Content Policy

This policy explains how Metaflow — Dynamic Fields collects, uses, stores, and protects data when merchants install and use our Shopify application.

1. Overview

Metaflow — Dynamic Fields ("the App", "we", "our", "us") is a Shopify application developed and operated by Navegaid. The App allows Shopify merchants ("you", "your", or "the Merchant") to create custom forms that collect additional information from customers through product pages, cart pages, contact pages, and other storefront locations.

This Privacy Policy describes how data is collected, processed, and stored when the App is installed and used within a Shopify store. By installing and using Metaflow — Dynamic Fields, you agree to the practices described in this policy.

2. Data We Collect

The App processes data from two primary categories: merchant data and customer data submitted through merchant-created forms.

2.1 Merchant Data

When you install and use the App, we access the following through the Shopify API:

• Store name, domain, and Shopify plan information
• Theme configuration data (to enable form placement via app blocks)
• Metafield definitions (to create and manage form field storage)
• Customer and order metafield access (to save and retrieve form submissions)

2.2 Customer Data

The specific data collected from customers depends entirely on the forms you create. This may include but is not limited to:

• Short text responses (names, phone numbers, company names, order references)
• Long-form text (delivery instructions, gift messages, custom requirements)
• Selections and preferences (dropdown choices, radio button selections, checkbox options)
• Dates (delivery dates, event dates, birthdays)

2.3 Data Collection Summary

3. How We Use Data

We process data strictly for the purposes of providing and improving the App's functionality:

• Form rendering and submission processing: Displaying your custom forms on your storefront and saving submitted responses to the appropriate Shopify metafields (Customer or Order metafields as configured by you).
• Submission management: Providing a dashboard where you can view, track, and export form submissions.
• Metafield management: Automatically creating and managing metafield definitions in your Shopify store so that form data is properly structured and stored.
• App functionality and performance: Ensuring forms load asynchronously, display correctly across devices and browsers, and perform reliably.
• Support and troubleshooting: Accessing relevant store data when you contact our support team at dev@navegaid.com to diagnose and resolve issues.

4. Where Data Is Stored

4.1 Data Storage

Customer and order form data is primarily stored within your own Shopify store's metafields, using Shopify's secure infrastructure. This means your customer data lives inside your Shopify environment and is governed by Shopify's security policies and compliance standards.

Submission metadata (such as submission counts, timestamps, and form configurations) is stored in our application infrastructure to power the App dashboard and analytics features.

4.2 Security Measures

• All data transmitted between the App and Shopify is encrypted in transit using HTTPS/TLS. We authenticate exclusively through Shopify's OAuth protocol, ensuring secure access to your store. We follow the principle of least privilege, requesting only the permissions necessary for the App to function (theme access, metafield access, customer and order data access). Our infrastructure follows industry-standard security practices including regular security reviews and updates.
• We authenticate exclusively through Shopify's OAuth protocol, ensuring secure access to your store.
• We follow the principle of least privilege, requesting only the permissions necessary for the App to function (theme access, metafield access, customer and order data access).
• Our infrastructure follows industry-standard security practices including regular security reviews and updates.

4.3 File Uploads

When customers upload files through your forms, these files are handled according to the file size limits and format restrictions you configure. We recommend setting appropriate file size limits and clearly communicating accepted formats to your customers.

5. Third-Party Sharing

We do not sell, license, or share customer data with any third parties for their own purposes. Data may be shared only in the following limited circumstances:

• Shopify Platform: Form data is stored in Shopify metafields as part of normal App operation. Other Shopify apps you have installed may be able to access metafield data depending on their permissions.
• Infrastructure Providers:We use standard hosting and infrastructure services to operate the App. These providers process data only on our behalf and under strict contractual obligations.
• Legal Requirements:We may disclose data if required by law, regulation, legal process, or governmental request.

6. Merchant Responsibilities

As the Merchant using Metaflow — Dynamic Fields, you are the data controller for the customer information collected through your forms. You are responsible for:

• Determining what personal data to collect and ensuring it is necessary and proportionate for your stated purposes.
• Providing your customers with adequate notice about data collection (through your own store privacy policy).
• Obtaining any required consent from customers before collecting their data.
• Responding to customer data access, correction, and deletion requests.
• Complying with all applicable data protection laws and regulations in your jurisdiction, including GDPR, CCPA, and others as relevant.
• Configuring form fields appropriately — using Customer metafields for persistent profile data and Order metafields for transaction-specific data.

7. Customer Data Rights

End customers whose data is collected through forms have the following rights, which should be facilitated by the Merchant:

• Right of access: Customers can request to see what data has been collected about them. Merchants can view customer metafields in Shopify Admin under Customers > [Customer Name] > Metafields.
• Right to correction: Customers can request corrections to inaccurate data. Merchants can update metafield values directly in Shopify Admin.
• Right to deletion: Customers can request deletion of their data. When a customer data deletion request is processed through Shopify, associated metafield data is included in that deletion.
• Right to data portability: The App's data export functionality (available on the Starter plan and above) allows Merchants to export form submission data in standard formats such as CSV.

If a customer contacts us directly regarding their data, we will direct them to the relevant Merchant, as the Merchant is the data controller.

8. GDPR & Regulatory Compliance

Metaflow — Dynamic Fields is designed with data protection in mind:

• GDPR: Since form data is stored in Shopify metafields, it follows Shopify's GDPR compliance framework. When a customer exercises their right to erasure through Shopify, their metafield data is included in the deletion process.
• CCPA: We do not sell personal information. Merchants using our App in California should ensure their own privacy policies reflect the data collected through custom forms.
• Shopify Data Protection: We comply with Shopify's API Terms of Service and Partner Program requirements, including mandatory data protection obligations for app developers.

We respond to Shopify's mandatory data protection webhooks, including customer data requests and shop data erasure requests, ensuring proper handling of data lifecycle events.

9. Data Retention

9.1 During Active Use

While the App is installed, form data persists in Shopify metafields as long as the associated customer or order records exist in your store. Submission history and form configurations are retained in the App dashboard.

9.2 After Uninstallation

If you uninstall Metaflow — Dynamic Fields:

• Forms will stop displaying on your storefront.
• Metafield definitions previously created in Shopify will remain.
• Customer and order data stored in Shopify metafields will be preserved within your Shopify store.

We recommend exporting any needed submission data before uninstalling the App.

9.3 Data Deletion

To request complete deletion of your App data (including submission history and form configurations stored in our infrastructure), contact us at dev@navegaid.com. Shopify metafield data can be managed directly through your Shopify Admin. 10. Changes to This Policy

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify Merchants through the App dashboard or via email. Continued use of the App after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this policy periodically to stay informed about how we protect data.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out: