Privacy Policy

Imazyn Ecommerce (“we”, “our”, or “us”) operates the Customiras Shopify app (“the App”). This Privacy Policy explains what information we collect, how we use it, and what rights you have in relation to it.

By installing or using the App, you agree to the practices described in this policy.

1. Information we collect

From merchants (Shopify store owners)

• Shop information — your Shopify domain, access token, and plan details, obtained during OAuth installation.
• Configuration data — option sets, option types, templates, and settings you create inside the App.
• Billing information — subscription status and trial dates, managed through Shopify Billing API. We never store payment card details.
• Usage analytics — aggregate metrics (page views, option usage counts) to improve the App. No personally identifiable information is included.

From your customers (end-shoppers)

• Customisation inputs — text, uploaded images, and option selections entered when personalising a product. These are stored temporarily to generate print files and attached to the Shopify order.
• Uploaded files — photos uploaded by shoppers for custom products. Files are stored securely and deleted after the associated order is fulfilled (default: 90 days).

We do not collect shopper names, email addresses, or payment information independently. That data remains in Shopify's systems.

2. How we use your information

• To provide, maintain, and improve the App.
• To process customisation orders and generate print-ready files.
• To communicate with you about your account, billing, or support requests.
• To detect and prevent fraud, abuse, or violations of our Terms of Service.
• To comply with legal obligations.

We do not sell your data or your customers' data to third parties.

3. Third-party services

The App integrates with the following third-party services to deliver its features. Each has its own privacy policy.

• Shopify — store authentication and billing (shopify.com/legal/privacy).
• OpenAI — AI image generation features; images are processed and not stored by us beyond the request (openai.com/policies/privacy-policy).
• Replicate / remove.bg — background removal; images are sent for processing and deleted per their data retention policies.
• Resend — transactional emails (resend.com/legal/privacy-policy).
• Print fulfillment providers (Printful, Printify, Gooten, Gelato, ShineOn) — order data is forwarded when you connect a provider. Their privacy policies apply.
• Cloudflare — CDN and tunnel infrastructure (cloudflare.com/privacypolicy).

4. Data retention

• Merchant data — retained while your account is active. Deleted within 30 days of app uninstallation upon request.
• Customer upload files — retained for 90 days after order fulfilment, then automatically purged.
• Analytics data — aggregate only; retained indefinitely but contains no PII.

5. Data security

We use industry-standard security measures including encrypted connections (TLS), environment-variable secrets management, and role-scoped database access. Shopify access tokens are stored encrypted at rest. No system is perfectly secure; we encourage you to use strong passwords and notify us immediately if you suspect unauthorised access.

6. Your rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (right to erasure).
• Object to or restrict certain types of processing.
• Data portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, contact us at customiser@imazyn.com. We will respond within 30 days.

7. Cookies

The App is embedded inside the Shopify Admin and does not set third-party tracking cookies on your storefront. Session cookies are used solely to maintain authenticated state within the App.

8. GDPR — European Union data subjects

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, this App complies with the General Data Protection Regulation (EU) 2016/679 (“GDPR”). As a Shopify merchant, you are the Data Controller for your customers’ personal data. Imazyn Ecommerce acts as a Data Processor on your behalf.

Under GDPR, EU data subjects have the following rights:

• Right of access (Article 15) — request a copy of personal data we hold about you.
• Right to rectification (Article 16) — request correction of inaccurate data.
• Right to erasure (Article 17) — request deletion of your data (“right to be forgotten”).
• Right to restriction (Article 18) — request that we restrict processing in certain circumstances.
• Right to data portability (Article 20) — receive your data in a structured, machine-readable format.
• Right to object (Article 21) — object to processing based on legitimate interests.

We respond to all data subject requests within 30 days. To exercise your rights, contact customiser@imazyn.com.

Legal basis for processing: We process merchant data on the basis of contract performance (providing the App service) and legitimate interest (security, fraud prevention). Customer personalisation data is processed on the basis of your customers’ consent via your storefront.

Data transfers: If data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as required by GDPR Chapter V.

Shopify’s GDPR compliance: As our primary sub-processor, Shopify maintains GDPR-compliant data handling practices. See Shopify’s Privacy Policy for details.

9. Children's privacy

The App is intended for use by merchants (businesses) and is not directed at children under 13. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this page and, for material changes, notify active merchants by email.

11. Contact us

Questions or concerns about this Privacy Policy? Reach us at: