Legal // Policy-02

Privacy Policy

Effective date May 1, 2026

1. Overview

SaveLayer (“we”, “us”, or “our”) provides a Shopify application that enables merchants to store and manage customer interaction data such as saved items, wishlists, and related features.

This Privacy Policy explains how data is collected, used, and stored when using SaveLayer.

2. Role of SaveLayer

SaveLayer acts as a data processor.

  • The merchant is the data controller.
  • SaveLayer processes data only to provide the app’s functionality.
  • We do not use data for advertising, resale, or independent profiling.

3. What Data We Collect

We collect only the data necessary to operate the Service.

3.1 Customer interaction data

  • Saved items (products, variants, collections, etc.)
  • Wishlist or list membership
  • Interaction timestamps
  • Interaction context (e.g., PDP, collection page)

3.2 Shopify resource identifiers

  • Customer IDs
  • Product and variant IDs
  • Collection and metaobject IDs

3.3 Metaobject and metafield data

  • Save lists
  • Saved item records
  • Lightweight display snapshots

3.4 Operational data (limited)

  • Logs (errors, requests)
  • Performance and batching state

This data is minimal and not used to build independent profiles.

4. How Data Is Stored

4.1 Shopify as source of truth

SaveLayer is designed to store data directly in Shopify whenever possible, including:

  • Metaobjects (primary storage)
  • Metafields (lightweight indexes)

This ensures merchants retain control over their data.

4.2 External infrastructure

We use Cloudflare for:

  • Application hosting (Workers)
  • Limited operational storage (D1 database)

External storage is minimized and used only when necessary.

5. How We Use Data

We use data only to:

  • Enable save functionality
  • Retrieve and display saved data
  • Maintain list structures
  • Improve performance and reliability

We do not:

  • Sell data
  • Use data for advertising
  • Build independent customer profiles

6. Data retention

Shopify data

  • Retained until deleted by the merchant or app uninstall

Operational data

  • Retained only as long as necessary for system operation

7. Data deletion

On uninstall

  • Access to data is immediately revoked
  • External processing stops
  • Shopify data may remain under merchant control

GDPR requests

We support deletion and access requests via Shopify webhooks.

8. GDPR and data rights

Users may have rights to:

  • Access data
  • Correct data
  • Delete data
  • Restrict processing
  • Request data portability

Requests should be directed to the merchant.

9. Shopify GDPR webhooks

We comply with:

  • customers/data_request
  • customers/redact
  • shop/redact

We process requests within required timelines.

10. Data security

We use reasonable safeguards including:

  • Secure infrastructure (Cloudflare)
  • Access controls
  • Minimal data retention

No system is completely secure.

11. Third-party services and sub-processors

SaveLayer relies on the following third-party processors. Each is engaged only to operate the Service, under written data-protection terms where applicable.

Cloudflare — hosting and operational storage

  • Application hosting (Workers, Pages)
  • Limited operational database (D1) and key–value cache (KV)
  • Data shared: all operational data described in §3.4, encrypted in transit and at rest

HelpScout — in-app support (Beacon widget)

The SaveLayer admin embeds the HelpScout Beacon widget so merchants can request help without leaving the Shopify admin. The widget activates only when a HelpScout Beacon ID is configured for the deployment.

When the widget loads, the following identifying information is sent to HelpScout to route conversations to the correct merchant account:

  • Merchant contact name (Shopify admin user name, or the shop’s configured contact name)
  • Merchant contact email (Shopify admin user email, or the shop’s configured contact email)
  • Shop myshopify.com domain
  • Shop primary storefront domain
  • Shopify plan display name
  • Shop currency code

No customer data, saved-item records, or storefront buyer information is shared with HelpScout. HelpScout processes this data under its own privacy commitments; see https://www.helpscout.com/company/legal/privacy/.

These services are used strictly to operate SaveLayer.

12. International data transfers

Data may be processed outside your jurisdiction.

We implement appropriate safeguards where required.

13. Children’s data

SaveLayer is not intended for children.

We do not knowingly process data from individuals under 13.

14. Changes to this policy

We may update this policy periodically.

Continued use of the Service constitutes acceptance of updates.

15. Contact

For privacy inquiries:

  • Email: hello@savelayer.com
  • Company: SaveLayer LLC
  • Address: 1021 E Lincolnway, Suite 10082, Cheyenne, WY 82001