Legal

Privacy Policy

Last updated: April 22, 2026

Summer Apps ("Summer Apps", "we", "us", "our") builds Shopify apps and operates the website at summer-apps.com. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have over it.

This policy applies to our marketing website, our Shopify apps (including Summer Upsell and related widgets), our blog, our contact and newsletter forms, and any communication you have with our support team.

1. Who is the data controller

Summer Apps is the data controller for personal information collected through our website and Shopify apps. You can reach us at hi@summer-apps.com or at our office address: 6401 JF Kennedy Blvd E, West New York, NJ.

2. Information we collect

2.1 Information you provide directly

  • Contact form: name, work email, optional phone number, optional store URL, selected topic and your message.
  • Newsletter / marketing opt-in: email address (and any other field you provide).
  • Live chat (Crisp): name, email and chat transcript when you open a conversation.

2.2 Information collected automatically

  • Analytics: page views, clicks, referrer, device, browser, language, approximate location and a hashed Google Analytics 4 client identifier — only when you accept the Analytics cookie category.
  • Marketing pixels: Klaviyo and Meta Pixel may set identifiers — only when you accept the Marketing cookie category.
  • Anti-abuse: Cloudflare Turnstile receives a cryptographic token and your IP address to verify that form submissions are not from bots. Turnstile does not use tracking cookies.
  • Server logs: IP address, user-agent and timestamp of API requests, kept for a short period for security and abuse prevention.

2.3 Information collected through our Shopify apps

When a Shopify merchant installs one of our apps, Shopify shares limited shop data with us under the scopes you approve at install time (e.g. shop domain, basic shop profile, products, orders relevant to the widget). We use this data only to provide the app's functionality. The full data-handling details for our Shopify apps are described in the app's listing and the in-app data policy.

3. How we use your information

  • To respond to your contact form submission and provide customer support.
  • To send you transactional email (e.g. account, billing, support replies) — these are necessary for our service and you cannot opt out without ceasing to use the service.
  • To send you marketing email if you have opted in (you can unsubscribe at any time).
  • To measure and improve our website, content and apps (analytics).
  • To detect, prevent and respond to abuse, fraud and security incidents.
  • To meet our legal, tax and accounting obligations.

4. Legal bases (EU/UK GDPR)

If GDPR applies to you, we rely on the following legal bases:

  • Contract: to provide the apps and services you request.
  • Consent: for non-essential analytics and marketing cookies, marketing email and other optional data uses.
  • Legitimate interests: to operate, secure and improve our service, and to prevent fraud and abuse, balanced against your rights.
  • Legal obligation: to comply with applicable laws.

5. Service providers we share data with

We use trusted third parties to operate our service. They may process your data on our behalf:

  • Brevo — transactional email delivery (contact form replies).
  • Klaviyo — marketing email and on-site personalization.
  • Google Analytics 4 — privacy-first analytics with Google Consent Mode v2.
  • Cloudflare Turnstile — bot protection on forms.
  • Crisp — live chat support.
  • Shopify — app billing, install and merchant data exchange.
  • MongoDB Atlas — database hosting (encrypted at rest, US region).

We do not sell your personal information for money. Some marketing pixels may be considered "sharing" under California CCPA/CPRA — see Section 8 for opt-out instructions.

6. International transfers

We are based in the United States. If you are located in the EEA, UK, Switzerland or another jurisdiction outside the US, your data will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or equivalent safeguards offered by our service providers.

7. Data retention

  • Contact form submissions: up to 24 months from the last interaction.
  • Marketing list (Klaviyo): until you unsubscribe.
  • Analytics data: GA4 default retention (14 months).
  • Server logs: up to 90 days.
  • Shopify app data: for the duration of the app installation, plus a short purge window after uninstall as required by Shopify Partner policies.

8. Your rights

8.1 GDPR / UK GDPR / LGPD rights

You have the right to access, correct, delete, restrict or object to our processing of your personal information, and the right to data portability. You may also withdraw your consent at any time without affecting the lawfulness of prior processing.

8.2 California (CCPA/CPRA) rights

California residents have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to limit the use of sensitive personal information, and the right to opt out of the sale or sharing of personal information.

To exercise the right to opt out of sharing, disable the Marketing & sharingcategory in our cookie banner (use the Cookie Preferences link in the footer at any time) or email us at hi@summer-apps.com.

8.3 How to exercise your rights

Email hi@summer-apps.com with the request type and the email address you used. We will verify your identity and respond within the period required by applicable law (typically 30 days).

9. Cookies

We use a consent banner (Google Consent Mode v2 + vanilla-cookieconsent) to manage cookies across three categories: Strictly necessary, Analytics and Marketing & sharing. Non-essential scripts (Google Analytics, Klaviyo, Meta Pixel) only load after you accept the relevant category.

You can change your choices any time using the Cookie Preferences link in the footer.

10. Security

We use industry-standard technical and organizational measures including HTTPS/TLS encryption, encrypted database storage, scoped API tokens, and access controls. No system is 100% secure; we will notify affected users and authorities of a breach as required by law.

11. Children

Our services are intended for businesses and adults. We do not knowingly collect personal information from children under 16. If you believe a child has provided us data, please email hi@summer-apps.com so we can delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page shows the most recent revision. Material changes will be highlighted on our website or by email where appropriate.

13. Contact us

For privacy questions, data subject requests or any other concerns:

  • Email: hi@summer-apps.com
  • Phone: +1 (862) 227-6702
  • Address: 6401 JF Kennedy Blvd E, West New York, NJ, USA