CustomPix – Privacy Policy

Last updated: April 22, 2026

This Privacy Policy explains how Claymind LLC ("we", "us", "our") collects, uses, and protects personal data in connection with the CustomPix Shopify app ("App"). By installing the App, you ("Merchant") agree to the practices described in this policy.

1. Who We Are

CustomPix is a Shopify app published on the Shopify App Store by Claymind LLC. The App enables merchants to offer product personalisation on their storefronts, allowing customers to upload images that are processed and linked to their orders.

2. Data We Collect

From Merchants (via Shopify OAuth):

  • Shopify shop domain

  • Access tokens required to operate the App within your store (stored securely, never logged)

From Your Customers (via the storefront widget):

  • Customer-uploaded images (stored in a private Google Cloud Storage bucket)

  • Cart token (to associate images with in-progress orders)

  • Order ID (assigned at checkout, to link images to fulfilled orders)

We do not collect names, email addresses, payment details, or any other personal data beyond what is listed above.

3. How We Use Data

  • Shop domain – Authentication & data isolation

  • Product/variant config – Rendering the customisation widget correctly

  • Uploaded images – Providing the personalised product preview and delivering print-ready files to the merchant

  • Cart token – Matching images to the shopping session

  • Order ID – Linking images to the fulfilled order

We use the minimum data necessary to provide the Service. We do not use any data for advertising, profiling, or any purpose other than order fulfilment.

4. Shopify App Store & Partner Program

CustomPix is distributed via the Shopify App Store. By using the App:

  • Authentication is handled exclusively via Shopify's standard OAuth flow.

  • All billing is processed through Shopify's Billing API; we never collect payment details directly.

  • We comply fully with Shopify's Partner Program Agreement and Acceptable Use Policy.

  • We implement all three GDPR mandatory webhooks required by Shopify (see Section 6 below).

5. Data Storage & Security

  • Storage: Customer-uploaded images are stored in a private Google Cloud Storage bucket. Images are never stored on Shopify's CDN or any public storage.

  • Access control: Images are only accessible via time-limited, cryptographically signed URLs (Google Cloud Storage V4 Signed URLs). They are never publicly accessible.

  • Encryption in transit: All data is transmitted over HTTPS/TLS. We maintain valid TLS/SSL certificates at all times.

  • Encryption at rest: Google Cloud Storage applies default AES-256 encryption to all stored objects.

  • Authentication security: Storefront API proxy requests are verified using HMAC signatures to prevent unauthorised access.

6. GDPR Rights & Mandatory Webhooks

We implement Shopify's three mandatory GDPR webhooks:

Customer Data Request (customers/data_request) If a customer of your store requests a copy of their personal data, we will provide a report of all data we hold for that customer (uploaded images, cart token, order ID) within 30 days of the request.

Customer Data Erasure (customers/redact) If a customer requests deletion of their personal data, we will permanently delete all images and associated records for that customer within 30 days of the redact request.

Shop Data Erasure (shop/redact) Upon uninstallation of the App, we will permanently delete all data associated with your shop (including all uploaded images, product configurations, and records) within 30 days.

Merchants wishing to exercise these rights on behalf of their customers should contact us at [your contact email].

7. Data Sharing

We do not sell, rent, or share personal data with third parties, except:

  • Google Cloud Platform: Used for object storage (Google Cloud Storage). Google processes data as a data processor under our instructions. See Google's Privacy Policy.

  • Shopify: As the platform operator, Shopify has access to data in accordance with their own Privacy Policy.

  • Legal obligations: We may disclose data if required to do so by law or in response to valid legal process.

8. Data Retention

DataRetention PeriodUploaded imagesRetained while App is installed; deleted within 30 days of uninstallationCart token / Order IDRetained while App is installed; deleted within 30 days of uninstallationShop configurationRetained while App is installed; deleted within 30 days of uninstallation

You may request early deletion of your data at any time by contacting us.

9. Cookies & Tracking

The App does not use cookies or tracking technologies beyond what is provided natively by Shopify's platform (e.g. Shopify App Bridge session tokens). We do not use analytics, advertising pixels, or third-party tracking.

10. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Shopify Partner Dashboard or email. Continued use of the App following any update constitutes acceptance of the revised policy.

12. Governing Law

This Privacy Policy is governed by the laws of California.

13. Contact & Data Requests

For privacy enquiries, data access requests, or data deletion requests: Email: support@claymind.com App: CustomPix on the Shopify App Store