Privacy Policy

Last updated: March 2026

What data we collect

Auto Theme Sync accesses your Shopify store's theme data through the Shopify API using the read_themes and write_themes scopes. Specifically:

• Theme names and metadata (to display in the app)
• Theme file contents (to compute diffs and perform syncs)
• Shopify session data (for authentication)

What data we store

• Session data: Shopify OAuth tokens for authentication
• Sync history: Records of sync operations (source/target themes, file names, status)
• Sync profiles: Saved configurations (theme IDs, file patterns)
• Backups: Copies of target theme files before syncing (Pro plan only), automatically deleted based on retention settings
• App settings: Your preferences (exclude patterns, notification settings)

What we do NOT collect

• Customer personal data
• Order or payment information
• Product or inventory data
• Analytics or tracking data about your customers

Data retention

Sync history and backups are retained based on your settings (default: 30 days). When you uninstall the app, all stored data is permanently deleted.

Data sharing

We do not sell, share, or transfer your data to any third parties. Your theme data is only accessed to perform the sync operations you initiate.

GDPR compliance

We support Shopify's mandatory GDPR webhooks:

• Customer data request: We do not store customer data, so no data is returned.
• Customer data erasure: We do not store customer data, so no action is needed.
• Shop data erasure: All shop data (settings, profiles, history, backups) is permanently deleted.

Security

All communication with Shopify uses HTTPS. OAuth tokens are stored encrypted in our database. Access to theme data requires authenticated Shopify sessions.

Contact

For privacy questions or data requests, contact us at support@bobacu.io.