This Privacy Policy describes how Mix Bundle ("the App", "we", "us",
or "our") collects, uses, stores, and protects information when you
install and use our Shopify application. We are committed to
protecting your privacy and handling your data in accordance with
applicable privacy laws, including the General Data Protection
Regulation (GDPR), California Privacy Rights Act (CPRA), and other
relevant data protection regulations.
2. Information We Collect
2.1 Information Collected Through Shopify's APIs
When you install Mix Bundle, we collect and process the following
information through Shopify's APIs:
Store Information: Store name, store URL, shop ID,
and domain
Product Information: Product titles, descriptions,
variants, prices, inventory levels, and images for products included
in bundles
Cart and Order Data: Cart line items, bundle
configurations, and order details necessary to process bundled
products
Theme Information: Limited theme data to render the
bundle configurator interface on your storefront
2.2 Information We Collect Directly
App Configuration Data: Bundle settings, discount
rules, and customization preferences you configure within the app
Usage Logs: Automated logs of app usage, including
error logs and performance metrics, to improve app functionality and
troubleshoot issues
2.3 Analytics Data
We use Google Analytics to collect aggregated, anonymized usage data
about how merchants interact with the app interface, including:
App Usage Statistics: Pages viewed within the app,
features used, and time spent in different sections
Technical Information: Browser type, device type,
and operating system
Performance Metrics: Page load times and app
performance indicators
This data is collected in aggregate form and cannot be used to
identify individual merchants. Google Analytics may use cookies to
collect this information. For more information about how Google uses
data, please visit:
https://policies.google.com/technologies/partner-sites
2.4 Information We Do NOT Collect
Customer Personal Information: We do not collect,
store, or process personal information about your customers (names,
email addresses, phone numbers, shipping addresses, or payment
information)
Store Owner Personal Information: We do not collect
additional personal information beyond what Shopify provides through
OAuth authentication
End-Customer Tracking: We do not use tracking
pixels or similar technologies on merchant storefronts or collect
browsing behavior of end customers
3. How We Use Information
We use the information we collect exclusively for the following
purposes:
App Functionality: To provide bundle configuration
features, including displaying product bundles, processing cart
transformations, and managing bundle discounts
Service Delivery: To enable the proper functioning
of bundled product features in your store
Technical Support: To troubleshoot issues, respond
to support requests, and improve app performance
Analytics and Improvement: To analyze usage
patterns (in aggregate, anonymized form through Google Analytics) to
enhance app features and user experience
Compliance: To comply with legal obligations and
respond to data subject requests as required by privacy laws
We do NOT:
Use your data for marketing purposes
Share your data with third parties for their marketing purposes
Sell your data to any third parties
Use your data for any purpose other than providing our app
services
4. Data Storage and Location
Storage Location: All data is stored securely on
servers located within the European Union, with potential backup
storage in compliant jurisdictions
Data Processing: As we are established in the
European Union (Northern Italy), data processing occurs primarily
within the EU in compliance with GDPR standards
Hosting Provider: We use enterprise-grade hosting
services (Hetzner) with appropriate security certifications and data
protection measures
Analytics Data: Google Analytics data is processed
by Google LLC in accordance with Google's privacy policy and data
processing terms
5. Data Retention
Active Stores: We retain necessary operational data
for as long as you keep the app installed and your store remains
active
After Uninstallation: Within 48 hours of receiving
the shop/redact webhook from Shopify (typically sent 48
hours after app uninstallation), we permanently delete all
store-specific data from our systems, except:
Aggregated, anonymized usage statistics that cannot be linked
back to your store
Data we are legally required to retain for accounting or
compliance purposes (such as billing records, which are retained
for the legally required period)
Google Analytics Data: Analytics data is retained
according to Google Analytics' data retention settings (typically
14-26 months) and is automatically anonymized or deleted according
to those settings
6. Data Sharing and Third Parties
We do not sell, rent, or share your data with third parties except in
the following limited circumstances:
Shopify: We share data with Shopify as necessary to
provide app functionality through Shopify's platform
Hosting Provider: Data is stored with our hosting
provider (Hetzner) under strict data processing agreements
Google Analytics: We use Google Analytics to
collect anonymized usage statistics. Google acts as a data processor
and processes data according to our instructions and their data
processing terms. You can opt out of Google Analytics tracking by
using the Google Analytics Opt-out Browser Add-on available at:
https://tools.google.com/dlpage/gaoptout
Legal Requirements: We may disclose information if
required by law, court order, or governmental regulation
Service Protection: We may disclose information to
protect the rights, property, or safety of our service, our users,
or the public
We do not use third-party advertising networks or marketing platforms
that would access merchant data.
7. Data Security
We implement appropriate technical and organizational measures to
protect your data, including:
Encryption of data in transit using TLS/SSL protocols
Secure authentication through Shopify's OAuth system
Regular security updates and vulnerability monitoring
Access controls limiting data access to authorized personnel only
Regular backups with secure storage
Docker containerization for application isolation
8. Your Rights
Depending on your location, you may have the following rights
regarding your data:
Access: Request access to the data we hold about
your store
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data (you can
also uninstall the app, which triggers automatic deletion)
Portability: Request a copy of your data in a
portable format
Objection: Object to certain types of data
processing
Withdrawal of Consent: Withdraw consent for data
processing where applicable
Mix Bundle subscribes to Shopify's mandatory compliance webhooks to
handle data subject requests:
customers/data_request: Responds within 30 days
with any customer data we hold (note: we do not collect or store
customer personal data)
customers/redact: Processes customer data deletion
requests
shop/redact: Automatically deletes all store data
within 48 hours of receiving this webhook
10. Children's Privacy
Our app is not directed at individuals under the age of 18. We do not
knowingly collect personal information from children. The app is
designed for use by Shopify merchants (business users) only.
11. International Data Transfers
As we are based in the European Union and our servers are located in
the EU, data transfers outside the EU are minimized. Any necessary
transfers are conducted using appropriate safeguards as required by
GDPR, such as Standard Contractual Clauses.
Google Analytics: Data collected by Google Analytics
may be transferred to and processed in the United States. Google LLC
participates in and complies with the EU-U.S. Data Privacy Framework.
12. Cookies and Tracking Technologies
12.1 Google Analytics Cookies
When you use Mix Bundle's admin interface, Google Analytics may set
the following cookies:
_ga: Used to distinguish users (expires after 2
years)
_gid: Used to distinguish users (expires after 24
hours)
_gat: Used to throttle request rate (expires after
1 minute)
These cookies are used only within the app's admin interface for
merchants and are not deployed on merchant storefronts or
customer-facing pages.
12.2 Your Cookie Choices
You can control and/or delete cookies as you wish. You can delete all
cookies that are already on your computer and you can set most
browsers to prevent them from being placed. However, if you do this,
you may have to manually adjust some preferences every time you visit
the app, and some services and functionalities may not work.
Adjust your browser settings to block third-party cookies
Use browser privacy/incognito mode
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes
in our practices, technology, legal requirements, or other factors.
When we make significant changes, we will:
Update the "Last updated" date at the top of this policy
Notify you through the Shopify Partner Dashboard or via email
For material changes, provide prominent notice within the app
Your continued use of the app after changes are posted constitutes
your acceptance of the updated Privacy Policy.
14. Contact Us
If you have questions, concerns, or requests regarding this Privacy
Policy or our data practices, please contact us:
For privacy-specific inquiries or to exercise your data rights, please
use the subject line "Privacy Request - Mix Bundle"
15. Regulatory Information
Data Controller: Meltinbit is the data controller for
data processed through Mix Bundle.
EU Representative: As we are established within the
EU, no separate EU representative is required.
Supervisory Authority: If you are in the EU and
believe we have not adequately addressed your concerns, you have the
right to lodge a complaint with your local data protection authority.