1. Who this policy applies to

• Merchants who install the App on their Shopify store.
• Users who access the App through the Shopify Admin on behalf of a merchant.
• In limited cases, information that merchants include about their own customers or orders inside exports/imports (see Customer / buyer personal data). The merchant remains responsible for their own compliance toward their buyers.

2. Shopify's role

The App runs inside Shopify Admin and uses Shopify's platform and APIs.

• Shopify processes merchant and buyer data under Shopify's own terms and policies. You should read: Shopify Privacy Policy and Shopify Terms of Service.
• When we access your store through Shopify, we only receive data that you authorize through the permissions (scopes) you approve at install or when scopes are updated.
• We do not control Shopify's infrastructure. Questions about Shopify account data should be directed to Shopify.

3. Information we collect or process

3.1 Shopify session and store identity

We use Shopify's authentication and session mechanisms for embedded apps. Our servers may store session records needed to operate the App (for example shop identifier, access tokens, token expiry, and related OAuth/session fields as required by the Shopify app stack).

3.2 Staff / user identifiers from Shopify

Where Shopify's session includes them, we may process limited staff profile fields (such as name or email) associated with the use of the App. We use this only to operate support features, audit internal actions, or comply with law.

3.3 Migration job metadata and reports

When you run exports or imports, we create records that typically include: shop identifier, job type (export/import), status, timestamps, selected resources, progress totals, structured job reports, and error messages. These records are used to show history, progress, downloads, and troubleshooting.

3.4 Backup schedules

If you configure scheduled backups, we store schedule settings needed to run those jobs (for example frequency, time preferences, and related flags).

3.5 Support and contact messages

If you submit a contact or support enquiry through the App, we process the content of your message and contact details you provide so we can respond.

3.6 Optional internal support tools

If your account is part of our internal support configuration, we may process additional operational data strictly to provide support for stores that have installed the App. Merchants who are not part of that configuration are not affected.

3.7 Technical and security logs

Like most hosted software, our servers may generate standard technical logs (such as IP address, timestamps, request paths, and error diagnostics) for security, reliability, and abuse prevention.

3.8 Exported and imported store content (merchant-controlled)

The App's purpose is to export and import merchant store data. That data can include commercial information the merchant already holds in Shopify (for example products, customers, orders, content, discounts, and similar resources depending on what you choose to include). Merchants decide what to export and where to import.

• Archives (for example ZIP files) may be stored or transmitted using the merchant-facing download and upload flows shown in the App.
• Merchants are responsible for the legality and appropriateness of the data they export, copy, store, or import, including rights and consents.

4. Customer / buyer personal data inside store exports

If a merchant exports or imports resources that contain personal data relating to the merchant's customers (for example customer records or order data), we process that data solely on behalf of the merchant as a service provider / processor-like role to provide the App's functionality.

The merchant is typically the controller of their buyers' data and must ensure their own privacy notices, lawful bases, and retention practices are correct.

5. How we use information

We use information to:

• provide, operate, maintain, and secure the App;
• run export/import jobs and show results;
• store backups and schedules as configured by the merchant;
• communicate with merchants about support requests;
• comply with law, lawful requests, and Shopify requirements;
• detect, prevent, and address technical issues and misuse.

We do not sell your personal information as a product.

6. Legal bases (EEA / UK / Switzerland and similar regions)

Depending on context, we rely on one or more of the following bases:

• performance of a contract (providing the App you requested);
• legitimate interests (security, reliability, product improvement, fraud prevention), balanced against your rights;
• consent where required (for example where we ask optional consent in-product);
• legal obligation where applicable.

7. Sharing of information

We share information only as needed to run the App:

7.1 Shopify

We interact with Shopify APIs under the authorization you grant.

7.2 Infrastructure and service providers

We use reputable hosting, database, storage, email, logging, or related providers to operate the App. They are permitted to process data only under appropriate confidentiality and security obligations.

7.3 Legal and safety

We may disclose information if we reasonably believe it is required by law, regulation, legal process, or governmental request, or to protect the rights, safety, and security of merchants, buyers, us, or Shopify's platform.

7.4 Business transfers

If we are involved in a merger, acquisition, or asset sale, information may be transferred as part of that transaction. We will require the successor to honor material commitments consistent with this policy or notify you as required.

8. International transfers

We may process and store data in countries other than your own. Where required by applicable law, we use appropriate safeguards for cross-border transfers (such as contractual clauses approved by regulators).

9. Retention

We retain information only as long as needed for the purposes described in this policy, unless a longer period is required by law.

• Session data is kept while the App is installed and as needed after removal to meet legal or security obligations.
• Migration job records may be retained to provide history, downloads, and support unless and until deleted by automated retention rules or merchant actions where the App offers deletion.
• Technical logs are typically retained for a limited rolling period.

Exact retention can depend on configuration, backups of our databases, and legal holds.

10. Security

We implement reasonable administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is 100% secure; we encourage merchants to protect Admin access and downloaded archives.

11. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and to lodge a complaint with a supervisory authority.

Requests: contact us using the details in Contact. We may need to verify your identity and confirm you have authority for the relevant Shopify store.

Merchants can uninstall the App through Shopify Admin. Uninstalling may not automatically erase all historical server records immediately; see Retention.

12. Cookies and similar technologies

The App is embedded in Shopify Admin. Shopify may set cookies or use storage mechanisms according to Shopify's own policies. We design the App to rely on Shopify's embedded app session patterns rather than unnecessary third-party tracking cookies.

13. Children

The App is not directed to children. We do not knowingly collect personal information from children. If you believe a child provided information to us, contact us and we will take appropriate steps.

14. Changes to this policy

We may update this policy from time to time. We will post the updated version and revise the "Last updated" date. If changes are material, we will provide additional notice as required by law or Shopify.

15. Limitation of liability

To the maximum extent permitted by applicable law, the App is provided "as is" and "as available". We are not liable for indirect, incidental, special, consequential, or punitive damages, or for any loss of profits, revenue, data, or goodwill, except where such exclusions are prohibited by law.

No privacy policy can guarantee that no one will ever bring a legal claim. However, nothing in this policy is intended to waive non-waivable statutory rights, including certain consumer rights that some jurisdictions do not allow you to contract away.

16. Contact

Stonebit InfoTech

Website: stonebitinfotech.com

Privacy inquiries: please use the contact option in the App (if available) or the contact channel published on our website. If you email us, include your store domain and a clear description of your request.