This Privacy Policy describes how Growably ("we", "our", "the app") collects, uses, and protects information when you install and use our Shopify app. Growably is operated by EcomGrows LLC, a limited liability company registered in the State of Wyoming, United States.
What we collect
When you install Growably, we collect minimal information necessary to provide the service.
From Shopify
- Shop domain (e.g., your-store.myshopify.com)
- Shop email address
- Shop's base currency
- Authentication tokens (for API access)
From your Growably configuration
- Selected currencies you want to display
- Widget styling preferences (style, placement, mode, flag shape)
- Custom CSS (if provided)
Subscription and billing
- Current plan (Free or Pro)
- Subscription status (active, trial, cancelled)
- Trial and billing period dates
- Shopify charge reference ID
All billing is processed by Shopify Billing API. We do not collect or store payment methods, credit card numbers, or bank details.
From your storefront visitors
- IP address (used in real-time only, not stored) — for geolocation-based auto-currency switching
- Currency choice (saved in visitor's browser localStorage, not on our servers)
What we do NOT collect
Customer personal information, purchase history, payment information, customer email addresses, or any data outside what's needed for app functionality.
What we do NOT use
Third-party analytics, behavioral advertising, marketing pixels, tracking cookies for advertising, cross-site tracking, data brokers, or data sales. The only cookies we use are essential session cookies for Shopify OAuth authentication.
How we use information
We use collected information solely to:
- Provide the currency switcher functionality on your storefront
- Display prices in selected currencies based on visitor location
- Apply your customization preferences
- Manage your subscription plan and billing via Shopify
- Communicate with you about your app account (support, updates)
We do not sell, rent, or share your information with third parties for marketing purposes.
Where data is stored
App data is stored on Railway (PostgreSQL database). Data may be transferred to and stored in the United States and other locations where our service providers operate. Railway is SOC 2 Type II compliant.
Storage details
- Shop configuration data — stored in encrypted database with restricted access
- Authentication tokens — stored in encrypted database, used only for Shopify API access
- Exchange rates — cached in database, refreshed every 30 minutes
- Visitor IP — processed in real-time for geolocation, never stored
Third-party services
Growably integrates with the following services:
| Service |
Purpose |
Data shared |
| Shopify |
Platform integration and billing |
Shop data, authentication tokens |
| Railway |
Hosting and database |
All app configuration data |
| Crisp |
Live customer support chat |
Shop email, shop domain, plan |
Exchange rate providers
open.er-api.com · frankfurter.app |
Currency exchange rates |
None |
| get.geojs.io |
IP geolocation |
Visitor IP (real-time, not stored) |
| flagcdn.com |
Country flag images (CDN) |
None |
Each service has its own privacy policy. We do not control how these services handle data.
Data retention and deletion
App uninstall
When you uninstall Growably, we automatically receive a shop/redact webhook from Shopify. We delete all your shop data within 48 hours of uninstallation, in compliance with Shopify's data protection requirements.
GDPR compliance (EU merchants)
We comply with GDPR. You have the right to:
- Request access to your data
- Request correction of inaccurate data
- Request deletion of your data
- Export your data in machine-readable format
Contact us at support@ecomgrows.io. We respond to GDPR requests within 30 days.
CCPA compliance (California consumers)
California residents have similar rights to access, delete, and opt out of data sales. We do not sell personal information.
Customer data redaction
We do not collect customer personal data. If Shopify sends customers/redact or customers/data_request webhooks, we acknowledge and confirm no customer data is held by Growably.
Security
We implement industry-standard security measures:
- All data transmission uses HTTPS/TLS encryption
- Authentication tokens stored in encrypted database with restricted access
- HMAC signature verification for all webhook and proxy requests
- Regular security updates and dependency audits
- Access to production data limited to authorized team members
While we take security seriously, no method of transmission or storage is 100% secure.
Children's privacy
Growably is a B2B service for Shopify merchants. We do not knowingly collect data from children under 13.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via:
- Update notification within the Growably admin
- Email to your shop's registered email address
- Updated "Last updated" date at the top of this page
Continued use of Growably after changes constitutes acceptance.
Contact
Questions about this Privacy Policy or your data?
Get in touch
Email:
support@ecomgrows.io
Subject line: "Growably privacy inquiry"
Response time: 1-2 business days