Privacy Policy

This policy describes how the Featherweight Shopify app ("the app", "we") handles data when you install it on your Shopify store. The app exists to compress and resize images on your store. We have designed it to collect the minimum amount of data required to do that job, and nothing more.

What we collect

When you install the app, we receive and store:

• Your store's myshopify.com domain
• A Shopify-issued OAuth access token (used to communicate with your store on your behalf)
• Settings you configure in the app (maximum image width, JPEG quality, auto-optimise toggle)
• A log of optimisation runs (timestamp, totals: how many images processed, skipped, failed, and total bytes saved)
• A log of individual image events (filename, file ID, before/after byte size, status) — used to render the activity feed and to enable per-image restore
• Temporary copies of your store's original images while we optimise them — see "Image backups" below

What we do not collect

• Customer personal information (names, emails, addresses, payment information)
• Order, cart, or browsing data
• Analytics tracking, cookies, or fingerprinting

The app requests only three Shopify scopes: read_files, write_files, and read_products. The first two are needed to scan and replace image content. The third is required by Shopify's platform rules in order to subscribe to product image upload webhooks — we use it solely to detect that a new image was uploaded so we can compress it. We do not read or store any other product data.

Image backups

Every time we optimise an image, we save a copy of the original file to our infrastructure for 30 days. This is so you can restore the original at any time during that window if you don't like the result. After 30 days, the backup file is automatically and permanently deleted.

You can manually trigger a restore at any time from the Backups page inside the app, either for individual images or for the entire run. Restoring an image puts the original content back on Shopify and removes our copy.

How long we keep your data

• App settings, optimisation logs, image event records: kept while the app is installed on your store
• Image backups: maximum 30 days from creation
• All data: permanently deleted within 48 hours of you uninstalling the app, in accordance with Shopify's shop/redact GDPR compliance webhook

Where your data is stored

• App settings and logs: PostgreSQL database hosted on Neon (US East region)
• Image backups: encrypted volume on Fly.io (Ashburn, Virginia, US East)

We do not transfer your data outside these providers, and we do not share or sell it to anyone.

Subprocessors

We rely on the following service providers to operate the app:

• Shopify Inc. — for all interactions with your store
• Fly.io, Inc. — for hosting our application servers and image backup storage
• Neon, Inc. — for our database

Each of these handles data according to their own privacy policies, linked above.

Your rights (GDPR / CCPA / similar)

If your store is in a jurisdiction that grants data rights (for example the EU, UK, California, Australia, or others), you can:

• Request a copy of all data we hold about your store
• Request permanent deletion of all your data at any time

The fastest way to exercise the right to deletion is to uninstall the app from your Shopify admin. Shopify will send us a shop/redact webhook within 48 hours, which automatically purges your store's data and any image backups we hold. To request a copy of your data instead, email us at the address below.

Contact

Questions, data requests, or concerns about this policy should be sent to devofmobileapp@gmail.com.

Changes to this policy

We may update this policy from time to time. The new version will be posted at this URL with an updated "last updated" date. Continued use of the app after changes means you accept the updated policy.