Assets API
Calculate the revenue impact of speed improvements
Generate automated weekly performance reports (Pro plan)
Send critical service notifications (downtime, breaking changes)
Respond to support enquiries
Comply with legal obligations

We do not use your data for advertising, profiling, or any purpose unrelated to the speed optimization service you signed up for.

04 Sharing your data

We do not sell, rent, or trade your data. We share data only with the following categories of service providers who help us operate the service, all bound by data processing agreements:

Service provider	Purpose	Data shared
Database hosting (Railway / Render)	Store app data	Encrypted store data, scores, optimizations
Google PageSpeed Insights API	Fetch Lighthouse scores	Your store URL only
AI analysis service	Theme code scanning	Theme Liquid snippets — no store identity sent
Cloudflare CDN	Serve optimized images	Asset URLs only
Email service	Send reports & support replies	Email address, report content
Error monitoring (Sentry)	Detect application errors	Anonymised error data only

We may also disclose data if required by law, court order, or regulatory authority, or to protect the rights, property, or safety of SwiftStore or its users.

05 Shopify data & permissions

SwiftStore requests the following Shopify API scopes. We request only what is strictly necessary:

Scope	Why we need it
`read_themes`	Scan theme files to identify speed issues
`write_themes`	Inject approved optimization snippets into theme
`read_script_tags`	Audit 3rd-party app scripts affecting performance
`write_script_tags`	Defer non-critical app scripts for speed improvement
`read_orders`	Calculate revenue impact estimates (aggregate only)
`read_analytics`	Supplement speed data with traffic context

Your access token is encrypted at rest using AES-256 encryption and is never exposed in logs or error reports.

06 Data retention

We retain data only as long as necessary to provide the service:

Active subscription: All data retained for the duration of your subscription
After uninstalling the app: Store data and access tokens are deleted within 48 hours. Speed score history is anonymised and retained for aggregate analytics for up to 90 days, then permanently deleted
On request: Full data deletion within 30 days of a written request to task@thriftizer.in
Support tickets: Retained for 2 years then deleted, unless legal requirements demand otherwise

When you uninstall SwiftStore from the Shopify App Store, we receive a webhook notification and automatically begin the deletion process for your store's data.

07 Security

We implement industry-standard technical and organisational measures to protect your data:

All data in transit encrypted with TLS 1.2 or higher
Access tokens encrypted at rest using AES-256
Database access restricted to application servers with IP allowlisting
No production data access by individual employees without audit logging
Regular security reviews and dependency updates
Shopify OAuth used for all authentication — we never handle your Shopify password

In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

08 Your rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request permanent deletion of your data ("right to be forgotten")
Portability: Request your data in a machine-readable format
Objection: Object to certain types of processing
Restriction: Request that we restrict processing of your data
Withdrawal: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at task@thriftizer.in. We will respond within 30 days. We may need to verify your identity before acting on a request.

If you are based in the EU/EEA and believe we have violated your rights, you have the right to lodge a complaint with your local data protection authority.

09 Cookies & tracking

SwiftStore uses a minimal set of cookies necessary to operate the application:

Cookie	Purpose	Duration
`swiftstore_session`	Maintain your Shopify admin session	Session
`swiftstore_shop`	Remember which store is active	30 days

We do not use advertising cookies, cross-site tracking cookies, or any analytics cookies that track individual behaviour across the web. Our website uses basic server-side analytics (page views and referrers only) with no third-party tracking scripts.

10 Children's privacy

SwiftStore is a business tool intended for use by adults operating Shopify stores. We do not knowingly collect personal information from anyone under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately at task@thriftizer.in and we will delete it promptly.

11 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

Update the "Last updated" date at the top of this page
Display a notice inside the SwiftStore app dashboard for at least 14 days
Send an email notification to the registered store contact for significant changes

Continued use of SwiftStore after a policy change constitutes acceptance of the revised policy. If you do not agree with changes, you may uninstall the app at any time.

12 Contact & data controller

SwiftStore is the data controller for personal data collected through this application. For any privacy-related questions, requests, or complaints:

✉

Privacy requests

Email: task@thriftizer.in
Response time: within 30 days
For urgent data deletion requests, include "URGENT DELETE" in the subject line.

🏢

General contact

Website: swiftstore.app
Support: task@thriftizer.in
Contact form →