Privacy Policy

Last updated: March 2026

Crest — Announcement Bar ("the App") is built and operated to help Shopify merchants display announcement bars on their storefronts. This Privacy Policy describes what data we collect, why, and how we handle it.

1. Data We Collect

The App collects only the minimum data required to function:

• Shop domain — your myshopify.com URL, used to identify your installation and session.
• Bar settings — the announcement text, colours, link URL, and timer configuration you choose. This is stored as a Shopify App Installation metafield on your own Shopify account.
• Session token — a short-lived token provided by Shopify OAuth, stored server-side to authenticate your admin requests. This is not shared with any third party.

We do not collect, access, or store:

• Customer names, emails, or any personal information
• Order data, product data, or inventory
• Payment information of any kind
• Browsing history or analytics beyond what Shopify natively provides

2. How We Use Data

• To display your configured announcement bar on your storefront.
• To save and retrieve your bar settings when you visit the admin panel.
• To maintain an authenticated session between your Shopify admin and our app backend.

We do not sell, rent, or share your data with any third parties.

3. Data Storage

Bar settings are stored in Shopify's own infrastructure as App Installation metafields — Shopify's standard mechanism for apps to persist configuration. Session data is stored temporarily in a server-side SQLite database on our infrastructure, protected by standard server security practices.

All data is stored within Shopify-approved infrastructure regions.

4. Data Retention

When you uninstall the app, Shopify notifies our server via the app/uninstalled webhook. Upon receiving this, we permanently delete your session data from our database within 48 hours. Bar settings stored as Shopify metafields are automatically removed by Shopify when the app is uninstalled.

5. Third-Party Services

The App uses the following third-party service:

• Shopify — for authentication, billing, and metafield storage. Shopify's own Privacy Policy applies to data processed through their platform.

No other third-party analytics, advertising, or tracking services are used.

6. Your Rights (GDPR / CCPA)

If you are located in the EU/EEA or California, you have rights to access, correct, or delete your data. Since we hold only your shop domain and session token (no personal customer data), requests are straightforward to fulfil.

To request data access or deletion, contact us using the details below.

7. Security

We use HTTPS for all data transmission. Session tokens are validated on every request using Shopify's official authentication libraries. Server infrastructure is access-controlled and regularly updated.

8. Changes to This Policy

We may update this policy from time to time. Changes will be posted at this URL with an updated "Last updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.