Effective date: 23 April 2026

This Privacy Policy explains how Mgroup ("we", "our", "us") handles personal data in connection with any Shopify application we develop and publish (each, an "App"). It applies to every App distributed under the Mgroup developer account on the Shopify App Store, as well as to privately installed and custom-built Apps we deliver to merchants, unless a specific App provides its own privacy notice that expressly overrides this Policy.

This Policy supplements and does not replace the Shopify Merchant Privacy Policy, which continues to govern data collected by Shopify itself.

Scope

This Policy applies when you, as a Shopify merchant, install or use an Mgroup App, and when shoppers interact with an Mgroup-powered feature on a store running one of our Apps. It does not cover data processed by merchants outside of our Apps or by third parties.

What We Collect from Merchants

When you install an Mgroup App, Shopify grants us access to specific categories of store data based on the permissions you approve during installation. The exact scopes differ from App to App and are listed on the App's install screen and on its Shopify App Store listing. Depending on the App, the data we may access includes:

  • Shop information — shop name, domain, currency, locale, plan, contact email of the store owner.
  • Theme and storefront APIs — to modify appearance, inject assets, or render App UI on the storefront.
  • Products, variants, and collections — titles, prices, inventory, images, metafields, where the App reads or updates product data.
  • Orders and checkout — limited to what the App needs to function; read-only unless the App listing explicitly states otherwise.
  • Customers, tags, and segments — where the App personalizes behavior per customer (for example, segment-based pricing or B2B gating).
  • Analytics and events — aggregated usage signals the App itself produces, never raw shopper identifiers beyond what the App requires.

We follow the principle of data minimization: we do not request access to scopes the App does not need.

What We Collect from Shoppers

Most Mgroup Apps operate on the merchant side and do not directly collect personal data from shoppers. Where an App does process shopper-facing data — for example, applying personalized behavior based on a customer tag or storing a per-customer preference — such processing is limited to what is necessary for the App to function and is disclosed on the App's install screen and Shopify App Store listing.

How We Use the Data

  • to provide, operate, and maintain the App you installed;
  • to authenticate API requests between your store and our infrastructure;
  • to provide merchant support, diagnose issues, and respond to your questions;
  • to improve our Apps using aggregated, non-identifying usage metrics;
  • to comply with Shopify's Partner Program Agreement and applicable law.

We do not sell merchant or shopper data. We do not use personal data for advertising or profiling outside of the App's stated purpose.

Third-Party Sub-Processors

  • Shopify — primary platform; hosts the store data we access via official APIs.
  • DigitalOcean — cloud infrastructure hosting App backends and databases.
  • Cloudflare — CDN, DDoS protection, and application security.
  • Error-monitoring and log-management providers — for stability and incident response, where used.

The exact sub-processors in use by a given App are available on request.

Data Retention and Deletion

  • Store data we access via Shopify APIs is generally not stored long-term — we fetch it on demand and cache only what is necessary for the App to function efficiently.
  • When you uninstall an App, we honor Shopify's mandatory compliance webhooks (app/uninstalled, shop/redact, customers/redact) and delete related merchant data within the timeframes required by Shopify (typically 48 hours), except where retention is required by law.
  • Aggregated, non-identifying analytics may be retained indefinitely for product improvement.

Your Rights

European, UK, and Ukrainian data-protection laws grant users rights including access, rectification, erasure, restriction, portability, and objection. Merchants and shoppers can exercise these rights by contacting us at support@mgroupweb.com. Where a request concerns a specific Shopify store, we may ask the merchant to confirm the request in line with Shopify's merchant-of-record model.

International Transfers

Our infrastructure and some sub-processors are located outside Ukraine and the European Economic Area, including in the United States. Where data is transferred internationally, we rely on Standard Contractual Clauses or other lawful mechanisms offered by the sub-processor.

Security

We use HTTPS for all App traffic, restrict access to merchant data to a minimum set of engineers, log administrative access, keep dependencies up to date, and back up operational data on a regular schedule.

Changes

We may update this Policy as our Apps and the Shopify platform evolve. When we do, we update the "Effective date" at the top. Material changes are announced within the App's admin section or on its Shopify App Store listing.

Governing Law

This Policy is governed by the laws of Ukraine, without prejudice to any mandatory data-protection rights you may have under the law of your country of residence or the law of the country where you operate your Shopify store.

Contact

For privacy questions related to any Mgroup Shopify application, please email support@mgroupweb.com. For the website that hosts this policy, see our main Privacy Policy.