Privacy policy

Collection Tiles — Privacy Policy

Last updated: 25 June 2026

This policy explains how the Collection Tiles app ("the App", "we", "us"), provided by Stock Atlas (based in the United Kingdom), handles information when you install and use it on your Shopify store. Stock Atlas is the data controller for the merchant data described below; you remain the controller of your own store and customer data.

1. Who this applies to

This policy is for the Shopify merchants (store owners and staff) who install and use Collection Tiles. It also explains why the App does not collect personal data about the shoppers who visit your storefront.

2. What data we collect and store

To run the App, manage your subscription and provide support, we store the following in our database (hosted on Railway — see section 7):

• Your identity & contact details — your Shopify store domain, store name, the store owner's name, your contact email address, and your store's primary (custom) domain.
• Store profile — country, timezone, currency, admin locale, your Shopify plan tier, and your active theme's name and ID. We use these to schedule tiles correctly in your local time and to tailor in-app guidance.
• Authentication — the access token and rotating refresh token Shopify issues when you install the App, along with the granted permission scopes and their expiry dates. Tokens are stored encrypted and used only to make authorised requests on your behalf.
• Tile configuration — your tile content, names, styling, links, schedules and frequency settings. This is stored both in your store's metafields (so your storefront can read it) and in our database so the App can manage it. Background images you upload are stored in your own Shopify Files; we keep the resulting image URL.
• Lifecycle & billing metadata — install and uninstall dates, subscription ID and status, trial end date and plan history. Payments themselves are handled by Shopify; we do not see or store your card details.
• Usage data — aggregate counts of how often each tile is viewed and clicked (see section 5), and whether the App's storefront block is enabled in your theme.
• Marketing preference — whether you have chosen to receive occasional product emails from us (see section 6).

The App requests only the Shopify permissions it needs: read/write access to Files (for tile images), read/write access to metaobjects and to products and collections (tile configuration is stored in collection metafields — in Shopify's API, collections are governed by the products permission), and read access to your theme and content to place and preview tiles.

3. Customer (shopper) data

Collection Tiles is a merchandising tool and does not require shopper personal data to function. We do not request access to your customers' names, addresses, emails, orders or payment details, and we do not build profiles of individual shoppers. Tiles render the same content for everyone viewing a collection, and our usage tracking (section 5) records anonymous counts only — no IP addresses, cookies or device fingerprints.

4. How we use the data

• To display and schedule your promotional tiles on your storefront.
• To provide the in-app editor, live preview and analytics.
• To manage your subscription and billing through Shopify.
• To send you service emails and respond to your support requests (section 6).
• To maintain, secure, troubleshoot and improve the App.

We do not sell your data, and we do not use it for advertising.

5. Storefront usage analytics

So you can see how your tiles perform, the App counts tile impressions (a tile becoming visible) and clicks. These are collected as a first-party request through Shopify's App Proxy and stored only as daily aggregate totals per tile and collection. We do not record who viewed a tile, their IP address, device or any other personal data about shoppers.

6. Emails & communications

We send emails through our email provider, Resend (section 7). These include service emails (a welcome message on install, an uninstall confirmation, and a reminder if the App's storefront block is switched off after a theme change) and support replies when you contact us.

We may also send occasional product emails, such as a one-time invitation to review the App on the Shopify App Store roughly a week after install. You can opt out of these product emails at any time by contacting us at the address below; we will still send essential service emails about your account.

7. Support requests

When you message us through the in-app contact form, we store your message, the email address you give us for our reply, and an optional technical diagnostics snapshot (such as your store, plan, theme and tile counts) to help us resolve the issue. Support messages and reply addresses are kept as part of our support history.

8. Sharing & sub-processors

We share data only with the infrastructure providers needed to run the App, each under their own security and privacy commitments:

• Railway — cloud hosting and database.
• Resend — delivery of the emails described in section 6.
• Sentry — error monitoring, configured so that personal data such as your email is not sent to it.
• Shopify — the platform the App runs on, including billing, file storage and app embedding.

We do not sell your data. We may disclose information if required by law.

9. Data retention & deletion

When you uninstall Collection Tiles, your access token is cleared and tiles stop showing on your storefront. We retain your store record (in anonymised, aggregate form) so we can understand overall product usage. Your theme, products and uploaded files in Shopify are not altered by uninstalling.

If your store is deleted, Shopify sends us a redaction request. Within 30 days we pseudonymise your store identifier (replacing it with a one-way hash) and delete the personal data we held — your email, the owner's name, your primary domain and any internal notes. Anonymised installation and usage statistics may be retained for aggregate metrics. Support reply emails are kept only as long as needed for our support history.

10. Shopify mandatory data webhooks (GDPR)

As required by Shopify, the App implements the mandatory compliance webhooks customers/data_request, customers/redact and shop/redact. Because the App stores no shopper personal data, the two customer webhooks confirm we hold no such data; the shop/redact webhook performs the pseudonymisation and deletion described in section 9.

11. Security

Access tokens are stored encrypted, data is transmitted over HTTPS, and access to our systems is restricted. No system is perfectly secure, but we take reasonable measures to protect the data we hold.

12. Your rights

Depending on where you are based (for example under UK/EU GDPR), you may have rights to access, correct or delete data we hold about you, to object to certain processing, or to opt out of product emails. To exercise these rights, contact us using the details below. Stock Atlas is the data controller for the merchant data described above.

13. Changes to this policy

We may update this policy as the App evolves. We'll change the "last updated" date above and, for material changes, make reasonable efforts to notify merchants.

14. Contact

Stock Atlas, United Kingdom
Email: hello@stockatlas.app

← All privacy policies