Privacy Policy – Blogify
Last updated: 29 May 2026
1. Introduction
This Privacy Policy explains how Blogify (“we”, “our”, or “us”) collects, uses, stores, and deletes information when you install and use the Blogify app (the “App”) on your Shopify store.
We have designed the App with data minimisation as a core principle. We collect only what is strictly necessary to provide the service, and we delete it when you no longer need us.
2. Who We Are
Blogify is a Shopify embedded application. For the purposes of applicable data protection law — including the EU General Data Protection Regulation (GDPR), the UK GDPR, and equivalent legislation — we are the data controller in respect of any personal data we process.
If you have questions about this policy or your data, contact us at:
info@digitaldudes.nl Digital Dudes
3. What Data We Collect and Why
3.1 Installation Data
When you install Blogify from the Shopify App Store, we receive and store the following:
| Data | Purpose | Lawful Basis (GDPR) |
|---|---|---|
Your Shopify store domain (e.g. yourstore.myshopify.com) | To identify your installation and associate it with your API key | Performance of a contract (Art. 6(1)(b)) |
| Shopify OAuth access token | To authenticate API calls made on behalf of your store | Performance of a contract (Art. 6(1)(b)) |
| Generated API key | To secure the token-protected endpoint that creates blog articles in your store | Performance of a contract (Art. 6(1)(b)) |
3.2 What We Do NOT Collect
We do not collect:
- The name, email address, or any personal details of the store owner or staff
- Customer data from your store
- Blog post content or any content you create
- Payment information
- Any analytics, tracking, or behavioural data
- Cookies or device identifiers
4. How We Use Your Data
We use the data listed in Section 3 solely to:
- Create and manage a unique API key for your store installation
- Authenticate inbound requests to the blog-article creation endpoint
- Ensure the correct Shopify store receives content sent through the API
We do not use your data for marketing, profiling, advertising, or any purpose beyond operating the App.
5. Data Retention and Deletion
We retain your installation data only for as long as the App is installed on your store.
When you uninstall Blogify, all data associated with your installation — including your shop domain, access token, and API key — is permanently and automatically deleted from our systems. No backup copies are retained after deletion.
If you reinstall the App, a fresh set of credentials is generated.
6. Data Sharing and Sub-Processors
We do not sell, rent, or trade your data to any third party.
To operate the App, we use the following sub-processors:
| Sub-Processor | Role | Location | Safeguard |
|---|---|---|---|
| Shopify Inc. | App platform and API infrastructure | Canada / USA | Shopify Partner Program Agreement; adequacy decision (Canada); EU SCCs (USA) |
| Railway Corp | Application hosting and database | Amsterdam, Netherlands (EU) | EU–US Data Privacy Framework (DPF); SOC 2 / SOC 3 certified; GDPR-compliant |
We will update this list if we add or change sub-processors.
7. International Data Transfers
Your installation data is stored on servers located in Amsterdam, Netherlands, within the European Economic Area (EEA).
Our infrastructure provider, Railway Corp, is a company incorporated in the United States. Although your data physically resides in the EU, Railway Corp’s US-based personnel may have incidental access to systems as part of their operations. This is covered by Railway Corp’s certification under the EU–US Data Privacy Framework (DPF) and the Swiss–US DPF, which provide an adequate level of protection recognised by the European Commission.
Our App platform provider, Shopify Inc., is based in Canada (covered by an EU adequacy decision) and processes some data in the United States. Where applicable, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (2021 version) for those transfers.
We do not transfer your personal data to any other third countries.
8. Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, disclosure, alteration, or destruction. These include:
- All data in transit is protected using TLS 1.2 or higher
- Access to production systems is restricted to authorised personnel only
9. Your Rights
Depending on where your store is located, you may have the following rights regarding your personal data:
9.1 Rights Under GDPR (EU / EEA) and UK GDPR
- Right of access — Request a copy of the personal data we hold about you
- Right to rectification — Ask us to correct inaccurate data
- Right to erasure — Ask us to delete your data (note: uninstalling the App already achieves this automatically)
- Right to restriction — Ask us to restrict processing in certain circumstances
- Right to data portability — Receive your data in a machine-readable format
- Right to object — Object to processing based on legitimate interests
- Right to withdraw consent — Where processing is based on consent (not applicable here, but stated for completeness)
You also have the right to lodge a complaint with your national supervisory authority. In the EU, this is the data protection authority in your member state. In the UK, this is the Information Commissioner’s Office (ICO): https://ico.org.uk.
9.2 Rights Under CCPA / CPRA (California, USA)
If you are a California resident, you have the right to:
- Know what personal information we collect about you and how it is used
- Request deletion of your personal information
- Opt out of the sale or sharing of your personal information (we do not sell or share personal information)
- Non-discrimination for exercising your privacy rights
To exercise your rights under CCPA/CPRA, contact us at info@digitaldudes.nl. We will acknowledge your request within 10 business days and respond substantively within 45 calendar days.
9.3 Rights Under LGPD (Brazil)
If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD) that are substantially similar to those listed above. Contact us at info@digitaldudes.nl to exercise them.
10. Children
The App is not directed at individuals under the age of 16, and we do not knowingly process data relating to children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically. Continued use of the App after changes take effect constitutes acceptance of the revised policy.
12. Contact
For any questions, requests, or concerns about this Privacy Policy or our data practices:
Email: info@digitaldudes.nl Company: Digital Dudes
We aim to respond to all requests within 30 days.
This privacy policy was prepared in accordance with the EU General Data Protection Regulation (GDPR) 2016/679, the UK GDPR, the California Consumer Privacy Act (CCPA) as amended by the CPRA, the Brazilian Lei Geral de Proteção de Dados (LGPD), and the Shopify Partner Program requirements.