UploadDrop Privacy Policy

Who this policy applies to

This policy applies to:

• Merchants who install UploadDrop on a Shopify store.
• End customers of those merchants, whose image uploads and order-related data are processed through the app.
• Visitors to UploadDrop marketing or support pages operated at uploaddropapp.com.

What information we collect through Shopify’s APIs

When a merchant installs UploadDrop, we receive and store the following categories of data from Shopify:

• Shop and session data: shop domain (myshopify.com URL), shop ID, shop owner name and email associated with the OAuth session, installed scopes, and OAuth access tokens used to call the Shopify Admin API on the merchant’s behalf.
• Order data (via the orders/create webhook and Admin API): Shopify order ID, order name/number, and the line-item reference used to match an uploaded file to an order. UploadDrop does not store customer names, shipping or billing addresses, payment details, or contact information from the order payload.
• App lifecycle events: app install, uninstall, and scope update events via Shopify’s app/uninstalled and app/scopes_update webhooks.
• Shopify compliance webhook payloads: customers/data_request, customers/redact, and shop/redact. We retain an audit record of these requests and their outcome to demonstrate compliance.

What information we collect directly from merchants

• App configuration you create inside the embedded admin: upload profiles, per-profile settings (limits, retention window, allowed file types), storefront widget configuration, and merchant UI translation overrides.
• Information you provide when you contact support (for example, email address and the contents of your message).
• Automated technical logs generated by the app, such as error logs and request logs used to operate and debug the service.

What information we collect from merchants’ customers

When an end customer uses the UploadDrop storefront widget to submit an image, UploadDrop processes:

• The uploaded file(s) themselves, together with technical file metadata such as filename, MIME type, file size, and the storage key used in our object store. Uploaded files are stored in Cloudflare R2 object storage in the region selected by the merchant (see Sub-processors and international data transfers below).
• The Shopify order identifier (order ID and order name/number) used to associate the upload with the correct order.
• Transient technical data needed to process the upload request (for example, request timestamps).

UploadDrop does not set marketing or analytics cookies on storefront visitors, does not operate tracking pixels, and does not build advertising profiles about individual customers. Uploaded images may themselves contain personal data (for example, a photograph of a person) depending on what the customer chooses to upload; the merchant is responsible for determining the lawful basis for collecting such content.

How we use this information

UploadDrop uses personal data only to:

• Accept and store uploaded files on behalf of the merchant.
• Display uploads in the merchant-facing admin and the storefront widget.
• Associate uploaded files with the correct Shopify order and line item.
• Allow merchants to download, export, or delete uploaded files.
• Maintain app settings, translations, and storefront configuration.
• Provide customer support, troubleshoot issues, and improve reliability.
• Respond to Shopify privacy compliance webhooks and lawful requests.
• Meet our legal, regulatory, and contractual obligations.

Under the GDPR, the legal bases we rely on are: performance of a contract (operating the app for the merchant), compliance with a legal obligation (responding to privacy webhooks and lawful requests), and our legitimate interests in securing, operating, and improving the service.

Data retention

• Uploaded customer files: merchants configure a retention window between 30 and 90 days in app settings. Uploaded files are automatically deleted from our object storage and database when that window elapses after the upload.
• App configuration and settings: retained while the app is installed and deleted on uninstall / shop redact.
• OAuth session and shop records: deleted shortly after uninstall, and in any event on receipt of a valid Shopify shop/redact webhook (sent by Shopify approximately 48 hours after the shop uninstalls the app or closes its store).
• Compliance audit records: a minimal record of privacy requests is retained to demonstrate compliance and is removed as part of the corresponding redaction.
• Technical and error logs: retained for a short period (typically up to 30 days) for operational and security purposes.

Sub-processors and international data transfers

UploadDrop is established in Sweden (EU) and relies on the following sub-processors to operate the service:

• Fly.io – application hosting and compute.
• Supabase (Postgres) – managed database storage for app configuration, upload records, and audit records.
• Cloudflare R2 – object storage for uploaded customer files. UploadDrop lets the merchant choose the storage region for their uploaded files:
  • Default region (Eastern North America): available on all plans, including the free plan. Uploaded files are placed in a Cloudflare R2 bucket using the enam (Eastern North America) location hint. Location hints are a best-effort placement by Cloudflare and are not a guarantee that every object remains in that region at all times.
  • European Union: available on selected paid plans. When enabled, uploaded files are stored in a Cloudflare R2 bucket that uses Cloudflare’s eu Jurisdictional Restriction. This is a guarantee from Cloudflare that objects in that bucket are stored and processed within the European Union, which can be used to meet EU data residency requirements such as GDPR.
  The region setting applies to the uploaded files themselves. Associated metadata (filename, size, order ID, etc.) is stored in our application database separately.
• Shopify – the platform through which the app is installed, authenticated, and receives webhooks.

Depending on the merchant’s Cloudflare R2 region setting, uploaded customer files are stored either in Eastern North America (via a Cloudflare location hint, best-effort placement) or in the European Union (via Cloudflare’s eu Jurisdictional Restriction, which guarantees EU-only storage and processing for those objects). Application data held by our other sub-processors (Fly.io, Supabase, Shopify) may be stored or processed outside the European Economic Area (EEA), including in North America. Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses (SCCs), the EU–US Data Privacy Framework, or equivalent transfer mechanisms required by GDPR Chapter V.

How we share data

UploadDrop does not sell personal data and does not share personal data with third parties for advertising purposes. We share data only with:

• The merchant whose store the data originated from.
• The sub-processors listed above, strictly as needed to provide the service.
• Authorities or third parties where required by law or to protect our legal rights.

Your data rights

Depending on where you live, you may have rights under laws such as GDPR, the UK GDPR, the California Privacy Rights Act (CPRA), the Colorado Privacy Act, and Virginia’s Consumer Data Protection Act, including the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate personal data.
• Request erasure (“right to be forgotten”) of your personal data.
• Restrict or object to certain processing.
• Request portability of your personal data.
• Lodge a complaint with a supervisory authority.

End customers who uploaded images through a merchant’s storefront should contact that merchant first, since the merchant is the controller of that data. We will support the merchant in responding to such requests, including through Shopify’s mandatory privacy webhooks. Merchants and other individuals can also contact us directly using the details in the Contact section below.

Shopify mandatory privacy webhooks

UploadDrop implements the three mandatory Shopify compliance webhooks:

• customers/data_request – on receipt, we compile a summary of upload records linked to the requested orders and make it available to the merchant so they can fulfil the customer request.
• customers/redact – we delete uploaded files and upload records that are linked to the orders listed in the request, both from our database and from our object storage.
• shop/redact – when Shopify sends this webhook (approximately 48 hours after a shop uninstalls the app or closes its store), we delete all uploads, settings, sessions, translations, and audit records for that shop.

Security

UploadDrop serves all traffic over HTTPS and relies on managed infrastructure providers with strong, industry-standard security controls for compute, database, and object storage. Access to production data is restricted to authorized personnel who need it to operate, maintain, and support the service. No online service can be guaranteed to be 100% secure, but we work to protect personal data from unauthorized access, alteration, disclosure, and destruction.

Merchant responsibilities and acceptable content

UploadDrop is a tool that enables a merchant to collect images from their own customers. The merchant, as the data controller and the operator of their storefront, is solely responsible for what is uploaded through their store and for how that content is used. In particular, the merchant is responsible for:

• The content of the files that customers upload through their storefront, including ensuring that it does not contain unlawful, infringing, harmful, or otherwise prohibited material (for example, content that infringes intellectual-property rights, depicts minors inappropriately, or violates applicable law).
• Determining a lawful basis to collect customer-uploaded content through their storefront, obtaining any required consents, and informing their customers in their own storefront privacy notice and terms.
• Deciding which categories of personal data it is appropriate to solicit from customers via uploads, and communicating upload rules (for example, what kinds of images are allowed) to their customers.
• Configuring the UploadDrop retention window and storage region to match their legal and business requirements.
• Responding to data subject requests from their own customers as the data controller, including providing, correcting, or deleting customer-uploaded content on request.

UploadDrop does not review or moderate uploaded content and does not control what customers choose to upload. UploadDrop may, however, remove content or suspend access where we believe in good faith that it is necessary to comply with law, to protect the rights and safety of others, or to address a violation of our terms.

Children’s data

UploadDrop is not directed at children and is not intended for the collection of personal data from children. Merchants using the app to collect content from minors must have an appropriate legal basis (for example, verifiable parental consent where required) and should not use UploadDrop otherwise.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and post the updated version at this URL. Material changes will also be communicated to installed merchants where reasonably practical.

Contact

For privacy questions, data subject requests, or other concerns about how UploadDrop handles personal data, contact us at:

Email: support@uploaddropapp.com