PDF Connect Privacy Policy
Last Updated: December 11, 2025
About PDF Connect ("the App")
The App provides a service for shop owners to upload and connect PDF files to specific products, pages, collections, articles, and other store resources, enabling visitors to view these PDFs within customizable PDF viewers ("the Service") to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.
Personal Information the App Collects
When you install the App, we access the following types of information from your Shopify account:
- Store Information: Shop name, domain, and store configuration
- Product Data: Products, collections, pages, articles, and blogs (for PDF linking purposes)
- Metafields: To store PDF linking configurations on your resources
Important: We do not collect customer personal data (names, emails, addresses, payment information) from your store's customers. The App only interacts with merchant store data, not end-customer data.
How We Use Your Information
We use the information we collect to:
- Provide and operate the PDF linking Service
- Store your PDF files and linking configurations
- Communicate with you about the Service (support, updates, important notices)
- Improve and optimize the App functionality
Legal Basis for Processing (GDPR): We process your data based on:
- Contract Performance: To provide the Service you requested when installing the App
- Legitimate Interest: To improve our App, provide customer support, and ensure security
Data Storage and Third-Party Services
Your data is stored securely using Google Firebase (Cloud Firestore and Cloud Storage):
- All data is encrypted at rest and in transit using industry-standard encryption
- Servers are located in the United States
- Google Firebase complies with SOC 1, SOC 2, and SOC 3 certifications
- For more information, see Google Cloud Privacy Policy
We do not use any other third-party services that process your personal data.
Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes.
Data may be shared only in the following circumstances:
- With Google Firebase: For secure data storage (as described above)
- If Required by Law: To comply with legal obligations, court orders, or protect our legal rights
- Business Transfer: In the event of a merger, acquisition, or sale of assets (you will be notified)
Behavioral Advertising
We do not use your personal information for targeted or behavioral advertising. There are no advertising trackers or third-party marketing tools in our App.
Data Retention
- While App is Installed: We retain your data while the App is installed on your store to provide the Service
- After App Uninstall: We retain your data for 30 days after uninstall to allow for reinstallation without data loss
- After 30 Days: Data is automatically deleted unless you request earlier deletion
- Immediate Deletion: You may request immediate deletion of your data at any time by contacting us
Your Rights
You have the right to:
- Access: Request a copy of the data we hold about your store
- Correction: Request updates to inaccurate or incomplete data
- Deletion: Request deletion of your data at any time
- Portability: Request your data in a portable, machine-readable format
- Restriction: Request that we limit processing of your data in certain circumstances
For European Residents (GDPR)
In addition to the rights above, you have the right to:
- Object to processing based on legitimate interests
- Lodge a complaint with your local data protection authority
- Withdraw consent at any time (where processing is based on consent)
For California Residents (CCPA)
You have the right to:
- Know what personal information we collect and how it's used
- Request deletion of your personal information
- Non-discrimination for exercising your privacy rights
We do not sell personal information as defined under the CCPA.
GDPR Compliance & Shopify Webhooks
We comply with Shopify's mandatory GDPR webhooks:
- Customer Data Request (
customers/data_request): We respond to requests for customer data within 30 days - Customer Erasure (
customers/redact): We delete customer data upon verified request - Shop Erasure (
shop/redact): We delete all shop data when a merchant requests complete data deletion
Security Measures
We implement industry-standard security measures to protect your data:
- HTTPS/TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Secure authentication via Shopify OAuth
- Regular security audits and monitoring
- Access controls limiting staff access to data
Children's Privacy
Our App is not directed at children under 13 years of age. We do not knowingly collect personal information from children.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes to our practices or for operational, legal, or regulatory reasons. We will:
- Update the "Last Updated" date at the top of this policy
- Notify you of significant changes via email or in-app notification
- Post the updated policy on this page
Contact Us
For questions about this privacy policy, to exercise your data rights, or to make a complaint:
- Email: hello@apptall.com
- Response Time: We aim to respond to all requests within 1-2 business days
This privacy policy is compliant with Shopify App Store requirements, GDPR, and CCPA regulations.