Skip to main content
Last Updated: January 11, 2026 SectionsLab: Theme Sections (“the App”, “we”, “us”, or “our”) provides merchants using Shopify with tools to browse, install, and customize theme sections for their Shopify stores (“the Service”). This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-powered store. By installing or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the App.

Personal Information We Collect

Information from Shopify Account

When you install the App, we are automatically able to access certain information from your Shopify account, in accordance with the permissions you grant. This information is provided directly by Shopify and includes: API Permissions Used:
  • read_themes - Access to read your store’s theme information and structure
  • write_themes - Permission to install and modify theme sections in your store
Data Accessible Through Shopify:
  • Theme information and structure
  • Theme section data and configurations
  • Store domain and basic shop information
All such data is provided by Shopify from your merchant account. The App does not directly collect personal information from your customers or store visitors.

Information We Store

To provide the Service, we store the following information in our secure database: Session Data:
  • Shop domain and identifier
  • OAuth access tokens and refresh tokens (encrypted)
  • User account information (first name, last name, email address, user ID)
  • Account permissions and scope information
  • Session expiration timestamps
  • Locale and language preferences
App Usage Data:
  • Theme section installation history
  • App configuration preferences
  • Log data including IP addresses, browser type, and timestamps
Section Library Data:
  • Public section catalog (title, tags, content, preview images)
  • This data is not personal information and is shared across all App users

Information Collected Automatically

We collect information automatically through the use of the following technologies: Cookies and Similar Technologies:
  • Session cookies to maintain your login state
  • Preference cookies to remember your settings
  • Analytics cookies to understand App usage patterns
Log Files:
  • IP addresses
  • Browser type and version
  • Device information
  • Referring/exit pages
  • Timestamps of actions
  • Error logs and diagnostic information
Server Logs:
  • Request headers and metadata
  • Response codes and performance metrics
  • Security event logs

Third-Party Service Providers

We use the following third-party services to operate the App: Supabase (Database and Storage Provider):
  • We use Supabase to store session data, app configuration, and section library information
  • Supabase is a cloud-based database service that provides secure data storage
  • Data is stored in secure, encrypted databases with access controls
  • Supabase’s privacy policy: https://supabase.com/privacy
  • Supabase’s data processing locations may include the United States, European Union, and other regions
Shopify (Platform Provider): DigitalOcean (Hosting Provider):

How We Use Personal Information

We use the information we collect to:
  • Provide the Service: Operate, maintain, and improve the App functionality
  • Authentication: Manage user sessions and authenticate access to the App
  • Communication: Communicate with merchants regarding the Service, updates, and support
  • Section Management: Enable browsing, installation, and customization of theme sections
  • Analytics: Understand how the App is used to improve user experience
  • Security: Detect, prevent, and address technical issues, fraud, or security threats
  • Legal Compliance: Comply with legal obligations and respond to lawful requests
  • Support: Provide customer support and respond to inquiries
If you are located in the European Economic Area (EEA), we process your personal information based on the following legal bases:
  • Contractual Necessity: To fulfill our contractual obligations to provide the Service
  • Legitimate Interests: To improve the App, ensure security, and prevent fraud
  • Legal Obligations: To comply with applicable laws and regulations
  • Consent: Where you have provided explicit consent for specific processing activities

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share personal information only in the following circumstances: Service Providers:
  • With trusted third-party service providers who assist in operating the App (as listed above)
  • These providers are contractually obligated to protect your information and use it only for specified purposes
Legal Requirements:
  • When required by law, court order, or governmental authority
  • To comply with legal processes, investigations, or regulatory requirements
  • To protect our rights, property, or safety, or that of our users or others
Business Transfers:
  • In connection with a merger, acquisition, reorganization, or sale of assets
  • Your information may be transferred as part of such transactions
With Your Consent:
  • When you have provided explicit consent for specific sharing

Data Security

We implement appropriate technical and organizational measures to protect your personal information:
  • Encryption: Data in transit is encrypted using TLS/SSL protocols
  • Access Controls: Strict access controls and authentication mechanisms
  • Secure Storage: Data stored in secure, encrypted databases
  • Regular Updates: Security patches and updates applied regularly
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Backup and Recovery: Regular backups with secure recovery procedures
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

Data Retention

We retain personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:
  • Active Accounts: Data is retained while your App installation remains active
  • After Uninstallation: Data may be retained for up to 90 days after uninstallation for support and legal compliance purposes
  • Legal Requirements: Some data may be retained longer if required by law or for legitimate business purposes
  • Anonymization: After retention periods, data may be anonymized or deleted

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

European Economic Area (EEA) Residents (GDPR Rights)

  • Right to Access: Request a copy of your personal information
  • Right to Rectification: Request correction of inaccurate information
  • Right to Erasure: Request deletion of your personal information (“right to be forgotten”)
  • Right to Restrict Processing: Request limitation of how we process your information
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

California Residents (CCPA/CPRA Rights)

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Exercise your rights without discrimination

How to Exercise Your Rights

To exercise any of these rights, please contact us at: hello.shopwise.apps@gmail.com We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

Compliance Webhooks

In accordance with Shopify’s requirements and privacy regulations (GDPR, CPRA), we implement mandatory compliance webhooks:
  • customers/data_request: Responds to customer data access requests
  • customers/redact: Processes customer data deletion requests
  • shop/redact: Handles shop data deletion when the App is uninstalled
These webhooks ensure compliance with data protection regulations and allow merchants to fulfill their obligations to their customers.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. Specifically:
  • Data may be transferred to the United States, Canada, and European Union
  • We ensure appropriate safeguards are in place for international transfers
  • We rely on Standard Contractual Clauses and other legal mechanisms for transfers outside the EEA

Children’s Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:
  • Changes to our practices or operational requirements
  • Legal or regulatory changes
  • Improvements to our Service
  • Feedback from users
We will notify you of any material changes by:
  • Posting the updated policy on this page
  • Updating the “Last Updated” date
  • Sending an email notification (for significant changes)
  • Displaying a notice in the App
Your continued use of the App after changes become effective constitutes acceptance of the updated Privacy Policy.

Data Controller Information

For purposes of GDPR, the data controller is: If you are located in the EEA, you also have the right to lodge a complaint with your local data protection authority.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at: Email: hello.shopwise.apps@gmail.com We will make every effort to respond to your inquiry promptly and address any concerns you may have.
Effective Date: January 11, 2026 Last Updated: January 11, 2026