Plain-English Summary: Backup Samurai accesses your Shopify store data solely to create and manage backups on your behalf. We do not sell your data, use it for advertising, or share it with third parties except the cloud storage providers you explicitly connect (Google Drive, Dropbox). You can request deletion of your data at any time.
1. Overview
Backup Samurai ("we", "us", "our") is a Shopify application operated at backupsamurai.site. This Privacy Policy explains how we collect, use, store, and protect information when you install and use our application.
By installing Backup Samurai from the Shopify App Store, you agree to the terms of this Privacy Policy.
2. Data We Collect
Store Data (via Shopify API)
When you install Backup Samurai, we request access to your Shopify store to read and back up:
- Products, product variants, and product images
- Collections (manual and smart)
- Themes and theme files
- Customer records (names, email addresses, addresses)
- Order records and line item data
- Metafields and custom data
- Store settings and configuration
This data is accessed solely to create backup snapshots that you can restore from.
Account Information
We store your Shopify shop domain, the access token Shopify provides to authorise our API calls, and your plan/billing status.
Usage Data
We collect basic usage logs (backup timestamps, restore events, errors) to operate and improve the service. These logs do not contain your store's customer or product data.
3. How We Use Your Data
We use the data we access for the following purposes only:
- Backup creation: Reading your store data via Shopify's API to create encrypted backup snapshots.
- Restore operations: Using stored snapshots to write data back to your store when you request a restore.
- Cloud export: If you connect Google Drive or Dropbox, transmitting backup files to your chosen cloud storage on your behalf.
- Service communication: Sending backup completion notifications and important service updates to your store email.
- Billing: Processing subscription charges through Shopify's built-in billing API.
We do not use your store data for advertising, analytics resale, or any purpose beyond operating the backup service.
4. Data Sharing & Third Parties
We do not sell, rent, or trade your data with any third party. We may share data only in the following limited circumstances:
- At your direction: If you connect Google Drive or Dropbox, your backup files are transmitted to those services under their respective privacy policies.
- Infrastructure providers: We use cloud hosting to store backups. These providers process data only as directed by us under data processing agreements.
- Legal compliance: If required by applicable law, court order, or government regulation.
5. Data Retention
Backup snapshots are retained according to your plan's retention period:
- Free plan: 7 days
- Silver plan: 30 days
- Gold plan: 90 days
- Platinum & Custom plans: 365 days (1 year)
When you uninstall Backup Samurai, we delete your store's backup data within 30 days in accordance with Shopify's data deletion webhook requirements. You may also request immediate deletion by contacting us.
6. Security
- All backup data is encrypted at rest using AES-256 encryption
- All data in transit is protected using TLS 1.2 or higher
- Shopify access tokens are stored encrypted and never exposed in logs
- Access to backup data is restricted to authenticated sessions tied to the originating shop
7. Your Rights (GDPR & Data Subject Rights)
If you are located in the EEA, United Kingdom, or other jurisdictions with data protection laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you or your store.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data ("right to be forgotten").
- Portability: Request your data in a portable, machine-readable format.
- Objection & Restriction: Object to specific uses or request restriction of processing.
To exercise any of these rights, contact us at support@backupsamurai.site. We will respond within 30 days.
8. Shopify Mandatory Webhooks
As required by Shopify, we respond to the following data-related webhooks:
- customers/data_request: When a customer requests their data, we provide any customer data held in our backups.
- customers/redact: When a merchant requests deletion of a customer's data, we remove it from backup storage within 30 days.
- shop/redact: When a merchant uninstalls our app and requests deletion, we delete all backup data for that shop within 30 days.
9. Children's Privacy
Backup Samurai is a business tool intended for Shopify merchants and is not directed at children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice in the app or sending an email to your store's account email. The "Last updated" date at the top reflects the most recent revision.
Questions, concerns, or requests related to this Privacy Policy:
We aim to respond to all privacy enquiries within 5 business days.