Privacy Policy

Last updated: 28 May 2026

This Privacy Policy explains how Checkout Migration Expert ("the App", "we", "us") handles information when you install and use the App on your Shopify store. We are operated by Vibhora, based in Kolkata, India. You can reach us at sales@vibhora.com.

1. Summary

Checkout Migration Expert is a read-only audit tool. It analyzes your store's checkout configuration (Scripts, themes, script tags, pixels) and reports issues that need to be migrated before Shopify's June 30, 2026 deadline. We do not collect, store, or process your customers' personal information.

2. Information we collect

When you install the App, Shopify provides us with the following information through its OAuth flow and Admin API:

• Shop information — your myshopify.com domain, shop owner email, store plan, currency, and the OAuth access token issued by Shopify.
• Checkout configuration — Shopify Scripts, theme files (checkout.liquid, theme.liquid, Additional Scripts), installed script tags, registered web pixels, and discount metadata. This is read-only metadata about your store's checkout, not customer purchase history.
• Audit results we generate — health scores, findings, severity counts, timestamps, and fix-progress markers you set inside the App.
• Subscription state — your active plan name, trial start/end dates, and subscription status. Payment is handled entirely by Shopify Billing; we do not see or store card details.
• Technical logs — IP address, user agent, and request timestamps, retained for security and debugging purposes.

We do not collect: your customers' names, email addresses, phone numbers, shipping addresses, order contents, payment details, or any other customer personal data. The App does not request any customer-data scopes from Shopify.

3. How we use this information

• To run audits against your store and present the results to you.
• To send you re-scan results and alert emails (Pro plan only, sent to your shop owner email).
• To enforce subscription access and respond to support requests.
• To monitor and improve App performance, fix bugs, and prevent abuse.

4. Legal basis

We process the information above to perform the contract between you and us (delivering the audit service) and on the basis of our legitimate interest in operating and securing the App. Where required, we rely on your consent, which you grant by installing the App and accepting Shopify's permission prompts.

5. Where data is stored

Data is stored in Neon Postgres in Singapore and processed on Vercel's global infrastructure. Both providers act as sub-processors and maintain their own security and privacy programs. We do not transfer your data to any other third party for marketing or analytics purposes.

6. Data sharing

We do not sell your data. We do not share it with third parties except as required to operate the service:

• Shopify — the source of truth for your store; all reads happen through Shopify's Admin API.
• Vercel — application hosting.
• Neon — managed Postgres database.
• Resend — transactional email delivery for Pro plan audit alerts.
• Legal authorities — only where required by valid legal process.

7. Data retention and deletion

• Active stores — audit history is retained for the life of your subscription so you can compare scores over time.
• On uninstall — your access token is revoked immediately and your store record is marked uninstalled. All associated data is permanently deleted within 30 days.
• On request — email us at sales@vibhora.com and we will delete your data within 30 days.
• GDPR mandatory webhooks — we honor Shopify's customers/data_request, customers/redact, and shop/redact webhooks. Because we do not store customer personal data, customer-scoped requests return an acknowledgement with no data to export or erase.

8. Your rights

Depending on where you are located (e.g., EEA, UK, California), you may have the right to access, correct, delete, port, or object to the processing of your information, and to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at sales@vibhora.com and we will respond within 30 days.

9. Cookies and tracking

The App uses Shopify App Bridge session tokens to authenticate requests inside the Shopify Admin. These are required for the App to function and do not track you across the web. We do not use marketing cookies, advertising pixels, or third-party analytics in the App itself.

10. Security

Access tokens are encrypted at rest in our database. All communication between your browser, our servers, and Shopify happens over HTTPS. Access to production systems is restricted to authorized personnel.

11. Children's privacy

The App is intended for use by Shopify merchants and is not directed at individuals under 16. We do not knowingly collect information from children.

12. Changes to this policy

We may update this policy from time to time. Material changes will be announced inside the App or by email to the shop owner. The "Last updated" date at the top of this page reflects the current version.

13. Contact

Questions, requests, or complaints?
Email: sales@vibhora.com
Operator: Vibhora, Kolkata, India