Suvi: Background Music Privacy Policy

We collect and process only the information that is reasonably necessary to provide the app.

• Merchant installation and account data. When a merchant installs or uses the app, Shopify may provide us with the shop domain, granted scopes, session records, access tokens, and account details such as the store owner's name and email address.
• Store configuration data. We store the background music settings that a merchant chooses, such as playback preferences, display settings, and references to audio files used by the store.
• AI generation inputs. If a merchant uses AI music features, we process the selected style, optional custom prompt, provider choice, and metadata related to the generated track.
• Merchant interaction events. We may store shop-scoped records about actions taken inside the app, such as generating, previewing, starring, hiding, reusing, or publishing tracks, so we can operate the app, improve reliability, and understand which workflows are being used.
• Anonymous storefront playback telemetry. If a merchant enables the storefront music player, we may receive limited anonymous playback event records such as playback start milestones, pause or resume actions, audible playback buckets, and related shop-scoped configuration context. We do not use this telemetry for advertising or to build customer identity profiles.
• Storefront playback state. The storefront player stores limited playback state in the shopper's browser sessionStorageso playback can continue smoothly during the same browsing session. This information is not used for advertising or cross-site tracking.

At this time, the app is not designed to independently collect or store a merchant's customer list or order history through its main app workflows.

• Authenticate merchants and maintain secure app sessions.
• Save, display, and update storefront background music settings.
• Generate music requested by merchants and upload generated files into the merchant's Shopify store.
• Record merchant-side workflow events and limited anonymous storefront playback telemetry to support product reliability, abuse prevention, and future product improvement.
• Maintain app security, troubleshoot operational issues, and prevent abuse.
• Comply with legal obligations and Shopify platform requirements, including privacy law compliance webhooks.

We do not sell personal information. We may share information with service providers only as needed to operate the app, including:

• Shopify. The app runs on Shopify infrastructure and uses Shopify APIs, webhooks, authentication, and file services.
• Hosting and infrastructure providers. The app may be hosted by providers such as Vercel and database providers used to operate the service.
• AI music providers. If AI music generation is enabled, merchant prompts and related generation requests may be processed by the configured provider, such as Stability AI or Google.
• Legal or compliance recipients. We may disclose information when required by law, regulation, valid legal process, or Shopify platform rules.

We keep merchant account and configuration data for as long as needed to provide the app and operate the merchant's installation.

• Shop-scoped records stored by the app are deleted when the app receives uninstall or shop redaction events, unless we are legally required to retain specific data.
• Storefront playback state stored in sessionStorage is meant to be temporary and expires automatically after a short period.
• Anonymous merchant interaction events and storefront playback telemetry are kept only as long as reasonably necessary to operate, secure, and improve the app, and are deleted with other shop-scoped records when the app receives uninstall or shop redaction requests unless retention is legally required.
• Generated audio files uploaded to Shopify are stored in the merchant's Shopify account and remain subject to the merchant's own Shopify file management actions.

Shopify requires public apps to respond to privacy-related data requests using mandatory compliance webhooks. We respond to Shopify privacy webhooks, including requests related to customer data access, customer deletion, and shop deletion, in accordance with applicable law and Shopify requirements.

If you are a merchant and have questions about your own data, or if you are a shopper seeking to exercise privacy rights in relation to a store using the app, please contact the relevant merchant first. We may also work directly with Shopify when Shopify transmits a valid compliance request to us.

We use reasonable administrative, technical, and organizational measures to protect information from unauthorized access, disclosure, alteration, or destruction. No method of transmission over the internet or electronic storage is completely secure, so we cannot guarantee absolute security.

Depending on where the merchant, Shopify, and our service providers are located, information may be processed in countries other than the merchant's own jurisdiction. Where required, we rely on contractual, technical, or operational safeguards appropriate to the services we use.

We may update this Privacy Policy from time to time to reflect product, operational, legal, or regulatory changes. When we make material changes, we will update the effective date on this page.

If you have questions about this Privacy Policy or our privacy practices, you can contact the app operator using the details below.