Gift Message Bridge Lite Privacy Policy

Last updated: May 3, 2026

Gift Message Bridge Lite helps merchants collect, review, and print gift messages for orders. This policy explains what data the app processes, how it is used, and how merchants can contact us about privacy requests.

Data read from Shopify

The app uses Shopify APIs and Shopify app surfaces only as needed to provide gift message and printing workflows. Depending on merchant setup, the app may read shop domain, app installation/session data, order context needed to locate gift messages, product or variant references, cart references, and order identifiers sent by Shopify surfaces or extensions. The app does not sell this data.

Data provided by merchants

Merchants may provide print template settings, custom template HTML or CSS, support messages, customization requests, suggestions, and optional reply email addresses. These records are used to operate the app, provide support, and improve the gift message workflow.

Data provided by shoppers

Shoppers may enter gift message text, sender names, recipient names, and related line-item or cart references through storefront or checkout surfaces enabled by the merchant. Merchants control whether these surfaces are enabled and are responsible for informing shoppers about their use.

How data is used

• To save gift messages and make them available to the merchant.
• To generate printable gift-message pages and track printed status.
• To store merchant print template preferences.
• To authenticate the embedded app inside Shopify admin.
• To respond to support, privacy, and customization requests.

Retention and deletion

Gift messages, print template settings, contact requests, and session records are retained while the merchant uses the app, unless deleted earlier by request. Public print links use short-lived tokens and should not be shared outside the merchant's operations team. When Shopify sends a shop redaction webhook after uninstall, the app deletes stored data for that shop from its database unless retention is legally required.

Service providers

The app may use hosting, database, email delivery, logging, and Shopify platform services to operate. These providers process data only for app operation, support, security, and maintenance.

Security

The app is designed to run over HTTPS, validate Shopify webhook HMAC signatures, store data in PostgreSQL, and use environment variables for secrets. Access to production systems should be limited to authorized operators.

Privacy webhooks and rights

The app implements Shopify mandatory privacy webhooks for customers/data_request, customers/redact, and shop/redact. Merchants and affected individuals may request access, deletion, or help with privacy questions by contacting support. We will respond to valid privacy requests within the time required by applicable law and Shopify policy.

Contact

For privacy questions, support, or data requests, contact support@example.com. Replace this address with the production support address configured in CONTACT_EMAIL before submitting the app for review.