happypow/
NOW IN BETAHIRE US
● BUILDING IN PUBLIC  /  LAUNCHING 2026  /  EARLY ACCESS OPEN  /  FIRST 50 MERCHANTS: FOUNDER PRICING  /  FOLLOW THE ROADMAP  /  SAY HI ↗  /  CURRENT PAGE → APPS   /  

HappySnap Privacy Policy

_HappySnap is a Shopify app by HappyPow. It is a data processor acting on the merchant's behalf; the merchant (store owner) is the data controller._

What data is processed

  • Store catalog & settings (not personal): products, collections, pages, blogs, files, themes, metafields, metaobjects, discounts, translations, navigation, markets, inventory, locations.
  • Personal data (Pro plans and up only): customer records, orders, draft orders, including names, emails, phone numbers, addresses, order contents and marketing-consent state, exactly as held in Shopify.

Purpose: to back up, restore, and copy the merchant's own data for recovery and store setup. Data is copied verbatim. It is not profiled, analysed, enriched, sold, rented, or shared with any third party.

Lawful basis & scope

The merchant grants access via Shopify OAuth; the app requests only the scopes needed for backup, restore and transfer. Customer and order access uses Shopify Protected Customer Data and is gated, so Free and Starter plans cannot store personal data at all.

Where data is stored

  • Managed storage (the app's cloud), or the merchant's own cloud bucket (BYO storage).
  • Encrypted at rest (AES, server-side key that never reaches the browser); transmitted over TLS.

Tenant isolation

Every record is scoped to the store and verified per request against the authenticated shop. One store can never read another store's data.

Retention

Backup history is bounded by plan: 30 days (Free), 90 days (Starter), 365 days (Pro), 2 years (Business), extended (Enterprise). Older versions are pruned automatically; change-tracking events prune on a 7 to 365-day window by plan.

Deletion & data-subject rights (GDPR / CCPA)

  • Customer redaction (customers/redact): the customer's backed-up data is deleted from storage and index, erased, not merely acknowledged.
  • Shop redaction / uninstall (shop/redact): all of the store's backups and storage are purged.
  • Data access request (customers/data_request): fulfilled via the in-app customer-data export.

Deletions are idempotent and complete.

Security

Webhooks are HMAC-verified; internal callbacks require a shared secret that fails closed if unset. Secrets live only in server-side config, never in the client bundle. No third-party trackers handle personal data for core function.

Sub-processors

  • Shopify (platform / Admin API)
  • Cloud storage provider (managed storage)
  • Sentry (error monitoring; no customer PII in payloads)

Contact

Privacy questions: hi@happypow.com. We respond within one business day.

EXPLORE MORE