Privacy Policy

Last updated: April 2026

What Storeport Does

Storeport is a Shopify app that helps merchants manage metafield and metaobject schema definitions across multiple stores. It does not access, store, or process customer personal data — only schema structure (definition names, types, namespaces, and keys).

Information We Collect

Through Shopify APIs

• Store information: Shop domain (e.g., my-store.myshopify.com) and shop name — used to identify connected stores within your organization.
• Access tokens: OAuth access tokens provided by Shopify during installation — used to make API calls on your behalf. Tokens are encrypted at rest using AES-256-GCM encryption and are never logged or exposed.
• Metafield and metaobject definitions: Schema structures (names, types, namespaces, keys, validation rules) — used to build schema libraries and deploy definitions across stores.

Directly from Merchants

• Organization name: Optional label for grouping connected stores.
• Environment labels: Optional labels (development, staging, production) assigned to connected stores.

How We Use Information

• Authenticate your identity and authorize API access to your Shopify stores.
• Discover, compare, and deploy metafield and metaobject definitions across your connected stores.
• Display store information within the app interface to help you manage your organization.

Information We Do Not Collect

Storeport does not access or store: customer data, order data, product content, collection content, theme data, payment information, or any personally identifiable information (PII) about your customers.

Data Retention

• While installed: Store connection data and schema libraries are retained as long as your app installation is active.
• After uninstall: When you uninstall Storeport, your access token is invalidated immediately. Upon receiving Shopify's shop data erasure request, all store data, schema libraries, and deployment history associated with your store are permanently deleted within 30 days.

Data Storage and Security

• All data is stored in a PostgreSQL database hosted on secure cloud infrastructure.
• Access tokens are encrypted at rest using AES-256-GCM.
• All connections use HTTPS/TLS.
• Database queries are scoped to your organization — stores cannot see other organizations' data.

Third-Party Sharing

We do not sell, share, or transfer your data to third parties. Data is only transmitted to Shopify's APIs as necessary to provide the app's functionality.

Contact

For privacy questions or data requests, contact us at privacy@storeport.io.