Privacy Policy and Terms of Service

Effective date: May 7, 2026

Modilo is an independent product personalization and web-to-print application for Shopify merchants. Modilo is not owned, operated, sponsored, endorsed by, or affiliated with Shopify Inc. Shopify is a third-party commerce platform used by merchants who choose to connect Modilo to their Shopify stores. This document explains how Modilo collects, uses, stores, protects, and deletes merchant and customer data, and sets out the terms that apply when a merchant installs or uses the service.

1. Privacy Policy

In this document, "Modilo", "we", "our", and "us" refer to the provider of the Modilo application. "Merchant" or "you" means the Shopify merchant or authorized user who installs or uses Modilo. "Customer" means an end customer of a merchant who uses a Modilo-powered storefront personalizer.

Modilo acts as a service provider and processor for customer personal data that we process on behalf of merchants. Merchants remain responsible for their own storefront privacy notices, customer relationships, Shopify store configuration, and lawful use of customer data.

Information we collect from merchants

Shopify shop domain, Shopify shop identifiers, installation status, app configuration, and OAuth authorization data.
Encrypted Shopify access and refresh tokens, granted Shopify scopes, and related authentication metadata.
Merchant account data used inside Modilo, such as username, password hash, display name, session data, and support or setup information.
Templates, artwork, fonts, clipart, product mappings, preview configuration, print settings, translations, and other files or settings uploaded or created by the merchant.
Billing plan, subscription status, usage counters, Shopify billing identifiers, usage charge identifiers, order number, and order ID needed to calculate and prevent duplicate billing.
Optional integration credentials that the merchant chooses to save, such as encrypted Google Drive OAuth tokens or encrypted AI provider API keys.
Technical and security data, including request metadata, error events, rate-limit counters, IP address signals, webhook delivery metadata, and security verification results.

Information we collect through Shopify APIs and webhooks

Product and variant information needed to connect Shopify products to Modilo templates.
Order ID, order number, line items, line item properties, product and variant IDs, and personalization IDs needed to generate print files for completed personalized orders.
Shopify subscription and billing data needed to activate, update, or cancel Modilo plans and usage charges through Shopify Billing.
Privacy webhook payload identifiers, including shop domain, customer ID, and order IDs supplied by Shopify for data access or deletion requests.

Information we collect from customers

Customer-entered personalization text, such as names, messages, dates, dedications, addresses, or other text fields configured by the merchant.
Customer-uploaded images used to personalize a product.
Customer selections, including variants, dropdown choices, checkbox choices, dynamic image choices, layout choices, zoom, crop, and position settings.
Temporary preview images generated from the customer's personalized design.
Personalization properties attached to the Shopify cart or order line item so the merchant can fulfill the personalized order.
Where a merchant enables an AI image feature, the uploaded image, prompt instructions, and generated output required to complete that AI transformation.

Modilo does not collect customer payment card numbers and does not replace or bypass Shopify Checkout. Customer checkout, payment, shipping, billing, and tax processing are handled by Shopify and the merchant's configured Shopify services. Modilo does not use customer data for advertising, interest-based profiling, data brokerage, or sale of personal information.

How we use information

To install, authenticate, and operate Modilo for a merchant's Shopify store.
To let merchants create, store, manage, and publish product personalization templates.
To serve the storefront personalizer through Shopify App Proxy and verify Shopify-signed requests.
To save customer personalization data before checkout and attach safe personalization properties to the Shopify cart or order.
To generate previews and production-ready print PDF files for completed personalized orders.
To upload or deliver production files to storage destinations selected or configured by the merchant.
To provide billing, usage tracking, plan management, security, fraud prevention, troubleshooting, and support.
To respond to Shopify compliance webhooks and privacy requests.

Cookies and similar technologies

Modilo uses only strictly necessary cookies, session storage, and similar technologies required for authenticated merchant admin sessions, Shopify embedded admin via Shopify App Bridge, CSRF protection, and security controls. Modilo does not use advertising, analytics-profiling, or cross-site tracking cookies, and does not place tracking cookies on the customer-facing personalizer beyond what is technically required to render the personalizer through Shopify App Proxy.

Children's data

Modilo is a business-to-business service for Shopify merchants and is not directed to children. Modilo is not intended for use by individuals under the age of 16. We do not knowingly collect personal data directly from children. If a merchant operates a storefront that targets children, the merchant is responsible for any required parental consent and for complying with applicable children's privacy laws.

2. Shopify Data and App Permissions

Modilo requests only the Shopify Admin API access scopes needed for its current functionality:

read_orders and write_orders, to receive personalized order data, generate production files, and write order-related metadata needed by the merchant.
read_products and write_products, to display products and connect them to Modilo personalization templates.
write_app_proxy, to serve the customer-facing personalizer through Shopify App Proxy.

Modilo does not request payment data access and does not use Shopify data for purposes unrelated to providing the product personalization service. Webhooks are verified with Shopify HMAC signatures. Storefront personalizer requests served through Shopify App Proxy are also verified before tenant-specific customer functionality is delivered.

3. Storage, Security, and Subprocessors

Modilo is a multitenant application. Merchant files and customer production data are separated by tenant-specific storage paths. Access to merchant admin functionality is controlled through authenticated sessions. Customer-facing requests use Shopify App Proxy verification to resolve the correct merchant tenant.

We use reasonable administrative, technical, and organizational safeguards appropriate for the nature of the service, including encrypted storage of Shopify tokens, encrypted storage of saved Google Drive and AI provider credentials, server-side validation of uploaded files, request rate limiting, CSRF protections for merchant admin write requests, HMAC verification for Shopify webhooks and App Proxy requests, and tenant-scoped file operations.

Modilo may use the following service providers to operate the app:

Shopify, for app installation, Shopify APIs, App Proxy, checkout, orders, subscriptions, and billing.
Railway or equivalent application hosting infrastructure, for running the Modilo web application and background workers.
PostgreSQL, for merchant accounts, encrypted tokens, billing records, and app metadata.
Redis, for short-lived OAuth state, queues, rate limits, cache data, and temporary processing state.
Bunny.net storage and CDN, for merchant assets, customer uploads, previews, production PDFs, order indexes, and related app files.
Google Drive, only if the merchant connects a Google Drive account and chooses to export production files there.
OpenAI or xAI, only if the merchant enables AI image functionality and provides or configures the relevant provider credentials.

Customer data may be processed in the European Economic Area, the United States, or other locations where our service providers operate. Where applicable, such transfers are handled through the contractual and technical safeguards made available by the relevant providers.

4. Data Retention

Temporary cart personalization JSON that has not become a completed order is retained for up to 30 days and then deleted.
Temporary customer-uploaded preview images and temporary AI preview or source images that are not linked to a completed order are retained for up to 30 days and then deleted.
Completed order production data, including generated PDFs, order-linked previews, source images, customer upload files, and the order index, is retained as merchant order-production records until deleted by merchant action, Shopify privacy redaction, shop redaction, or other applicable retention workflow.
Internal privacy request reports are retained only as needed to document and complete Shopify privacy requests and are deleted when matching customer or shop redaction applies.
Shopify access tokens and shop mappings are removed when a shop is uninstalled or redacted, subject to the timing of Shopify uninstall and privacy webhooks.
Billing records, security logs, and support records may be retained as needed for accounting, fraud prevention, dispute resolution, legal compliance, and service integrity.

5. Privacy Rights and Shopify Privacy Requests

Shopify requires public apps to support privacy requests for personal data, regardless of where the individual is located. Modilo supports Shopify's required privacy request process, including:

requests to identify customer data stored by the app;
requests to delete or redact customer data linked to a customer or order; and
requests to delete shop data after the merchant uninstalls the app.

When Modilo receives a Shopify customer data access request, we create a minimal internal report identifying relevant personalization data categories and indexed files for the requested orders. The report does not copy full customer-entered personalization text or binary image/PDF contents.

When Modilo receives a Shopify customer deletion or redaction request, we use Shopify's supplied order IDs to delete indexed personalization files, production PDFs, previews, customer-uploaded files, queue/idempotency records where linked, and matching privacy request reports. Anonymous pre-checkout cart data that is not linked to a Shopify customer account is handled through the 30-day temporary data deletion process.

When Modilo receives a Shopify shop deletion or redaction request after uninstall, we delete stored customer personalization and production data for that shop and remove the Shopify shop connection. If we are legally required to retain limited records, we will retain only the minimum records required and restrict their use to the legally required purpose.

Subject to applicable law, individuals may have the right to access, correct, delete, restrict, or port their personal data, to object to certain processing, to withdraw consent where processing is based on consent, and to lodge a complaint with their local data protection or privacy supervisory authority. Merchants and customers may contact us at [email protected] to make a privacy request. Customers should also contact the Shopify merchant from whom they purchased, because the merchant controls the customer relationship and can initiate Shopify privacy requests.

6. Data Processing Terms

These Data Processing Terms apply when Modilo processes personal data on behalf of a merchant. The merchant is the controller or business for customer personal data, and Modilo is the processor, service provider, or equivalent role under applicable privacy law.

Modilo processes personal data only to provide, secure, maintain, support, and improve the Modilo service, to comply with merchant instructions, and to satisfy legal or Shopify platform requirements.
Modilo does not sell customer personal data, share it for cross-context behavioral advertising, or use it for independent advertising profiles.
Modilo uses subprocessors only as reasonably necessary to operate the service and remains responsible for their processing of merchant data as required by applicable law.
Modilo will assist merchants, within the functionality of the service and as reasonably possible, with privacy requests, security obligations, and deletion requests relating to customer personal data.
Modilo will take reasonable steps to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.
Modilo will notify affected merchants without undue delay if we become aware of a confirmed personal data breach affecting their data, unless prohibited by law.
Upon termination or uninstall, Modilo will delete or return personal data according to this policy, Shopify privacy webhook requirements, and applicable legal retention obligations.

7. Terms of Service

Use of Modilo

By installing, accessing, or using Modilo, you represent that you are authorized to act for the Shopify store connected to the app and agree to these terms. You may use Modilo only for lawful business purposes and in accordance with Shopify's applicable terms, policies, and developer requirements.

Merchant responsibilities

You are responsible for the products, templates, artwork, fonts, images, text, customer-facing instructions, prices, and personalization fields you create or publish through Modilo.
You must have all rights, licenses, consents, and notices required to use uploaded content and to collect customer personalization data through your store.
You are responsible for reviewing generated previews and production files before manufacturing, shipping, or otherwise fulfilling personalized products.
You must not use Modilo to process illegal, infringing, harmful, deceptive, or sensitive content unless you have a lawful basis and the use is permitted by Shopify and applicable law.
You must keep your Modilo account credentials, Shopify access, Google Drive access, and AI provider credentials secure.

Customer uploads and AI features

If you enable customer image uploads or AI image features, you are responsible for providing appropriate customer notices and obtaining any required rights or consents. AI image transformations may send customer-provided images and prompt instructions to the selected AI provider solely to generate the requested personalization output. Use of AI provider services may be subject to the provider's own terms and policies.

Billing

Modilo uses Shopify Billing for paid plans, free trials where offered, recurring subscription charges, and usage charges. Pricing, included usage, overage rates, trial duration, and billing terms are presented in Shopify and in the Modilo billing interface. Usage charges are calculated from personalized Shopify order items that contain Modilo personalization properties. Duplicate Shopify webhook deliveries are handled with idempotency controls to help prevent duplicate usage charges.

Service availability and changes

We aim to provide a reliable service, but Modilo depends on Shopify, hosting providers, storage providers, AI providers where enabled, internet connectivity, and merchant configuration. We may modify, suspend, or discontinue parts of the service when reasonably necessary for maintenance, security, legal compliance, Shopify platform changes, or product improvements.

Intellectual property

Modilo and its software, interface, documentation, workflows, and branding are owned by us or our licensors. Merchants retain ownership of their uploaded content and customer data, subject to the rights needed for Modilo to provide the service.

Prohibited use

Do not attempt to bypass Shopify Checkout, Shopify billing, Shopify security, Modilo tenant isolation, or access controls.
Do not upload malware, executable code, unauthorized scripts, or files designed to attack or compromise the service.
Do not use Modilo to infringe intellectual property rights, violate privacy rights, or create unlawful or harmful content.
Do not reverse engineer, scrape, overload, or interfere with the service except as permitted by law.

Disclaimers

Modilo is provided on an "as is" and "as available" basis. To the maximum extent permitted by law, we disclaim all warranties, whether express, implied, or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, uninterrupted availability, and error-free operation.

Limitation of liability

To the maximum extent permitted by law, Modilo will not be liable for indirect, incidental, special, consequential, exemplary, or punitive damages, or for lost profits, lost revenue, lost data, business interruption, printing errors, production delays, or third-party platform failures. Modilo's aggregate liability for claims relating to the service will not exceed the amounts paid by the merchant to Modilo for the service during the three months before the event giving rise to the claim.

Indemnity

You agree to defend, indemnify, and hold Modilo harmless from claims, damages, liabilities, costs, and expenses arising from your content, your products, your customer notices or consents, your breach of these terms, your violation of law, or your misuse of the service.

Termination

You may uninstall Modilo from Shopify Admin at any time. We may suspend or terminate access if a merchant violates these terms, creates security or legal risk, fails to pay applicable charges, or uses the service in a way that could harm Modilo, Shopify, customers, or third parties. After uninstall, Shopify may send privacy and lifecycle webhooks that trigger deletion and deactivation workflows described in this document.

Changes to this document

We may update this Privacy Policy and Terms of Service from time to time. The updated version will be posted on this page with a new effective date. Material changes will apply prospectively unless a shorter period is required for legal, security, or Shopify platform reasons.

8. Contact

For privacy questions, Shopify review questions, support requests, or legal notices, contact Modilo at [email protected].