Variant Studio — Privacy Policy

This Privacy Policy describes how BG Studios (“we,” “us,” “our”) handles information in connection with the Variant Studio Shopify app (the “App”). By installing or using the App, you agree to the practices described below. If you do not agree, please uninstall the App.

1. What we collect

Variant Studio collects only the information necessary to operate the app on your store:

• Shop information. Your Shopify shop domain (e.g. example.myshopify.com), shop ID, and the access token Shopify issues when you install the App.
• Product configuration. When you customize variant rows, display styles, or storefront settings, those configurations are saved as Shopify metafields on your products and shop (variant_studio.product_settings, variant_studio.settings).
• Variant data. Variant titles, options, prices, SKUs, and inventory quantities that you ask the App to read or update via Shopify's API.
• Uploaded files. Images you upload through the App's “Upload from computer” feature. These are uploaded directly to Shopify Files; we do not retain copies.
• Server logs. Standard request logs (timestamp, route, response code) and any application error traces, retained by our hosting provider for operational debugging.

2. What we do NOT collect

• Customer personal information. The App does not collect, store, or transmit any data about your customers (name, email, address, payment details, browsing behavior, etc.). The storefront variant picker runs entirely in the customer's browser and submits selections to Shopify's cart, never to us.
• Payment information. All app subscription billing is processed by Shopify. We never see your payment method.
• Tracking or analytics on your storefront. Our storefront block contains no analytics scripts, no cookies, and no third-party trackers.

3. How we use the information

We use the information described in Section 1 solely to:

• Authenticate your store with Shopify's API.
• Render the App's admin interface and your saved configuration.
• Update Shopify resources (product variants, metafields, files) on your request.
• Diagnose and fix bugs reported by you or detected via error logs.

We do not sell, rent, or share your information with any third party for marketing purposes.

4. Where the data is stored

Session tokens and app metadata are stored in a PostgreSQL database hosted on Railway (U.S. region). Configuration metafields and uploaded images live in Shopify's infrastructure, not ours. All connections between your browser, our servers, and Shopify use TLS encryption.

5. Retention and deletion

When you uninstall the App from your store, Shopify sends our server an app/uninstalled webhook. Upon receipt, we delete all session tokens for your shop from our database.

Approximately 48 hours after uninstallation, Shopify additionally sends a shop/redact webhook in accordance with their GDPR compliance flow. We treat this as a final deletion signal and remove any remaining shop-level records.

Configuration stored as Shopify metafields is removed automatically by Shopify when the shop or app is closed. We retain server logs for up to 30 days for operational purposes.

6. GDPR and CCPA compliance

We comply with Shopify's mandatory privacy webhooks:

• customers/data_request — if a customer requests their data through your store, our handler logs the request and responds. As stated above, we do not store any customer data, so there is nothing to disclose.
• customers/redact — same: we have no customer data to delete.
• shop/redact — we delete shop-level data as described in Section 5.

If you are a merchant subject to GDPR or CCPA and need additional documentation or written confirmation of deletion, contact us at support@bgstudios.app.

7. Cookies

The App's admin interface uses only the session cookies required by Shopify's App Bridge for authentication. Our storefront block sets no cookies.

8. Children's data

The App is intended for use by merchants, not consumers. We do not knowingly collect any data from individuals under the age of 13.

9. Security

We use industry-standard practices to protect your data:

• All connections require TLS (HTTPS).
• Shopify access tokens are stored encrypted at rest and scoped only to the permissions you approved during installation.
• We do not store any customer personally identifiable information, so there is no customer PII at risk of breach.

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you within 72 hours via the email associated with your Shopify shop.

10. Changes to this policy

We may update this Privacy Policy occasionally. Material changes will be communicated to active merchants via the App's admin interface and reflected in the effective date at the top of this page.

11. Contact

Questions, concerns, or requests regarding this Privacy Policy or your data:

BG Studios
Email: support@bgstudios.app