Elemenify by Tiwaa

Privacy Policy

Last updated: May 18, 2026

This Privacy Policy explains how Tiwaa ("we", "us", "our") collects, uses, and protects data when you install and use Elemenify (the "App"), a visual page builder, on your Shopify store. It also explains how data submitted by your store's visitors through forms you build with the App is handled.

1. Roles

For data about your store and account, we act as a data controller. For personal data that your storefront visitors submit through forms you create with the App (the "Form Data"), you (the merchant) are the controller and we are a processor acting on your instructions. You are responsible for having a lawful basis and your own privacy notice for any data you collect from visitors.

2. Data We Collect

Store & account data:

• Shop domain — to identify your store and namespace your workspace.
• Shopify session token — short-lived, to authenticate requests; not persisted beyond the session.
• Offline access token — stored encrypted at rest, used for background tasks (webhooks, publishing, app-proxy delivery of global sections).
• Your designs — the pages, headers, footers and sections you build (layout, content and settings), stored so you can edit and publish them.
• App settings — editor and form preferences you configure.
• Installation timestamp & plan — used for trial/billing logic.

Store catalog data (read to render your pages): to display dynamic widgets (e.g. blog articles, navigation menus, products/collections in previews), the App reads the relevant data from your store via the Shopify Admin API at publish and preview time. Only the content needed to render a page is baked into that page's published output; we do not build an independent copy of your catalog.

Form Data (submitted by your storefront visitors): if you add a Form widget, submissions are stored so you can review them in the App's Submissions area. This may include any fields you choose to collect — for example name, email, phone, message text, and uploaded files. If you enable it, a submission may also create a Shopify customer record, or be forwarded to a marketing/automation tool (Mailchimp, Klaviyo) or a webhook URL that you configure.

3. How We Use Data

• Authenticate and authorize your use of the App.
• Store, render and publish the pages and global sections you design.
• Deliver published global sections to your storefront via the Shopify App Proxy / app embed.
• Store and display form submissions to you, and (only if you enable it) create Shopify customers or forward submissions to the integrations you configure.
• Process billing through the Shopify Billing API.
• Respond to GDPR/CCPA data-subject and Shopify compliance webhooks.
• Send transactional emails (e.g. trial/billing notices) to the store-owner email on file in Shopify — never marketing without consent.

We do not sell, rent or trade any data. We do not use Form Data for our own purposes.

4. Data Sharing & Sub-processors

• Shopify — to operate an embedded app (authentication, billing, webhooks, Pages API, app proxy).
• Cloudflare — infrastructure provider; data is processed and stored on Cloudflare Workers, Pages and D1 (United States). Cloudflare is a GDPR-compliant processor.
• Integrations you enable — only if you configure them, form submissions are sent to Mailchimp, Klaviyo or a webhook endpoint you specify; those services' own privacy terms then apply.

5. Data Retention & Deletion

• Designs, settings and form submissions are retained while the App is installed. Items you move to Trash are permanently purged after 30 days.
• On app/uninstalled, shop settings, sessions and plan data are deleted within 48 hours.
• On shop/redact (typically 48 hours after uninstall), all remaining shop data — including stored designs and form submissions — is permanently deleted within 30 days.
• On customers/redact, we delete form submissions associated with the identified person within 30 days. On customers/data_request, we provide the store owner the Form Data we hold for that person so they can fulfil the request.
• You can also delete individual submissions at any time from the Submissions area.

6. Your Rights

You may request access to, correction of, or deletion of your shop's data at any time by emailing tiwaaofficial@gmail.com; we respond within 30 days. Storefront visitors should direct data requests to the merchant whose store collected the data; we will assist that merchant as their processor. EEA/UK users have additional GDPR rights, including portability and the right to lodge a complaint with a supervisory authority.

7. Security

All data is transmitted over TLS 1.2+. Offline access tokens are encrypted at rest and app-proxy requests are signature-verified. We apply security patches promptly and follow least-privilege access internally. No method of transmission or storage is 100% secure, but we use industry-standard measures to protect your data.

8. Children

The App is for businesses and is not directed to children. Do not use forms built with the App to knowingly collect personal data from children without appropriate consent.

9. Changes

We will update this page and revise the "Last updated" date for any material change. Continued use after a material change constitutes acceptance.

10. Contact

Questions? Email tiwaaofficial@gmail.com.