Legal · Privacy
The data controller responsible for the processing of your personal data is:
Verlezza Labs
Contact: support@verlezzalabs.com
Website: verlezzalabs.com
By using our website (verlezzalabs.com) or any of our Shopify applications, you acknowledge that your personal data will be processed in accordance with this Privacy Policy.
We only collect data that is strictly necessary for the operation of our services.
| Data | How collected | Purpose |
|---|---|---|
| Name | Contact form | Identify you in our correspondence |
| Email address | Contact form | Reply to your inquiry |
| Shopify store URL | Contact form (optional) | Provide contextual support |
| Message content | Contact form | Handle your request |
| IP address, browser type | Automatically (server logs) | Security and fraud prevention |
| Data | How collected | Purpose |
|---|---|---|
| Shopify store domain | OAuth installation | App authentication and session management |
| OAuth access token | Shopify OAuth flow | Access the Shopify Admin API on your behalf |
| Store-level SEO data (schemas, meta tags) | Created by the merchant inside the app | Core app functionality |
| App settings and preferences | Saved by the merchant | Persist app configuration across sessions |
Important: Our Shopify apps do not collect, store, or process any end-customer (shopper) data. We handle only merchant (store owner) data required to operate the app.
We process your data under the following legal bases as defined by the GDPR (Article 6):
| Purpose | Legal basis |
|---|---|
| Responding to contact form inquiries | Legitimate interest (Art. 6.1.f) / Consent (Art. 6.1.a) |
| Providing and operating our Shopify apps | Contract performance (Art. 6.1.b) |
| Maintaining security and preventing fraud | Legitimate interest (Art. 6.1.f) |
| Complying with Shopify's Partner requirements | Legal obligation (Art. 6.1.c) |
| Sending product updates (only if you opt in) | Consent (Art. 6.1.a) |
We do not use your data for advertising, profiling, or sell it to any third party.
app/uninstalled webhook.When the retention period expires, or upon a valid deletion request, we permanently delete or anonymize your data.
We do not sell, rent, or trade your personal data. We may share data with the following trusted processors:
| Processor | Purpose | Data transferred |
|---|---|---|
| Formspree | Contact form delivery | Name, email, message |
| Fly.io / Hosting provider | App server infrastructure | Encrypted app data |
| Shopify | App platform (OAuth, metafields) | Store domain, OAuth tokens, metafield content |
All processors are contractually bound to handle data in compliance with applicable data protection laws. We do not transfer personal data outside the European Economic Area (EEA) without appropriate safeguards such as Standard Contractual Clauses (SCCs).
When you install a Verlezza Labs app from the Shopify App Store, you grant us access to specific Shopify Admin API scopes. We only request scopes that are strictly necessary for the app to function. Access tokens are stored encrypted in our database and used solely to perform the actions you initiate within the app.
Our apps do not access, store, or process any data belonging to the end-customers of your Shopify store. We handle only store-level SEO content (schemas, meta tags) that you create and manage.
All our Shopify apps implement the three mandatory GDPR compliance webhooks:
When you uninstall a Verlezza Labs app, the app/uninstalled webhook
triggers the immediate deletion of all your app data from our servers, including OAuth sessions,
schemas, meta tag records, and settings.
Our website uses only essential cookies required for basic site functionality and security. We do not use advertising, tracking, or analytics cookies without your explicit consent.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| Session cookie | Essential | Basic website functionality | Session |
Our embedded Shopify apps may use session cookies to maintain your authenticated state within the Shopify Admin. These are strictly necessary for the app to function and are governed by Shopify's own cookie policies.
You can control or delete cookies through your browser settings. Disabling essential cookies may affect the functionality of our services.
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
To exercise any of these rights, contact us at support@verlezzalabs.com. We will respond within 30 days of receiving your request. We may need to verify your identity before processing your request.
You also have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, you can find your national authority at edpb.europa.eu.
We take the security of your data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.
Our services are intended for use by adults (18 years of age or older) and Shopify merchants. We do not knowingly collect personal data from minors under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately at support@verlezzalabs.com and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons.
When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes affecting your rights, we will provide additional notice (such as an in-app notification or email to known contacts where applicable).
Your continued use of our website or apps after the effective date of any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
For any questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, please contact our Data Protection contact:
Verlezza Labs — Data Privacy
Email: support@verlezzalabs.com
Subject line: "Privacy / Data Request"
We are committed to resolving any privacy-related complaints or concerns promptly
and transparently. Response within 30 calendar days.