Privacy Policy : Media Cleanup Shopify App

1. Introduction

Media Cleanup ("we," "our," or "us") operates the Media Cleanup application (the "App") available on the Shopify App Store. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our App.

We are committed to protecting the privacy of Shopify merchants ("you" or "Merchant") and their customers. Please read this Privacy Policy carefully. By installing and using Media Cleanup, you agree to the collection and use of information in accordance with this policy.

2.1 Information Collected from Shopify

When you install Media Cleanup, we access the following data from your Shopify store through the Shopify API:

Store Information:

Shop domain (e.g., yourstore.myshopify.com)
Shop name and contact email
Store access tokens for API authentication

Media Files Information:

File IDs, filenames, and CDN URLs
File sizes and MIME types
Alt text associated with media files
File creation dates
Media content types (images, videos, documents)

Product Information:

Product titles, IDs, and handles
Product media associations
Product image URLs (for usage detection)
Collection titles, IDs, and media

Content Information:

Blog post titles, IDs, and media
Page titles, IDs, and media
Metaobject definitions and content
Theme settings and configuration files
Theme media references (logo, favicon, banners)
Shop branding assets

Customer Information (Read-Only for Scanning):

Customer profile images
Customer tags (which may reference media)
Customer metafields (which may contain media references)

Order Information (Read-Only for Scanning - Last 60 Days):

Order metadata that may reference media files
Order notes or custom fields containing media references
Draft order information that may include media

Other Store Data:

Location settings (for context in media usage)
Shopify Markets settings (for multi-market media detection)

Important: Minimal Data Collection & Scanning-Only Access

We access customer and order data solely for scanning purposes to detect media usage. Specifically:

What We DO:

Scan customer records during media analysis to find media file references
Check if files are used in customer profiles, metafields, or order details
Process this data temporarily in memory during scans only
Prevent false positives (marking in-use files as "unused")

What We DO NOT Do:

Store customer names, emails, addresses, or contact information in our database
Retain payment information, credit card details, or financial data
Save order purchase history or transaction details
Keep customer phone numbers or shipping addresses
Store any personally identifiable customer information (PII)
Use customer data for any purpose other than media usage detection

Data Retention: Customer and order data is accessed only during active scans and is never persisted to our database. We only store:

Media file metadata (IDs, URLs, sizes, alt text)
Scan results indicating which files are used/unused
Shop settings and preferences

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core App Functionality

Media Scanning: Analyze all media files in your Shopify store to determine usage status

Usage Detection: Cross-reference files against products, collections, blog posts, pages, and theme settings

Status Classification: Identify used and unused media files

File Management: Enable you to delete unused files and free up storage

Trash & Restore: Backup deleted files to Cloudflare R2 for 30-day restoration capability (Pro plan)

Alt Text Management: Allow editing of alt text for accessibility (Pro plan)

Reporting: Generate file statistics, storage analytics, and aging reports

3.2 Service Improvement

Monitor app performance and fix bugs

Develop new features based on usage patterns

Respond to your support requests

Analyze feature adoption and user engagement

Improve scanning accuracy and speed

3.3 Legal Compliance

Comply with applicable laws and regulations

Respond to legal requests and prevent fraud

Enforce our Terms of Service

Fulfill GDPR and data protection obligations

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information or store data to third parties for marketing purposes.

4.2 Service Providers

We may share data with trusted third-party service providers who assist us in operating the App:

Provider	Purpose	Data Shared
Fly.io	Application hosting and infrastructure	App data, encrypted at rest and in transit
Cloudflare R2	Cloud storage for deleted file backups	Deleted files with metadata (Pro plan only)
Shopify	Platform integration	Via Shopify API (governed by Shopify's privacy policy)
SQLite/Prisma	Database storage	Scan results, file metadata, shop settings

All service providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to:

Protect our rights, privacy, safety, or property

Protect the rights, privacy, safety, or property of you or others

Comply with a judicial proceeding, court order, or legal process

Prevent fraud or illegal activities

4.4 Business Transfers

If Media Cleanup is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App of any change in ownership or uses of your information.

5. Data Retention

5.1 Active Accounts

We retain your data for as long as your App remains installed and your account is active. This includes:

Shop settings and preferences

Scan results and file metadata (most recent scan only)

Deleted files in trash (30 days for Pro plan users)

Feedback and support history

Subscription and billing information

5.2 After Uninstallation

When you uninstall Media Cleanup:

We receive the app/uninstalled webhook from Shopify

Your session tokens are immediately invalidated

Your shop settings, scan data, and file metadata are marked for deletion

All data is permanently deleted within 48 hours of uninstallation

Deleted files in trash (if Pro plan) are purged immediately upon uninstallation

5.3 Trash Retention (Pro Plan)

Deleted files are stored in Cloudflare R2 for 30 days

Files are automatically purged after 30 days

You can manually restore or permanently delete files anytime within 30 days

Trash is immediately cleared upon app uninstallation or plan downgrade

5.4 Backup Data

Backup copies may be retained for up to 90 days after deletion for disaster recovery purposes, after which they are permanently destroyed.

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

Encryption in Transit: All data transmitted between your browser, our servers, and Shopify uses TLS 1.3+ encryption

Encryption at Rest: Database and R2 storage are encrypted using AES-256 encryption

Access Controls: Role-based access controls limit employee access to data

API Security: OAuth 2.0 authentication with Shopify; access tokens stored securely and encrypted

Session Management: Secure session handling with automatic expiration

6.2 Organizational Safeguards

Regular security assessments and code reviews

Employee training on data protection

Incident response procedures

Limited data access on a need-to-know basis

No access to production data without authorization

6.3 Infrastructure

Hosted on Fly.io with SOC 2 compliance

Cloudflare R2 with enterprise-grade security

Regular automated backups with encryption

DDoS protection and firewall rules

Monitoring and alerting systems

7. Your Rights and Choices

7.1 Access and Portability

You have the right to:

Access all data we hold about you through the App dashboard

View scan results, file lists, and usage statistics

Export file lists (available on Pro plan)

Request a complete copy of your data

7.2 Correction

You can update your shop settings and preferences at any time through the App interface.

7.3 Deletion

You can request deletion of your data by:

Uninstalling the App (triggers automatic deletion within 48 hours)

Contacting us at team@mediacleanupapp.in for immediate deletion

Using the in-app settings to clear specific data

7.4 Opt-Out of Communications

You can disable email notifications and feedback prompts in the App settings. Transactional emails related to your subscription may still be sent.

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

Right to Erasure: Request deletion of your personal data

Right to Restriction: Request restriction of processing

Right to Object: Object to processing based on legitimate interests

Right to Withdraw Consent: Withdraw consent at any time

Right to Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at team@mediacleanupapp.in.

7.6 CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

Right to Know: Request disclosure of data collected

Right to Delete: Request deletion of personal information

Right to Non-Discrimination: We will not discriminate against you for exercising your rights

We do not sell personal information as defined by CCPA.

8. Customer Data (Your Customers)

8.1 Limited Customer Data Access for Media Scanning

Media Cleanup accesses customer and order data exclusively to ensure accurate media usage detection. Here's our commitment to protecting your customers' privacy:

Why We Need This Access:

Our core functionality requires scanning your entire Shopify store to identify which media files are actively used. Missing even a single file reference could result in:

Incorrectly marking an in-use file as "unused"
A merchant accidentally deleting critical media
Broken customer experiences (missing images, broken profile pictures)
Complete loss of trust in our app
Potential loss of business for the merchant

Therefore, we must check if media is referenced in:

Customer profile images
Customer metafields (which may contain media URLs or file references)
Customer tags (which may reference media-related information)
Order details and metadata (where images may be attached)
Draft orders that include media files

What We Access (Read-Only):

Customer profile images → to check if media file is used as a customer avatar
Customer tags → to detect media-related custom tags
Customer metafields → to find media references in custom fields
Order data from the last 60 days → to detect media in order notes, metadata, or custom fields
Draft order information → to check for attached media files

What We DO NOT Access or Store:

Customer names, emails, or contact information
Customer phone numbers or addresses
Payment information or credit card details
Shipping or billing information
Order purchase history or transaction amounts
Customer account passwords or authentication details
Any personally identifiable information (PII) beyond what's needed for media detection

8.2 Scanning-Only Processing (No Persistent Storage)

Critical Privacy Protection:

Customer and order data is processed in-memory only during scans:

Zero customer PII is written to our database
We only store the scan result: "File X is used" or "File X is unused" (no customer identifiers attached)
Scan processing is ephemeral - customer data is discarded immediately after analysis
No customer data is retained between scans
No logs containing customer PII are kept

Example of Our Data Minimization:

When scanning, we might check: "Is image123.jpg used as a customer profile picture?"

We DO store: image123.jpg → status: "used" (in scan results)
We DO NOT store: Which customer, customer name, email, or any PII

The scan result only indicates whether a file is in use - it contains zero customer identifying information.

8.3 Data Controller vs. Processor Role

For all store data we access:

You (the Merchant) remain the Data Controller
Media Cleanup acts as a Data Processor
We process data only on your behalf and per your instructions (to scan for media usage)
We never use customer data for our own purposes, marketing, or analytics
We do not share customer data with any third parties

8.4 Complete Data Deletion on Uninstall

We honor merchant privacy and ensure complete data removal:

When you uninstall Media Cleanup:

We receive Shopify's app/uninstalled webhook immediately
All shop data is marked for deletion and permanently purged within 48 hours
All scan results and file metadata are deleted
Deleted files in trash (Pro plan) are immediately removed from Cloudflare R2
Session tokens and API access credentials are invalidated instantly
Zero customer data remains (because none was persistently stored in the first place)
Database records for your shop are completely erased

No Data Retention After Uninstall:

We do not keep "anonymized" data
We do not retain data "for analytics"
Complete and permanent deletion is guaranteed

8.5 Security Measures for Customer Data

During Active Scans:

All data transmitted via TLS 1.3+ encryption
API access tokens stored encrypted with AES-256
In-memory processing only (no disk writes for customer PII)
Secure session management with automatic expiration
No customer data in logs or error reports
Access controls limiting who can access production systems

Infrastructure Security:

Hosted on Fly.io with SOC 2 compliance
DDoS protection and firewall rules
Regular security audits and penetration testing
Monitoring and alerting for suspicious activity

8.6 Customer Data Requests (GDPR/CCPA Compliance)

If your customer requests access to or deletion of their data:

For Data Access Requests (GDPR Article 15):

Media Cleanup does not store any identifiable customer PII in our database
No customer data needs to be retrieved from our systems
We can confirm in writing: "No personal data stored for [customer] in Media Cleanup systems"

For Data Deletion Requests (GDPR Article 17 / CCPA):

No action required on Media Cleanup's end (no customer PII stored)
We can provide written confirmation that zero customer data exists in our systems
Customer data was only accessed transiently during scans (never persisted)

For Merchant Data Requests:

Contact us at team@mediacleanupapp.in for:
- Shop data export (scan results, settings)
- Immediate data deletion (faster than uninstall)
- Data processing inquiries

We fully comply with Shopify's mandatory GDPR webhooks:

customers/data_request webhook:

We respond within 48 hours
Confirmation message: "Media Cleanup does not store any identifiable customer PII. No personal data exists for the requested customer."
Can provide empty data report if required

customers/redact webhook:

We acknowledge the request
Confirmation: "No customer PII to delete from Media Cleanup systems (none was persistently stored)"
Redaction confirmation sent to Shopify

shop/redact webhook:

We immediately delete all shop data including:
- Shop settings and preferences
- All scan results and file metadata
- Trash bin contents (Pro plan)
- Session tokens and access credentials
Complete data purge within 48 hours of webhook receipt
Confirmation sent back to Shopify upon completion

8.8 Privacy by Design Principles

We built Media Cleanup with privacy as a core principle:

Data Minimization:

We only access data necessary for media scanning
We collect the absolute minimum required for functionality
No "nice to have" data collection

Purpose Limitation:

Customer data used only for media usage detection
No secondary uses (marketing, analytics, profiling)
No data sharing with third parties

Storage Limitation:

Customer data processed in-memory only (ephemeral)
Scan results stored without customer identifiers
Automatic data deletion on uninstall

Confidentiality & Integrity:

End-to-end encryption for all data transmission
Secure storage with encryption at rest
Access controls and audit logs
Employee training on data protection

Accountability:

This Privacy Policy clearly documents our practices
GDPR-compliant data processing agreements
Regular privacy impact assessments
Responsive to data subject requests

8.9 Your Responsibility as a Merchant

As a Shopify merchant using Media Cleanup:

You are responsible for:

Informing your customers about apps that access their data (via your own privacy policy)
Ensuring you have legal basis to use Media Cleanup for processing customer data
Complying with applicable privacy laws (GDPR, CCPA, etc.)
Reviewing Media Cleanup's permissions before installation

We recommend:

Adding Media Cleanup to your privacy policy's "Third-Party Service Providers" section
Mentioning that media scanning may involve customer data analysis
Providing customers with a way to contact you about data processing

We will:

Act only as your Data Processor (you remain the Data Controller)
Process customer data only as necessary for media scanning
Never use customer data for our own purposes
Delete all data immediately upon uninstall

9. Cookies and Tracking

9.1 Essential Cookies

Media Cleanup uses essential cookies required for the App to function:

Session cookies for authentication

CSRF protection tokens

User preference cookies (scan settings, UI preferences)

9.2 No Third-Party Tracking

We do NOT use:

Third-party analytics cookies (no Google Analytics, no tracking pixels)

Advertising or retargeting cookies

Social media tracking pixels

Cross-site tracking mechanisms

10. Children's Privacy

Media Cleanup is a business-to-business application designed for Shopify merchants. We do not knowingly collect personal information from children under 13 (or 16 in the EEA). If we learn that we have collected personal information from a child, we will delete it immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) for EU data transfers

Compliance with applicable data protection laws

Data processing agreements with all sub-processors

Encryption during transit and at rest

Primary Data Locations:

Application servers: Fly.io (global network)

Database: Co-located with application

File backups: Cloudflare R2 (global network)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new Privacy Policy in the App

Updating the "Last Updated" date at the top

Sending an in-app notification for significant changes

Emailing you for major changes affecting your rights

Your continued use of Media Cleanup after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: team@mediacleanupapp.in

Data Protection Inquiries:

For GDPR or data protection related requests, please email team@mediacleanupapp.in with the subject line "Data Protection Request."

Response Time: We aim to respond to all inquiries within 72 hours.

14. Shopify's Role

Media Cleanup is built on the Shopify platform. Shopify may independently collect and process data as described in Shopify's Privacy Policy. Our access to your Shopify data is governed by the permissions you grant during installation and Shopify's API Terms of Service.

By installing and using Media Cleanup, you acknowledge that you have read and understood this Privacy Policy.