Privacy Policy
Last updated: July 2026
Our Commitment to Your Privacy
Welcome to Shoptopus. When you install one of our applications or use any of the services we provide, you agree to the practices set out in this Privacy Policy. We encourage you to read it carefully so that you understand how we handle personal data.
Shoptopus is a Shopify app studio and ecommerce development agency. Our applications, including Invoice Generator and Bulk Image Upload, give merchants tools to streamline tasks inside their Shopify stores, such as generating and customizing documents like invoices, packing slips, and credit notes, and editing product catalog data in bulk. Any new features, tools, or applications we release will also be governed by this policy.
We may revise, update, or restate this policy and any related terms from time to time. We will make reasonable efforts to highlight significant changes, for example by posting a notice on our website or updating the date below. Your continued use of our applications or website after a change takes effect indicates that you accept the revised policy. If you do not agree with any part of this document, you should stop using our applications and services.
In this policy, "Shoptopus," "we," "us," and "our" refer to Shoptopus and its applications. "You," "your," "merchant," and "store owner" refer to the person or organization using our services. If you accept this policy on behalf of a company or other entity, you confirm that you have the authority to bind that entity to it.
Our Privacy Principles
We value the data entrusted to us and the trust that comes with it. Our aim is to give you a safe, secure, and private experience whenever you use our website or applications. The principles below guide everything we do with personal data.
Your information belongs to you
We collect only the data we genuinely need to deliver our services, and we avoid storing sensitive merchant data on our own servers wherever it is not required. Where it is practical to do so, we delete or anonymize information once it is no longer needed. We design and improve our products with privacy in mind, and our guiding principle is that your information belongs to you, we use it only to provide and improve the services you have asked for.
We protect your information from others
We are committed to safeguarding your personal information. If a third party asks us to disclose your data, we will decline unless you have given us permission or we are legally required to comply. Where the law obliges us to share your data, we will notify you in advance whenever we are permitted to do so.
We build privacy-friendly products
We recognize that privacy matters to merchants and to their customers. We design our applications so they can be used in a privacy-respecting way, and we provide guidance on configuring our tools so that personal information is not exposed unintentionally. By using our applications and services, you consent to the practices described here; if you are not comfortable with any part of this policy, please discontinue use.
Information We Collect
We process personal data only when you use our services, and we do so in accordance with applicable law and this Privacy Policy. Depending on which application you use and how you interact with us, we may collect the categories of information described below.
Information collected through Shopify's APIs
When you install one of our applications, Shopify asks you to grant the app permission to access certain data in your store. With your authorization, and using Shopify's official APIs, we may access store and account details (such as your store name, store URL, contact email, and plan), product and inventory data, and order data needed for the app to function. For example, our document and invoicing tools require access to order and customer details so that documents can be generated, while our bulk-editing tools require access to product, variant, and inventory data. We request only the access scopes our applications need to operate.
Information you provide to us as a merchant
During installation, setup, and ongoing use, we may collect information that identifies you, such as your name, email address, phone number, and Shopify store URL. We also collect any information you choose to share when you contact our support team, leave feedback, or request assistance.
Information about your customers
Some features require us to process personal data relating to your store's customers, for example, a customer's name, billing or shipping address, and order details that appear on an invoice or other document. We process this data solely to provide the requested functionality to you, the merchant, and we act on your behalf as your data processor for this information.
Information collected automatically
Our servers automatically record certain technical and usage information for statistical and operational purposes, such as the date and time of access, IP address, device and browser type, and how our applications and services are used. Much of this information is anonymous and does not identify you personally; we use it to monitor performance and to improve the quality, reliability, and functionality of our services.
How We Use Information
We use the information we collect to operate and provide our applications, to deliver the specific features you request, to maintain and improve our services, to respond to support requests, to communicate important service updates, to protect against fraud and abuse, and to comply with our legal obligations. We do not sell your personal information.
How We Share Information
In limited circumstances we may share personal information with third parties. We do so only with your consent or where the law requires it, and in the following situations:
- Service providers. We rely on trusted vendors to support our day-to-day operations, for example, hosting and cloud infrastructure, email delivery, and customer communication tools. These providers may process data only on our instructions and may not sell it or use it for their own purposes.
- Professional advisors. Where necessary, we may share information with advisors such as lawyers or accountants who assist us, and we will protect your data as required by law.
- Business transfers. If Shoptopus is involved in a merger, acquisition, reorganization, financing, sale of assets, or a transition of service to another provider, personal information may be transferred to a successor or affiliate as part of that transaction.
- Legal requirements. We may disclose personal information when compelled by a court order, law, or regulation, or where disclosure is necessary to protect our rights, our users, or the public.
You may ask us to stop sharing your personal information with third parties, subject to the rights granted to you under the GDPR and other applicable laws. Please contact us at support@shoptopus.info if you wish to make such a request.
Data Retention
We keep personal data only for as long as it is needed to fulfill the purposes for which it was collected and to meet our legal, regulatory, accounting, or reporting obligations. The main retention principles we follow are:
- We retain personal data only for as long as necessary to provide our services and to satisfy the purposes described in this policy. Some information may be kept for longer where required to comply with legal, administrative, or accounting requirements.
- When you uninstall one of our applications, we treat that as a signal to stop processing your store's data and to remove or anonymize associated personal data within a reasonable period, except where we are required to retain it by law.
- When we no longer have a lawful basis or business need to keep personal data, we take reasonable steps to delete or anonymize it.
If you have shared information directly with a third party, retention of that information will be governed by that third party's own policies.
Data Deletion and Mandatory Shopify Requests
As a Shopify app developer, Shoptopus supports the data-subject and data-erasure requests that Shopify requires of its app partners. We respond to Shopify's mandatory compliance webhooks as follows:
- Customer data request (customers/data_request), when a merchant's customer asks, through the merchant, to see the data we hold about them, we provide the relevant personal data we have stored so the merchant can fulfill the request.
- Customer redact (customers/redact), when Shopify notifies us that a customer's data should be erased, we delete or anonymize the personal data we hold about that customer, unless we are legally required to retain it.
- Shop redact (shop/redact), when a merchant uninstalls an application and the redaction period elapses, Shopify notifies us to erase the store's data, and we delete or anonymize the personal data associated with that store.
If you would like to make a data access, correction, or deletion request directly, you can also contact us at support@shoptopus.info.
International Data Transfers
Shoptopus serves merchants around the world, which means your information may be processed and stored in countries other than the one in which you reside, including countries that may have different data-protection rules than your own. Where personal data is transferred internationally, including from the European Economic Area, the United Kingdom, or Switzerland, we take appropriate steps to ensure it remains protected, relying on recognized safeguards such as the European Commission's Standard Contractual Clauses where applicable.
Cookies and Similar Technologies
Like most online services, Shoptopus uses cookies and similar technologies on our website. Cookies store information such as your preferences and the pages you visit, which helps us tailor and improve your experience.
Types of cookies we use
- Strictly necessary cookies. These are essential to operating our website and applications, for example, keeping the service secure and remembering your cookie preferences. They are always active.
- Functionality cookies. These help us tailor the site to your preferences, such as displaying content in your chosen language.
- Analytics cookies. These help us understand how visitors interact with our site so we can improve it, including through tools such as Google Analytics.
If you block cookies, we may be unable to save your preferences or recognize you while you use our applications.
Managing cookies
- You can opt out of advertising cookies through industry platforms such as the Digital Advertising Alliance and Your Online Choices, and you can opt out of Google Analytics using Google's browser add-on.
- Many browsers offer a "Do Not Track" (DNT) setting. Because websites are not required to honor DNT signals, this preference may not always be respected. DNT is available in browsers such as Microsoft Edge, Mozilla Firefox, Google Chrome, and Opera.
To learn more about private browsing, visit the support pages for your browser.
Analytics
We may use third-party analytics services, such as Google Analytics, to understand how our applications and services are used. To learn more about Google's privacy practices, please review the Google Privacy & Terms page.
Children's Privacy
We take the protection of children's privacy seriously. Our services and applications are not directed to children under 13 years of age, and we comply with the Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.
Security
We have implemented technical, organizational, and physical safeguards designed to protect personal information. No method of transmission or storage is completely secure, however, and you acknowledge that your use of our applications is at your own risk. If you have questions or concerns about this policy or how we handle your personal information, please contact us at support@shoptopus.info.
Your Rights Under the GDPR
If you are located in the European Union or another region with comparable data-protection laws, you have certain rights regarding your personal data. To exercise any of these rights, email us at support@shoptopus.info; we may need additional information to verify your identity and respond appropriately. Your rights include:
- Withdraw consent. You may withdraw your consent at any time. This stops future processing based on that consent but does not affect processing carried out before the withdrawal.
- Access. You may ask whether we are processing your personal data and, if so, request details such as the purposes of processing, the categories of data involved, who it may be shared with, and how long it will be kept.
- Rectification. You may ask us to correct inaccurate or incomplete information about you, and we will do so without undue delay.
- Erasure. You may ask us to delete your data. We will erase it promptly unless we are legally required to retain it, in which case we will let you know.
- Restriction. You may ask us to restrict our processing of your data, in which case we will not process or share it except where we have compelling legitimate grounds or your permission.
- Objection. You may object to our processing of your personal data at any time.
Data Access Notice
If you are a resident of the European Union or the United States and have questions about the accuracy of the information we hold about you, please contact us so we can verify and update it. Unless we are permitted or required by law to decline, we will be glad to help. You can reach us at support@shoptopus.info.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will post a notice on our site and update the "Last updated" date at the top of this page.
Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us at support@shoptopus.info or visit www.shoptopus.info.