Privacy Policy

Kenton Commerce Studio – Shopify Maintenance & App Services
Effective Date: 01/01/2025

Kenton Commerce Studio (“Kenton Commerce Studio,” “we,” “our,” or “us”) provides Shopify maintenance, optimization, technical support, and application-related services (“Services”).

This Privacy Policy describes how we access, use, process, and protect information in connection with Shopify stores and Shopify applications in compliance with Shopify Partner Program requirements and applicable data protection laws.

1. Role and Relationship to Shopify Merchants

When providing Services, Kenton Commerce Studio acts as:

  • A Shopify Partner

  • A service provider / data processor on behalf of the merchant

  • Not as the owner or controller of merchant customer data

The Shopify merchant remains the data controller and retains full ownership and responsibility for all store and customer data.

We process personal data solely on behalf of and under the instructions of the merchant.

2. Information We Access Through Shopify

In order to provide Services, we may access data made available through:

  • Shopify Admin access

  • Shopify APIs (REST and/or GraphQL)

  • Webhooks

  • Authorized Shopify apps

This may include:

  • Store configuration and settings

  • Product, collection, and inventory data

  • Order and fulfillment data

  • Customer information (e.g., name, email, shipping details)

  • Theme files and custom code

  • Installed app metadata

We access only the minimum data necessary to perform requested Services.

3. Permitted Use of Data

Consistent with Shopify’s API License and Terms of Use:

We will:

  • Use merchant and customer data only to provide the requested Services

  • Not use data for advertising, profiling, resale, or unrelated analytics

  • Not sell, rent, disclose, or otherwise commercialize merchant data

  • Not combine Shopify data with external data for secondary purposes

Data is processed strictly for maintenance, troubleshooting, performance optimization, backups (if requested), or functionality improvements authorized by the merchant.

4. Data Minimization & Retention

We adhere to data minimization principles:

  • Access is limited to required scopes

  • Data collection is limited to what is necessary

  • Personal data is not retained longer than necessary

We do not permanently store Shopify customer personal data unless explicitly required for a merchant-requested function (e.g., backups or reporting).

Any temporary data storage is:

  • Secured using reasonable technical safeguards

  • Limited in duration

  • Deleted or anonymized when no longer required

5. Security Measures

We implement commercially reasonable administrative, physical, and technical safeguards, including:

  • Restricted access to authorized personnel only

  • Encrypted communications where applicable

  • Secure credential management

  • Principle-of-least-privilege API scope access

However, no transmission or storage system is guaranteed to be fully secure. We do not warrant absolute protection against unauthorized access.

6. Shopify App Compliance (If Applicable)

If Services include a Shopify app:

  • The app requests only necessary API scopes

  • Access tokens are securely stored

  • OAuth authentication is used per Shopify requirements

  • Webhooks are verified and validated

  • Data is processed only in accordance with merchant authorization

We comply with Shopify’s Partner Program Agreement and App Store requirements regarding data protection and privacy.

7. Third-Party Subprocessors

If third-party services are used (e.g., hosting providers, cloud storage, monitoring tools), such services may process limited merchant data strictly for operational purposes.

We use reputable providers that maintain appropriate security standards.

We are not responsible for the independent practices of Shopify or other third-party platforms.

8. Merchant Responsibilities

Merchants are solely responsible for:

  • Maintaining an accurate customer-facing privacy policy

  • Obtaining required customer consents

  • Compliance with GDPR, CCPA/CPRA, and other applicable laws

  • Proper configuration of Shopify privacy and consent settings

Kenton Commerce Studio does not provide legal advice and makes no representation regarding regulatory compliance of the merchant’s business.

9. Data Subject Requests

As a data processor, we do not independently respond to consumer data requests unless instructed by the merchant.

If we receive a data subject request directly, we will forward it to the merchant without responding substantively.

10. Limitation of Liability

To the maximum extent permitted by law:

  • We are not liable for indirect, incidental, or consequential damages arising from data access or processing

  • We are not responsible for actions taken by Shopify, third-party apps, hosting providers, or the merchant

  • Our aggregate liability relating to privacy or data handling shall not exceed the fees paid for the specific Services giving rise to the claim

Services are provided on an “as-is” and “as-available” basis.

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Continued use of our Services constitutes acceptance of the updated policy.

12. Contact Information

Kenton Commerce Studio
Email: info@kentonwd.com
Website: https://kentonwd.com

Menu
This website uses cookies to improve your experience. If you continue to use this site, you agree with it.
Ok