Last Updated: January 2025
Version: 1.0
Effective Date: [Date you publish this policy]
Last Reviewed: January 2025
📘 Introduction
Foreword (“we,” “our,” or “us”) is a Shopify app that provides form-building and submission management services to merchants.
This Privacy Policy explains how we collect, use, store, and protect information when you use our app.
By installing and using Foreword, you agree to the collection and use of information in accordance with this policy.
📂 Information We Collect
1️⃣ Merchant Information
We collect:
- Shop Information: Domain, name, owner, and settings
- Contact Information: Email and associated contact details
- Authentication Data: OAuth tokens for Shopify access
- Billing Information: Subscription plan and payment status (processed by Shopify)
2️⃣ Customer Data Collected Through Forms
We collect:
- Form Submission Data: Names, emails, phone numbers, custom fields, file uploads, timestamps, metadata
- Technical Data: IP address, browser, and device data
3️⃣ Usage Data
Automatically collected:
- App Usage: Features used, forms created, submission counts
- Performance: Error logs, loading times
- Analytics: Aggregated usage for improvements
⚙️ How We Use Your Information
Merchant Information
Used to:
- Operate and maintain Foreword
- Manage billing and subscriptions
- Send service updates and support replies
- Improve user experience
- Meet legal obligations
Customer Form Data
Used to:
- Display and store submissions
- Enable search, filter, and export features
- Trigger notifications or webhooks
- Generate analytics (Pro plan only)
Usage Data
Used to:
- Monitor performance
- Fix issues
- Develop and optimize new features
🔒 Data Storage & Security
Encryption
- At Rest: AES-256-GCM
- In Transit: TLS 1.3
- Key Management: Secure, never logged or exposed
Storage
- Encrypted PostgreSQL (Render)
- File uploads → AWS S3 or Cloudflare R2
- Encrypted backups
- Strict access control
Security Measures
- Rate limiting (100–1000 requests/hr)
- HMAC webhook validation
- 7-year audit logs
- Role-based access & MFA
- Regular patching