← Back to Home

Privacy Policy

Privacy Policy

Last Updated: November 9, 2025

Introduction

CustomEase ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application for product customization services.

Information We Collect

Information You Provide

  • Account Information: When you install our app, we collect your Shopify store domain and basic store information
  • Merchant Information: When you authenticate with our app, we collect your name (first name and last name) and email address to identify your account and provide customer support
  • Product Data: Product names, variants, and images you choose to make customizable
  • Design Templates: Templates and design areas you create for your products
  • Customer Customizations: Design data created by your customers when customizing products

Information Collected Automatically

  • Usage Data: How you interact with our application, including features used and settings configured
  • Session Information: Authentication tokens and session data required to maintain your connection with Shopify
  • Order Information: Order numbers, customer names, email addresses, phone numbers, and shipping addresses to link customizations to orders and fulfill print orders

Information from Third Parties

  • Shopify Platform: We receive information from Shopify including store details, product information, and order data as authorized by you through OAuth scopes: read_products, write_products, read_orders, read_customers
  • Merchant Account Information: When you authenticate with our app, Shopify provides us with your name and email address as part of the OAuth authentication process
  • Customer Information: When customers place orders for customized products, we collect customer names, email addresses, phone numbers, and shipping addresses from orders for print fulfillment and order processing

How We Use Your Information

We use the collected information to:

  • Provide and maintain our product customization service
  • Identify and authenticate your account using your name and email
  • Enable your customers to create and save custom designs
  • Generate print-ready files for your customized products
  • Sync customization data with your Shopify orders
  • Process and fulfill print orders: Use customer names, email addresses, phone numbers, and shipping addresses to process orders, coordinate printing, and manage delivery
  • Improve and optimize our application features
  • Provide customer support and respond to your inquiries
  • Send important service notifications and updates related to your account
  • Comply with legal obligations

We process only the minimum personal data required to provide value to merchants. We do not use customer data for marketing, advertising, or any purpose other than providing this app's functionality.

Data Storage and Security

Storage Location

All your data is stored on Amazon Web Services (AWS) cloud infrastructure, one of the world's most secure and reliable cloud platforms:

  • Enterprise-Grade Infrastructure: AWS provides industry-leading security, reliability, and performance with 99.99% uptime SLA
  • Data Encryption: All data is encrypted at rest using AES-256 encryption, managed by AWS's secure key management system
  • Geographic Redundancy: Data is stored across multiple availability zones for high availability and disaster recovery
  • Compliance: AWS infrastructure is certified with SOC 2, ISO 27001, GDPR, and other major security standards
  • Secure File Storage: Customer design files and product images are stored in AWS S3 with encryption at rest
  • Environment Separation: Test and production data are strictly separated in isolated environments to prevent data leakage

Security Measures

We implement industry-standard security measures including:

  • HTTPS/TLS 1.3 encryption for all data transmission
  • AES-256-GCM encryption for sensitive session data
  • Encrypted storage for customer design files (AES-256)
  • HMAC-SHA256 signature verification for all webhooks (with timing-attack resistance)
  • Strong password requirements and access controls for staff
  • Multi-tenant architecture with strict data isolation
  • Audit logging for all data processing activities (retained 3 years)
  • Automated backup and disaster recovery procedures
  • Regular security audits and vulnerability assessments

Data Sharing and Disclosure

We do NOT sell your personal information. We may share your information only in the following circumstances:

  • With Your Consent: When you explicitly authorize us to share specific information
  • Service Providers: With AWS (cloud hosting), Shopify (platform integration), and other essential service providers under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)

Your Data Rights

You have the right to:

  • Access: Request a copy of your data we hold
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Request your data in a portable format
  • Opt-out: Uninstall our app at any time to stop data collection

How to Exercise Your Rights

To exercise any of these rights, please contact us at: support@customease.app

Data Retention

We retain your data for as long as:

  • Your Shopify store has our app installed
  • Required to provide our services
  • Required by law (minimum 3 years for GDPR compliance audit logs)

When you uninstall our app, we automatically delete:

  • Your store's session and authentication data (immediate)
  • Product configurations and design templates
  • Customer customization data and order information (including names, emails, phone numbers, and shipping addresses)
  • Associated files stored in S3 (batch cleanup within 24 hours)

Audit logs are retained for 3 years for compliance purposes, then automatically deleted.

Data Deletion Process: We use automated cascade deletion to ensure all related data is removed completely. The deletion is logged to S3 for audit trail purposes (retained 3 years per GDPR requirements).

Note: We retain personal data only for as long as necessary to provide our services or as required by law. We do not keep data longer than needed.

GDPR Compliance

For users in the European Economic Area (EEA):

  • We process data based on legitimate interests and contractual necessity
  • You have additional rights under GDPR including data portability and the right to lodge complaints with supervisory authorities
  • We respond to data subject requests within 30 days
  • We maintain records of processing activities

Children's Privacy

Our service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

Cookies and Tracking

We use essential cookies only:

  • app_session_id: Maintains your authenticated session (HTTP-only, secure, 24-hour expiration)
  • shopify_shop: Stores your shop domain for reconnection (HTTP-only, secure, 7-day expiration)

All cookies are:

  • HTTP-only (not accessible via JavaScript, preventing XSS attacks)
  • Secure (transmitted exclusively over HTTPS encrypted connections)
  • SameSite: Lax (CSRF protection)

All data transmission uses HTTPS/TLS 1.3 encryption to protect your information in transit.

We do NOT use:

  • Advertising cookies
  • Analytics or tracking cookies
  • Third-party marketing cookies

We do NOT track users across websites or sell tracking data.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy with a new "Last Updated" date
  • Sending an email notification to your registered email address (for significant changes)

Your continued use of our app after changes indicates acceptance of the updated policy.

International Data Transfers

Your data may be transferred to and processed in regions where our cloud infrastructure is located. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Compliance with applicable data protection laws
  • Adequate security measures

Compliance with Shopify's Data Handler Requirements

We comply fully with Shopify's requirements for apps that collect customer personal data:

  • ✅ We process only the minimum personal data required to provide value to merchants
  • ✅ We clearly tell merchants what personal data we process and our purposes
  • ✅ We limit our use of personal data strictly to providing app functionality (no marketing, advertising, or data selling)
  • ✅ We maintain Data Processing Agreements (DPA) with merchants as required
  • ✅ We respect customers' consent decisions and opt-out requests
  • ✅ We do NOT sell customer data - customers can opt-out of data sales (we don't sell data period)
  • ✅ We do not use personal data for automated decision-making with legal/significant effects
  • ✅ We have retention periods ensuring data isn't kept longer than needed
  • ✅ We encrypt data at rest (AES-256) and in transit (TLS 1.3)
  • ✅ We encrypt backups stored in AWS S3
  • ✅ We separate test and production data completely
  • ✅ We have a data loss prevention strategy with multi-AZ deployment
  • ✅ We limit staff access to customer data using role-based access control
  • ✅ We enforce strong password requirements and multi-factor authentication for staff
  • ✅ We log access to personal data in audit logs (retained 3 years)
  • ✅ We have a security incident response policy with 72-hour notification commitment

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

Email: support@customease.app
Website: https://customease.app
Response Time: We aim to respond within 48 hours

This Privacy Policy is effective as of the date stated above and applies to all users of CustomEase.

Privacy PolicyTerms of ServiceSecurity

© 2025 CustomEase. All rights reserved.