Privacy Policy
This page summarises how Avada Order Editing collects, uses, and deletes data. The full legal text is at avada.io/privacy (opens in a new tab).
What we collect
From the merchant (your store)
- Store domain, store name, support email — to identify the install.
- Currency, plan, timezone — to render the dashboard correctly.
- App settings (allowed edit types, time window, etc.) — what you typed in.
From customers (when they use the widget)
- Order ID, customer email, the address fields they edited.
- The before and after values — so the merchant can see the diff.
- A timestamp and session ID — for activity logging.
We do not collect payment card information, browser fingerprints, or anything not directly tied to the edit.
How we use it
- Power the app — Activity page, emails, dashboard metrics.
- Diagnose bugs — engineering can see anonymised error traces.
- That is it. We do not sell, share, or rent any of this data.
Where it lives
Firestore (Google Cloud, EU region for EU stores, US region for US stores). Encrypted at rest, TLS in transit.
How long we keep it
- Activity log — 12 months. Older entries auto-purge.
- Edit session metadata — 90 days.
- Aggregated metrics (counts only) — kept indefinitely for the dashboard.
- PII (customer emails, addresses) — purged 90 days after the related order is fulfilled.
GDPR webhooks
Shopify sends three GDPR webhooks; we honor all three:
| Webhook | Our action |
|---|---|
customers/data_request | We email the merchant a JSON export of all data we hold for that customer within 30 days. |
customers/redact | We delete all PII for that customer within 30 days, keeping only anonymised counts. |
shop/redact | We delete the entire store record within 48 hours. |
Uninstall
When you uninstall, Shopify sends app/uninstalled. We:
- Disable the app immediately (no further writes).
- Schedule full data purge in 48 hours (Shopify gives a grace window for re-installs).
- Send
shop/redactconfirmation back to Shopify when complete.
Sub-processors
| Service | Purpose | Region |
|---|---|---|
| Google Cloud (Firestore, Cloud Functions) | Hosting + database | Per-store region |
| Sendgrid | Transactional email | US |
| Crisp | Live chat / helpdesk | EU |
Contact
Data protection officer: [email protected].