Install on ShopifyAbout this policy.
This Privacy Policy describes how Modulo, distributed on the Shopify App Store as "Modulo: Sections & Bundles", processes personal and shop data. The app is hosted at app.runmodulo.com, with the marketing site at runmodulo.com. This policy applies to all data processed by Modulo regardless of whether the merchant uses the current free tier or any future paid tier.
Torsgatan 1, 111 23 Stockholm, Sweden
Email: hello@runmodulo.com
The controller is reachable at hello@runmodulo.com for any privacy, data-protection, or rights request described in this policy. There is no separate Data Protection Officer; as a solo-operated business below the GDPR Article 37 thresholds, designating one is not required.
What data I collect.
When you install Modulo on a Shopify store, the app retrieves and stores a narrow set of data through the Shopify Admin API:
- Shop metadata: store domain, Shopify shop ID, plan, country, currency, and the store owner's contact email.
- App configuration: section settings, bundle definitions, and any toggles you set inside the Modulo admin.
- Product, variant, and theme identifiers needed to render sections and apply bundle discounts on your storefront.
- Aggregate app-event telemetry: counts of bundles created, sections installed, errors, and similar operational signals, sampled at one percent and stored without any per-shopper identifier.
- Web vitals: anonymous performance measurements from the merchant admin UI, also sampled at one percent.
That is the complete list. Anything beyond it would require a Shopify scope change, a code change, and a published update to this policy.
What data I don't collect.
I want to be explicit about what Modulo does not touch:
- No shopper personal data: no names, emails, phone numbers, or addresses of your customers.
- No order data, payment data, or shipping data.
- No cart contents tied to individual shopper sessions.
- No advertising trackers, no Google Analytics, no Facebook Pixel, no third-party marketing SDKs.
- No data from your storefront visitors beyond the anonymous, sampled web vitals described above.
Why I collect it.
Each category of data has a single, narrow purpose:
- Shop metadata is used to authenticate API calls, deliver support, and send transactional email about your installation.
- App configuration is what makes the app work. Without it, your sections and bundles cannot be rendered or restored.
- Product, variant, and theme identifiers let the app inject the correct Liquid sections and create the correct Shopify automatic discounts.
- Aggregate telemetry and web vitals help me find bugs, fix performance regressions, and meet Shopify's Built for Shopify performance thresholds.
I do not use any of this data for advertising, profiling, resale, or AI model training.
Legal bases under GDPR.
Where a merchant is established in the European Economic Area, the United Kingdom, or a jurisdiction that mirrors the GDPR, processing is grounded as follows:
- Article 6(1)(b), performance of a contract: processing shop metadata and app configuration is necessary to provide the service you installed.
- Article 6(1)(c), legal obligation: responding to Shopify-mandated GDPR webhooks and meeting record-keeping duties under tax law.
- Article 6(1)(f), legitimate interests: aggregate, sampled telemetry and web vitals support the legitimate interest of maintaining a stable, performant app. The interest is balanced against your rights because the data is anonymous and sampled at one percent.
I do not rely on consent under Article 6(1)(a) for any core processing, because installing the app through the Shopify App Store establishes the contractual basis.
Shopify mandatory compliance webhooks.
Modulo implements the three GDPR webhooks Shopify requires of every public app. These run automatically and need no merchant action.
| Webhook topic | Action I take | SLA |
|---|---|---|
customers/data_request | I check Modulo's databases and confirm whether any data linked to the customer ID exists. Because Modulo does not store shopper records, the standard response confirms that no data is held. | Within 30 days of receipt |
customers/redact | If by exception any record linked to the customer ID exists, I delete it. Otherwise I confirm there is nothing to redact. | Within 30 days of receipt |
shop/redact | Fired by Shopify 48 hours after uninstall. I delete all shop metadata, app configuration, bundle definitions, and section settings tied to the shop ID. Aggregate, anonymized telemetry is retained because it cannot be re-associated with the shop. | Within 48 hours of webhook receipt; full purge within 30 days of original uninstall |
Sub-processors.
Modulo uses the following sub-processors. All are bound by data processing agreements that meet GDPR requirements.
| Provider | Purpose | Processing region |
|---|---|---|
| Shopify | The platform that hosts the merchant store and authenticates the app | Global, per Shopify's own DPA |
| Render | Application hosting and database | Frankfurt, European Union |
| Resend | Transactional email (install confirmations, support replies) | European Union |
| Sentry | Error reporting and stack traces | European Union |
I do not add new sub-processors silently. When a new sub-processor is added, this policy is updated and installed merchants are notified by email at least 30 days before the change takes effect, unless a critical security or availability need shortens that window.
Retention.
Different data categories are kept for different periods:
- Shop metadata and app configuration: retained while the app is installed. On uninstall, deleted within 48 hours of the Shopify
shop/redactwebhook. - Bundle definitions, section settings, and theme references: same as above, deleted on uninstall.
- Transactional email logs at Resend: 30 days, then purged.
- Error reports at Sentry: 90 days, then purged.
- Aggregate, anonymized telemetry and web vitals: retained indefinitely, because the records contain no shop or shopper identifier and cannot be re-linked.
- Encrypted database backups: retained for 14 days, then overwritten.
Your rights as a data subject.
If you are a merchant or any individual whose personal data Modulo processes, you have the following rights under the GDPR:
- Right of access (Article 15): request a copy of the personal data Modulo holds about you.
- Right to rectification (Article 16): ask me to correct inaccurate or incomplete data.
- Right to erasure (Article 17): request deletion of your personal data, subject to legal retention obligations.
- Right to restriction (Article 18): ask me to limit processing in specific circumstances.
- Right to data portability (Article 20): receive your data in a machine-readable format.
- Right to object (Article 21): object to processing based on legitimate interests.
To exercise any of these rights, email hello@runmodulo.com from the address on file for your shop. I respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
International transfers.
Modulo's primary processing happens in Frankfurt, in the European Union. Some sub-processors, notably Shopify, operate globally and may move data outside the EEA as part of providing their own service. Where data leaves the EEA, transfers rely on the European Commission's Standard Contractual Clauses or an applicable adequacy decision.
I do not voluntarily move merchant or personal data to US infrastructure, and I do not use US-resident processing for storage or application logic unless Shopify itself requires it for a specific API call.
Security.
The data Modulo processes is protected by the following controls:
- All traffic, including the admin UI, the API, and webhook callbacks, is served over TLS 1.2 or higher.
- Database storage is encrypted at rest with AES-256, managed by Render.
- Administrative access to Render, Sentry, and Resend requires two-factor authentication.
- Database credentials and Shopify API tokens are stored as encrypted environment variables and never committed to source control.
- Encrypted database backups run daily and are retained for 14 days.
In the event of a personal data breach, I will notify affected merchants and the relevant supervisory authority within 72 hours of confirmation, as required by GDPR Article 33.
Changes and contact.
I update this policy when the app changes in a way that affects data processing, when a new sub-processor is added, or when applicable law shifts. Material changes are announced by email to the contact on file at least 30 days before they take effect. The version number and last review date at the top of this document always reflect the current state.
Questions, requests, and complaints: hello@runmodulo.com. I read every message myself.