Elemenify by TiwaaData Processing
Last updated: May 18, 2026
This page describes how Tiwaa processes data on behalf of merchants who use Elemenify, a visual page builder, in accordance with the GDPR and CCPA. It supplements our Privacy Policy.
1. Roles
- You (the merchant) are the data controller for personal data your storefront visitors submit through forms you build, and for your store's customer data generally.
- Tiwaa is a data processor when we store those form submissions and when we access your store data via the Shopify API — acting only on your instructions.
- Tiwaa is a controller only for data we hold directly to run the service (shop identity, authentication, settings, billing records).
2. Data We Process
The table below lists every category of data we hold or process:
| Category | Data | Purpose | Retention |
|---|---|---|---|
| Shop identity | Shop domain (e.g. mystore.myshopify.com) | Identify and namespace per-merchant data | Until uninstall + 30 days |
| Authentication | Shopify offline access token (encrypted at rest); short-lived session tokens | Webhooks, publishing, Admin API calls, App Proxy delivery | Until uninstall + 48 hours |
| Your designs | Pages, headers, footers and sections you build (layout, content, settings) | Store, edit, preview and publish your pages | Until deleted; Trash purged after 30 days; all on uninstall + 30 days |
| Catalog data (transient) | Products, collections, navigation menus, blog articles read via Admin API | Render dynamic widgets; only what a page needs is baked into its published output | Read at publish/preview; not stored as a separate copy |
| Form submissions | Fields your visitors submit via Form widgets — may include name, email, phone, message, uploaded files | Show submissions to you; optional Shopify-customer creation / integrations you enable | Until deleted by you; Trash purged after 30 days; all on uninstall + 30 days |
| App settings & billing | Editor/form preferences, active plan, installation timestamp | App configuration, trial tracking and plan gating | Until uninstall + 30 days |
Personal data from your store's visitors is processed only where you add a Form widget and a visitor submits it, or where a dynamic widget renders content you chose to publish. We never use this data for our own purposes and never sell it.
3. Sub-processors
We engage the following sub-processors, each bound by data-processing terms consistent with GDPR:
| Sub-processor | Purpose | Location | Privacy policy |
|---|---|---|---|
| Shopify Inc. | Merchant authentication, billing, webhooks, Pages API & App Proxy delivery | Canada / USA | View policy |
| Cloudflare, Inc. | App hosting (Workers, Pages), database (D1) & object/file storage | USA (global edge) | View policy |
Merchant-directed transfers: if you enable an integration (Mailchimp, Klaviyo, a webhook URL, or Shopify customer creation), form submissions are additionally sent to that destination at your instruction. Those recipients are not our sub-processors — they act under your own agreements with them.
We will notify you of any new Tiwaa sub-processor by updating this page and revising the "Last updated" date at least 10 days before it begins processing.
4. International Transfers
Data may be processed in the United States (Cloudflare, Shopify) and Canada (Shopify). Cloudflare participates in the EU–US Data Privacy Framework; Shopify's international transfers are covered by Standard Contractual Clauses.
5. GDPR / Shopify Compliance Webhooks
customers/data_request— within 30 days we provide the store owner any form-submission data we hold for the identified person, so the merchant can fulfil the request.customers/redact— within 30 days we delete form submissions associated with the identified person.app/uninstalled— shop settings, sessions and plan data are deleted within 48 hours.shop/redact— all remaining shop data, including stored designs and form submissions, is permanently deleted within 30 days.
6. Security Measures
- All data in transit encrypted with TLS 1.2+.
- Shopify access tokens encrypted at rest in Cloudflare D1.
- Storefront App Proxy requests are HMAC signature-verified; form endpoints include honeypot spam filtering.
- Least-privilege internal access; admin API scopes limited to what the App needs.
- Dependency audits run on deployment; high/critical issues block release.
7. Your Responsibilities
As the controller for visitor data, you must display an appropriate privacy notice, obtain any required consent, and have a lawful basis before collecting personal data through forms you build. We provide tooling (honeypot, optional GDPR consent field, deletion controls) to help you comply.
8. Contact
Data-processing enquiries: tiwaaofficial@gmail.com