Privacy Policy

Last updated: May 12, 2026

Easy Backup & Restore helps Shopify merchants create, store, download, import, and restore backups of selected Shopify store data. This Privacy Policy explains what data the app accesses, how that data is used, and how merchants can request deletion.

Data We Access

Depending on the backup modules enabled by a merchant and the Shopify permissions approved during installation, the app may read:

• Products, product images, product media metadata, variants, tags, metafields, and catalog structure.
• Collections and collection metadata.
• Blogs, articles, publication state, tags, summaries, and article image metadata.
• Orders available through approved Shopify order access, including order contact details, addresses, line items, totals, discounts, fulfillment summaries, refund summaries, and order metafields.
• Customer profile data such as name, email, phone, tags, addresses, consent fields, tax settings, locale, notes, order count, amount spent, and customer metafields when the Customers backup module is enabled.
• Published theme metadata and theme backup artifacts, including theme file content.
• Metaobject definitions, metaobject entries, and custom data structures.
• Shop domain, installation status, granted scopes, and backup settings.

How We Use Data

We use Shopify data only to provide the backup and restore functionality requested by the merchant, including scheduled backups, manual backup runs, backup history, downloads, imports, temporary signed links, restore jobs, plan limits, storage usage, support, and operational monitoring.

We do not sell personal data, use personal data for advertising, or use personal data for profiling unrelated to backup and restore operations.

Backup Storage

Backup files are stored in the application storage configured for the service. Backups may include Shopify data selected by the merchant. The app currently keeps the latest 5 successful backups per shop and backup type unless manually deleted earlier.

Temporary Backup Links

Merchants can generate temporary signed backup links. These links are valid for 1 hour and are intended for short-term transfer or import workflows. Anyone with a valid temporary link during that period may download the linked backup file.

Orders and Customer Data

Orders and Customers backups may contain sensitive merchant or customer information. Easy Backup & Restore uses the minimum Shopify access required for enabled backup and restore modules. Customer data access is used only for merchant-selected backup and restore functionality and related operational support.

When customer consent or opt-out fields are present in Shopify data, the app preserves those fields as part of the backup payload. The app does not independently send marketing messages or sell customer data.

Data Deletion

Merchants can delete individual backup runs from the app. When a backup is deleted, related stored files are deleted as well. If the app is uninstalled, the uninstall webhook marks the shop as uninstalled and disables future backup processing. Full account deletion workflows can be handled by contacting support.

We support Shopify privacy requests, including customer data requests, customer redaction requests, and shop redaction requests, according to Shopify requirements and applicable law. Customer redaction requests remove matching customer and order records from stored backups, and shop redaction requests delete stored shop backup data.

Security

Shopify access tokens and stored backup files are encrypted at rest. Data in transit is protected through HTTPS. The app uses Shopify OAuth/session token validation for merchant access, background workers for long-running jobs, and signed URLs for temporary backup links. Backup access should be limited to authorized merchant staff.

Access Logs

The app keeps audit logs for access to backup data and protected customer data workflows, including backup downloads, imports, restore requests, temporary link activity, deletion actions, privacy webhooks, and restricted admin access. Audit log metadata avoids storing raw customer email, phone, name, or address values.

Subprocessors and Hosting

The app is hosted on infrastructure controlled by the app owner. Backup files are stored in the application storage configured for the service. If external storage providers are added in the future, merchants will be informed through updated product settings or policy updates.

Contact

For privacy or deletion requests, contact the app owner at support@backuply.net.