Privacy Policy
Last updated: May 9, 2026
Introduction
This Privacy Policy explains how Approvefy ("we", "us", "our") collects, uses, stores, and shares information when a merchant installs Approvefy on a Shopify store, uses our admin experience, or when their customers interact with registration forms and related features on the storefront.
By installing or using Approvefy, the merchant (store owner) agrees to this policy on behalf of their organization, where applicable. If you do not agree, do not use the app.
Who We Are
Approvefy is a Shopify application that helps merchants manage B2B and wholesale-style customer registration, approval workflows, custom registration forms, storefront behaviour (such as messaging or redirects related to approval status), and email (including optional merchant-configured SMTP). The app is operated by the publisher identified in the Shopify App Store listing.
Information We Process
When you install Approvefy, Shopify provides information required to operate the app, including:
- Store identifiers (for example shop domain / shop ID as used by Shopify APIs)
- OAuth / session-related data needed to authenticate API requests on your behalf
- Admin user identifiers and profile fields that Shopify provides during authentication (for example name, email), as applicable to your Shopify plan and login method
We use this data to deliver the service, secure access, sync customer and registration data where applicable, and store your app configuration.
To provide registration and approval features, we process information submitted through your configured forms and related flows. This may include, depending on your configuration:
- Contact and profile fields such as name, email, phone, and company
- Custom field values you define in the form builder (stored as structured data)
- Registration status (for example pending, approved, rejected) and related timestamps
- Shopify Customer identifiers when a customer record is created or linked
- Internal notes you add in the merchant admin
- Password or account data only where your form and product features require it, processed and stored in line with technical design (for example hashing where applicable)
The exact categories collected depend on your form configuration and Shopify's platform behaviour.
We store settings and content your team saves in the app, including:
- Form definitions and field configuration
- Language options, translations, and storefront-facing copy you edit
- Theme / appearance-related settings and optional custom CSS
- Customer approval settings (for example approval mode, tags, redirects, messages)
- Email template content (subjects and bodies) that you configure in the app
- Operational fields such as billing country or plan tier used to enable or limit features
If you configure your own SMTP provider, you may provide host, port, encryption preference, username, password or app password, "from" email, and sender name. We store these credentials so the app can send email according to your settings. You may update or remove them at any time through the app.
We may process logs and diagnostic information needed to operate, secure, and improve the service—such as error reports, performance metrics, request metadata, and security events. This may include IP addresses and timestamps as commonly found in server logs.
How We Use Information
We use the information above to:
- Provide, maintain, and improve Approvefy features
- Authenticate users and authorize API and admin actions
- Display and manage registrations and customers in the merchant admin
- Apply your approval rules, tags, and storefront behaviour
- Send email when you enable outbound email features (using Shopify, our infrastructure, or your SMTP as configured)
- Detect abuse, fraud, and technical failures
- Comply with legal obligations and enforce our terms
We do notsell your personal information or your customers' personal information.
Legal Bases (Where Applicable)
If you are in a region that requires a "legal basis" (for example the EEA or UK), we rely on:
- Performance of a contract — to deliver the app you use under Shopify's and our terms
- Legitimate interests — to secure the service, debug, and improve reliability (where not overridden by your rights)
- Consent — where we ask for it for a specific purpose (for example certain optional communications not essential to core app operation)
- Legal obligation — where the law requires retention or disclosure
Merchants are responsible for choosing an appropriate lawful basis for their collection of end-customer data under applicable law.
Sharing of Information
We may share information with:
- Shopify — as required to integrate with your store via Shopify APIs and the App Store
- Service providers — hosting, database, email delivery, monitoring, backups, and security vendors, solely to process data on our instructions
- Professional advisers — lawyers or accountants where bound by confidentiality, when needed
- Authorities — when required by law, regulation, legal process, or to protect rights, safety, or security
We may disclose information in connection with a business transaction (for example merger or acquisition) subject to appropriate safeguards.
We do not allow our subprocessors to use your data for their own marketing.
International Transfers
If we or our providers process data in countries other than your own, we use appropriate safeguards where required by law (for example standard contractual clauses or other approved mechanisms).
Retention
We retain information for as long as needed to:
- Provide the service while the app is installed and for a reasonable period afterward to handle support, billing disputes, and legal requirements
- Comply with law (for example tax or accounting rules)
Merchant-held records (registrations, settings) generally remain until you delete them where the app provides deletion, you uninstall the app (subject to backup and legal retention), or we delete them according to documented retention. Backup systems may retain copies for a limited period.
Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, and protection of secrets. No method of transmission or storage is 100% secure; you should protect access to your Shopify admin and use strong passwords for SMTP and other credentials.
Your Responsibilities as a Merchant
You are responsible for:
- Your own privacy notice to customers and lawful grounds for collecting their data
- Complying with Shopify's Acceptable Use Policy, Partner Program Agreement (if applicable), and applicable privacy and consumer laws
- Configuring forms to collect only data you need
- Handling data subject requests from your customers where you act as controller
End-Customer Rights
Individuals may have rights to access, correct, delete, or restrict processing of their data. Requests regarding order or customer data that Shopify holds may need to be routed through you or Shopify depending on the situation. If we receive a request directly, we may coordinate with the merchant or refer the requester to the merchant.
Children
Approvefy is not intended to collect information from children under the age where parental consent is required. Do not use the app in a way that unlawfully collects children's data.
Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date. Continued use of the app after changes may constitute acceptance where permitted by law. If changes are material, we will provide notice as appropriate (for example via the app, email, or Shopify Partner communication).
Contact
For questions about this Privacy Policy or Approvefy's data practices:
Website
approvefy.xloxi.com/contactThis document is provided to help you publish a privacy policy for Approvefy. It is not legal advice. Have a qualified attorney review it for your jurisdiction (including GDPR, UK GDPR, CCPA/CPRA, and other local laws) before publication.