Logo

Privacy Policy

Effective date: March 18, 2026

This Privacy Policy applies to all applications published by Studio Enchant ("we", "us", or "our"), including but not limited to Pricer. By installing or using any of our apps, you agree to the practices described in this policy.

1. Who We Are

Studio Enchant is the developer of Shopify apps available on the Shopify App Store. We build tools to help Shopify merchants manage and grow their stores. For privacy-related enquiries, contact us at privacy@studioenchant.com.

2. Data We Collect

Our apps access data through Shopify's APIs only to the extent necessary to provide the app's core functionality. Depending on which app you use, we may access:

  • Store information — your Shopify store domain, timezone, and currency, used to configure app behaviour correctly.

  • Product and variant data — product titles, variant titles, SKUs, prices, and compare-at prices, used to perform the actions you request (e.g. bulk price updates).

  • Collection and inventory data — collection names and membership, used to scope operations to a subset of your catalogue.

  • Authentication tokens — OAuth access tokens issued by Shopify, stored securely to maintain your session and make authorised API requests on your behalf.

  • App configuration data — settings, presets, and operation history you create within the app, stored to provide continuity between sessions.

We do not collect personal data about your customers. Our apps do not access customer names, email addresses, phone numbers, postal addresses, payment information, or any other personally identifiable information relating to end-consumers of your store.

We do not use tracking pixels, third-party analytics scripts, or advertising networks in our apps.

3. How We Use Your Data

We use the data we collect solely to:

  • Provide and operate the features of the app you have installed.

  • Authenticate your session and authorise API requests to Shopify on your behalf.

  • Store your app settings, presets, and history so they persist between sessions.

  • Diagnose errors and improve the reliability of our services (server-side logs only; no third-party analytics).

We do not sell your data, share it with advertisers, or use it for any purpose beyond operating our apps.

4. Data Sharing and Third Parties

We do not sell, rent, or share your data with third parties for marketing or advertising purposes.

We use the following sub-processors to operate our infrastructure:

  • Railway (Railway Corp) — cloud hosting for our app servers and databases. Data is stored on servers in the United States. Railway's privacy policy is available at railway.com/legal/privacy.

  • Shopify Inc. — all API data flows through Shopify's platform as the source of record. Shopify's privacy policy governs data held within their platform.

We may disclose data if required to do so by law, court order, or governmental authority, or to protect the rights, property, or safety of Studio Enchant, our users, or the public.

5. Data Retention

We retain data for as long as you have our app installed on your store. Specifically:

  • Session tokens are deleted automatically when you uninstall the app. We subscribe to Shopify's app/uninstalled webhook to trigger immediate deletion.

  • Operation history, settings, and presets are retained for the duration of your installation and are eligible for deletion upon request after uninstall.

  • Server logs are retained for up to 30 days for error diagnostics and then permanently deleted.

You may request deletion of all data associated with your store at any time by contacting us at privacy@studioenchant.com. We will action deletion requests within 30 days.

6. GDPR and EEA Merchants

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or equivalent legislation:

  • Right of access — you may request a copy of the data we hold about your store.

  • Right to rectification — you may request correction of inaccurate data.

  • Right to erasure — you may request that we delete all data associated with your store.

  • Right to restriction — you may request that we limit processing of your data in certain circumstances.

  • Right to data portability — you may request an export of your data in a machine-readable format.

  • Right to object — you may object to processing based on legitimate interests.

Our legal basis for processing merchant data is contractual necessity — we process only the data required to deliver the service you have subscribed to.

Data is processed in the United States via our hosting provider (Railway). Where data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as applicable.

To exercise any of these rights, contact us at privacy@studioenchant.com. We will respond within 30 days.

7. CCPA / CPRA (California Residents)

If you are a California resident, the CCPA and CPRA grant you the following rights:

  • Right to know — you may request disclosure of the categories and specific pieces of personal information we have collected.

  • Right to delete — you may request deletion of personal information we hold about you.

  • Right to opt out of sale — we do not sell personal information.

  • Right to non-discrimination — we will not discriminate against you for exercising your rights.

To submit a request, contact us at privacy@studioenchant.com.

8. Shopify Mandatory Privacy Webhooks

We subscribe to Shopify's mandatory privacy webhooks to ensure compliance with data deletion obligations:

  • customers/data_request — if a customer requests a copy of their data, we confirm that we hold no personal customer data.

  • customers/redact — if a customer requests deletion, we confirm that we hold no personal customer data to delete.

  • shop/redact — when a store is uninstalled and 48 hours have elapsed, we permanently delete all data associated with that store from our systems.

9. Security

We take reasonable technical and organisational measures to protect your data, including:

  • All data is transmitted over HTTPS/TLS.

  • OAuth tokens are stored in a server-side database and never exposed to the browser.

  • Our database is not publicly accessible and requires authenticated access.

  • We perform regular dependency updates to patch known security vulnerabilities.

We will notify affected merchants without undue delay in the event of a data breach that poses a risk to their rights and freedoms.

10. Cookies

Our apps run inside the Shopify Admin and do not set third-party cookies. Session management is handled server-side via Shopify's OAuth mechanism. We do not use advertising cookies or tracking cookies of any kind.

11. Children's Privacy

Our apps are intended for use by business operators (Shopify merchants) and are not directed at individuals under the age of 16. We do not knowingly collect personal data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page. Continued use of our apps after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

Studio Enchant Email: privacy@studioenchant.com

We aim to respond to all privacy enquiries within 30 days