Privacy Policy

VitalityNode Pet Connector
Last updated: December 4, 2025

1. Introduction

VitalityNode Pet Connector ("we", "our", or "the App") is a Shopify application that helps merchants connect Pet metaobjects with Customer profiles using metafields. We are committed to protecting your privacy and complying with all applicable data protection laws, including GDPR.

2. Data We Collect

Our app collects and processes minimal data necessary for its operation:

• Shop Information: Your Shopify store domain and shop ID
• Customer References: Customer IDs (numeric identifiers only)
• Pet Metaobject References: Global IDs (GIDs) of Pet metaobjects
• Metafield Data: The custom.pet_list metafield values

3. Data We DO NOT Collect

We explicitly DO NOT collect or store:

• Customer personal information (names, emails, phone numbers, addresses)
• Pet metaobject content (pet names, photos, health data, etc.)
• Payment information
• Order data
• Any sensitive personal information

Important: Our app only stores references (GIDs) to Pet metaobjects in Customer metafields. All actual pet data remains in your Shopify store and is controlled by you.

4. How We Use Your Data

We use the collected data solely for:

• Synchronization: Linking Pet metaobjects with Customer profiles via the custom.pet_list metafield
• Webhooks: Automatically updating metafield references when Pets are created, updated, or deleted
• Analytics: Displaying dashboard statistics about pet profile completion rates
• App Authentication: Maintaining secure session data in our database

5. Data Storage

In Our Database:

• Shop authentication sessions
• Synchronization status flags (initialSyncCompleted, initialSyncDate)

In Your Shopify Store:

• All Pet metaobject data (owned by the Pet Profiles app)
• The custom.pet_list metafield containing GID references

Data Encryption: All data transmitted between your store and our app is encrypted using HTTPS/TLS.

6. Data Sharing

We DO NOT sell, rent, or share your data with third parties. Your data is only used internally for the app's functionality.

7. Your Rights (GDPR Compliance)

We fully comply with GDPR and provide the following data rights:

• Right to Access: Request a copy of your data via the customers/data_request webhook
• Right to Erasure: Request deletion of your data via the customers/redact webhook
• Right to Rectification: Update your data through the Shopify Admin
• Right to Restriction: Uninstall the app to stop data processing

When a customer requests data deletion (GDPR "right to be forgotten"), we:

1. Clear the customer's custom.pet_list metafield (set to empty array)
2. Remove any session data from our database
3. Do NOT delete Pet metaobjects (they are owned by the Pet Profiles app and the merchant)

8. Data Retention

We retain data only as long as necessary:

• Session Data: Retained while the app is installed; automatically deleted when the app is uninstalled via shop/redact webhook
• Metafield References: Stored in your Shopify store; you control the retention period
• Logs: Application logs are retained for 30 days for debugging purposes

9. Data Security

We implement industry-standard security measures:

• HTTPS/TLS encryption for all data transmission
• OAuth 2.0 authentication for Shopify API access
• Secure database storage with access controls
• Regular security updates and monitoring

10. Children's Privacy

Our app does not knowingly collect data from individuals under 16 years of age. The app is designed for use by Shopify merchants only.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated via email to app administrators.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: info@vitalitynode.com
App Name: VitalityNode Pet Connector
Developer: VitalityNode

For Shopify App Review

Protected Customer Data Access:

• We request read_customers and write_customers scopes
• Purpose: To write GID references to the custom.pet_list metafield
• We DO NOT access protected customer fields (name, email, phone, address)
• We only use Customer ID to identify which metafield to update
• GDPR webhooks are fully implemented: customers/data_request, customers/redact, shop/redact

Note: This privacy policy is compliant with GDPR, CCPA, and Shopify's App Store requirements for Protected Customer Data access.