Privacy Policy (GDPR-Compliant)

Effective Date:04.04.2026

Quick Add Collection (“we”, “our”, “us”) is committed to protecting personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

This Privacy Policy describes how we collect, process, use, disclose, and safeguard information when merchants install or use our Shopify application (“App”).

1. Roles and Responsibilities

For the purposes of data protection laws:

• The merchant (store owner) is the Data Controller

• Quick Add Collection acts as a Data Processor

We process personal data strictly on behalf of the merchant and in accordance with their instructions, Shopify’s platform rules, and applicable law.

2. Categories of Data Processed

When you install and use the App, we may process the following categories of data obtained via Shopify APIs:

2.1 Store Information

• Store name

• Store email address

• Shopify domain

• Store settings relevant to app functionality

2.2 Product and Collection Data

• Product titles, descriptions

• Variants, SKUs, inventory levels

• Product pricing (managed entirely through Shopify)

• Collection assignments and structure

2.3 Technical and Usage Data

• Log data (timestamps, API requests)

• Error reports and diagnostics

• App configuration settings

2.4 Customer Data

We do not intentionally collect or store customer personal data.

If any customer data is incidentally processed (e.g., via Shopify APIs), it is:

• Limited to what is strictly necessary

• Processed transiently

• Not stored beyond operational necessity

3. Purpose of Processing

We process data exclusively to:

• Provide the App’s core functionality (quick product-to-collection management)

• Maintain synchronization with Shopify

• Ensure system stability, security, and performance

• Debug errors and improve reliability

We do not:

• Sell data

• Use ata for advertising

• Perform behavioral profiling

• Use data outside the scope of the App’s functionality

4. Legal Basis for Processing

Under GDPR, processing is based on:

• Article 6(1)(b) – Performance of a contract (delivery of app services)

• Article 6(1)(f) – Legitimate interests (security, fraud prevention, system integrity)

5. Shopify and Platform Dependency

The App operates exclusively within the Shopify ecosystem.

• All billing and subscription management are handled by Shopify

• We do not process or store payment information

• Data access is governed by Shopify API permissions granted by the merchant

Use of Shopify is subject to Shopify’s own privacy policies and terms.

6. Data Sharing and Disclosure

We do not sell or share personal data with third parties for commercial purposes.

We may disclose data only:

• To comply with legal obligations

• To enforce our rights or agreements

• To protect against fraud or security threats

• To trusted subprocessors strictly necessary to operate the App

7. Subprocessors

We may use third-party service providers (“subprocessors”) for:

• Cloud hosting and infrastructure

• Monitoring and logging

• Error tracking

All subprocessors:

• Are bound by data protection agreements

• Process data only under our instructions

• Implement appropriate security measures

A list of subprocessors is available upon request.

8. International Data Transfers

Where data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)

• Adequacy decisions by the European Commission

9. Data Retention

We retain data only for as long as necessary to:

• Provide the App’s functionality

• Comply with legal obligations

• Resolve disputes and enforce agreements

Upon uninstallation of the App:

• Store data is deleted within a reasonable timeframe

• Backup retention is minimized and securely handled

10. Security Measures

We implement industry-standard technical and organizational measures, including:

• Secure API communication (HTTPS)

• Access controls and authentication

• Data minimization principles

• Monitoring and logging for anomaly detection

However, no system is completely secure, and we cannot guarantee absolute security.

11. Data Subject Rights

Under GDPR, data subjects may have the right to:

• Access personal data

• Rectify inaccurate data

• Request erasure (“right to be forgotten”)

• Restrict processing

• Data portability

• Object to processing

Requests should be directed to the merchant (Data Controller).
We assist merchants in fulfilling these requests where required.

For inquiries, contact: info@studiopixel.ch

12. Breach Notification

In the event of a personal data breach, we will:

• Notify affected merchants without undue delay

• Provide sufficient information to meet legal obligations

• Take immediate steps to mitigate risks

13. Children’s Data

The App is not intended for use by individuals under the age of 16, and we do not knowingly process children’s personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Changes will be posted with an updated “Effective Date”. Continued use of the App constitutes acceptance of the updated policy.

15. Contact Information

For any questions regarding this Privacy Policy or data protection matters:

Email: info@studiopixel.ch