Legal

Privacy Policy

Last updated: March 17, 2026

1. Introduction

BrewmyApp ("we," "our," or "us") operates a no-code platform that enables eCommerce store owners to convert their online stores (including platforms such as Shopify and WooCommerce) into native mobile applications for iOS and Android. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (brewmyapp.io), dashboard, generated mobile applications, and related services (collectively, the "Service").

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

  • Name, email address, phone number, and country when you register.
  • Password (securely hashed) if you sign up with email, or profile data if you authenticate via Google OAuth.

2.2 Store Data (Shopify & WooCommerce)

Store URL, store name, and platform identifiers.

For WooCommerce stores:

  • API credentials (encrypted at rest)
  • Store configuration such as currency, tax settings, and shipping details

For Shopify stores:

  • Store domain and access tokens obtained via Shopify’s OAuth process
  • Store configuration such as currency, tax settings, and shipping details

For both platforms:

  • Product catalogs, categories, collections, inventory, and order data synced from your store to power your mobile application
  • Limited customer-related data (such as order information) as required for app functionality

Shopify Checkout:

BrewmyApp does not process or store payment information from Shopify checkouts. All checkout transactions are handled securely by Shopify through its own checkout infrastructure. We may receive limited order information (such as order ID, status, and basic customer details) from Shopify after a transaction is completed, solely to enable app functionality such as order tracking and notifications.

2.3 App Configuration Data

  • App name, icons, splash screens, design layouts, and branding settings you configure through our visual designer
  • Build history, build status, and related technical logs.

2.4 Payment & Subscription Data

Subscription plan, billing cycle, and payment status.
Payment details (such as card number and billing address) are collected and processed directly by our payment provider (Paddle). We do not store full payment credentials on our servers.

2.5 Usage & Device Data

Browser type, operating system, IP address, pages visited, features used, and session duration.
Device platform information and push notification tokens when you use a generated mobile application.

2.6 Mobile App End-User Data

Mobile applications generated through BrewmyApp interact directly with your Shopify or WooCommerce store.
End-user data (such as customer names, addresses, and order details) is primarily processed and stored by your store and is governed by your own privacy policy.
For Shopify stores, checkout and payment processing are handled entirely by Shopify. BrewmyApp does not access or store sensitive payment information (such as card details) at any point.
BrewmyApp may process limited end-user data as a data processor solely to enable app functionality, including features such as push notifications (e.g., order updates) via third-party services like Expo.

3. How We Use Your Information

We use your information for the following purposes:

  • Provide, operate, and maintain the Service - including connecting to your Shopify or WooCommerce store, building your mobile app, and delivering over-the-air (OTA) updates.
  • Process subscription payments and manage your account.
  • Send transactional communications such as OTP verification codes, build status notifications, payment receipts, and subscription alerts.
  • Deliver push notifications (e.g., order status updates) to end-users of your generated mobile applications.
  • Sync and display store data (including products, collections, inventory, and order information) from your Shopify or WooCommerce store within your mobile application.
  • Improve the platform by analyzing usage patterns, diagnosing technical issues, and developing new features.
  • Ensure security, prevent fraud, and enforce our Terms of Service.
  • Comply with applicable legal and regulatory obligations.

4. Third-Party Services & Data Sharing

We do not sell your personal data. We share information only with trusted third-party service providers as necessary to operate and deliver the Service:

  • Paddle: Payment processing, subscription management, tax calculation, and invoicing.
  • Expo (EAS): Mobile app building, over-the-air (OTA) updates, and push notification delivery.
  • Amazon Web Services (S3): Secure storage of app assets such as icons, images, and splash screens.
  • Shopify & WooCommerce APIs: Access and synchronization of store data (such as products, collections, inventory, and orders) required to power your mobile application.
  • Google (OAuth): Authentication and account sign-in.
  • Email Service Provider (Brevo): Transactional communications including OTP verification, payment receipts, and account notifications.
  • Upstash (Redis): Temporary caching for OTP codes, session handling, and rate limiting.
  • Vercel: Website hosting and deployment infrastructure.

Each service provider processes data only as necessary to perform its function and in accordance with its own privacy policy and contractual obligations.
We may also disclose information if required to do so by law, regulation, legal process, or governmental request, or when necessary to protect our rights, users, or the integrity of the Service.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data.
All data is transmitted over secure HTTPS connections (TLS encryption in transit). Sensitive credentials, such as WooCommerce API keys, Shopify access tokens, and Expo tokens, are encrypted at rest. Passwords are securely hashed using industry-standard algorithms (e.g., bcrypt).
Access to production systems is restricted to authorized personnel on a need-to-know basis. We implement safeguards such as rate limiting, monitoring, and access controls to prevent unauthorized access, abuse, or data breaches.
However, no method of electronic storage or transmission over the internet is completely secure, and we cannot guarantee absolute security of your data.

6. Cookies & Tracking

We use cookies and similar technologies to operate and improve the Service.

  • Essential Cookie: Required for core functionality such as maintaining your session, authentication, and security. These cookies cannot be disabled without affecting the Service.
  • Analytics Cookies: Used to understand how visitors interact with our website, improve performance, and enhance user experience.

For more detailed information, including how to manage your preferences, please refer to our Cookie Policy.

7. Data Retention

We retain your account data for as long as your account is active or as necessary to provide the Service.
Store-related data (including Shopify and WooCommerce integrations) is retained only for as long as your account remains connected and active.
Build logs and API activity logs are retained on a rolling basis (e.g., up to the most recent 500 entries) for debugging, performance monitoring, and security purposes.
If your account becomes inactive or your store is disconnected, your data may be retained in our systems in an inactive state for operational, backup, or compliance purposes.
Account deletion is processed upon user request. Upon receiving a deletion request, we will delete or anonymize your personal data within a reasonable period, except where retention is required for legal, accounting, or legitimate business purposes.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such information promptly.

9. Your Rights

Depending on your jurisdiction (including under GDPR, CCPA, and similar data protection laws), you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to applicable legal obligations.
  • Restriction: Request restriction of processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Portability: Request your data in a structured, commonly used, and machine-readable format.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@brewmyapp.io. We will respond within 30 days or as required by applicable law.

10. International Data Transfers

Your data may be processed and stored in countries other than your own through our infrastructure and third-party service providers.
Where such transfers occur, we take appropriate safeguards to ensure your data is protected in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time.
We will notify you of any material changes by posting the updated policy on our website, updating the "Last updated" date, and, where appropriate, providing additional notice (such as via email or within the Service).

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@brewmyapp.io.