Privacy Policy

1. Overview

EmailGater ("we", "our", or "us") is a Shopify app that allows merchants to gate products behind email capture. This Privacy Policy explains what data we collect, how we use it, and how we protect it — for both merchants (Shopify store owners) and their customers (storefront visitors).

2. Data We Collect

From Merchants

• Shopify shop domain and access token (required for Shopify API access)
• Billing subscription status and plan information
• List of products selected to be gated

From Storefront Visitors

• Email address (submitted voluntarily to unlock a product)
• The product they unlocked and the date/time of submission
• IP address and user agent (logged for abuse prevention)

3. How We Use the Data

• To authenticate the merchant's Shopify session and serve the app
• To store and display collected emails in the merchant's dashboard
• To enforce email gating on the merchant's storefront via the app proxy
• To manage billing subscriptions via Shopify's Billing API
• We do not sell, rent, or share visitor email addresses with any third parties
• We do not use visitor emails for our own marketing

4. Data Storage & Security

All data is stored in a PostgreSQL database hosted on Railway (railway.app). Data is transmitted over HTTPS. Access tokens are stored securely and only used to make API requests on behalf of the merchant.

Visitor email addresses are stored and associated with the merchant's shop. Merchants can view, delete, and export their collected emails at any time from the EmailGater dashboard.

5. Data Retention

• Merchant data is retained while the app is installed
• When a merchant uninstalls EmailGater, all their data (sessions, shop record, locked products, collected emails, and subscriptions) is permanently deleted within 48 hours via our APP_UNINSTALLED webhook
• Merchants can delete individual email records at any time from the dashboard

6. GDPR & Data Subject Rights

We support Shopify's mandatory GDPR webhooks:

• Customer data request — we will provide any stored data associated with a customer email upon request
• Customer data erasure — we will delete all data associated with a customer email upon request
• Shop data erasure — all merchant data is deleted upon app uninstall

To exercise any of these rights, contact us at support@createtype.com.

7. Third-Party Services

• Shopify — app platform, billing, and OAuth. Subject to Shopify's Privacy Policy
• Railway — hosting and database infrastructure. Subject to Railway's Privacy Policy

8. Cookies & Local Storage

EmailGater uses browser localStorage on the storefront to remember that a visitor has already unlocked a product. No tracking cookies are set. No data stored in localStorage is transmitted back to our servers.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact

If you have any questions about this Privacy Policy or how we handle your data, contact us at: support@createtype.com