Privacy Policy

Last updated: April 15, 2026

Wan Buffer Services ("we", "us", "our") operates the Mobile Builder Shopify application (the "App"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. By installing or using the App, you agree to this Policy.

1. Information We Collect

When a merchant installs the App, Shopify shares the following with us:

• Shop domain, store name, email, country, currency, timezone.
• Product, collection, inventory and pricing data needed to render the mobile storefront.
• Customer records and order metadata needed for account and checkout features.
• App Bridge session tokens used solely to authenticate admin requests.

When a shopper uses your mobile app we may collect device identifiers, push-notification tokens, crash logs, and in-app analytics events. We do not collect payment card details — checkout is handled by Shopify.

2. How We Use Information

• Operate, maintain and personalize the App and your mobile storefront.
• Sync products, orders and customers between Shopify and the mobile app.
• Send transactional and marketing push notifications you configure.
• Provide support, prevent fraud, and meet legal obligations.

3. Sharing & Sub-processors

We do not sell personal data. We share data only with sub-processors that help us run the service: Shopify (platform), our hosting provider, Firebase Cloud Messaging (push delivery), and transactional email providers. Each is bound by confidentiality and data protection obligations.

4. Data Retention

We keep merchant data for as long as the App is installed. On uninstall we delete shop data within 48 hours, unless retention is required by law. Shoppers can request deletion at any time via the merchant.

5. GDPR / Compliance Webhooks

We respond to Shopify's mandatory compliance webhooks:

• customers/data_request — we forward the request to the merchant.
• customers/redact — we delete the specified customer data within 30 days.
• shop/redact — we delete all shop data within 30 days of uninstall.

6. Security

Data is transmitted over TLS and stored in access-controlled databases. Access is restricted to authorized personnel on a need-to-know basis.

7. Your Rights

Subject to your jurisdiction (GDPR, CCPA and similar laws), you may request access, correction, export or deletion of personal data. Email [email protected].

8. Children

The App is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children.

9. Changes

We may update this Policy from time to time. Material changes will be notified via the admin or email. Continued use after an update constitutes acceptance.

10. Contact

Questions or requests: [email protected].