LGS Forge

Appearance

Privacy Policy

Effective Date: January 25, 2026
Last Updated: January 25, 2026

Introduction

This Privacy Policy explains how LGS Forge ("we," "us," or "our") collects, uses, discloses, and protects information when you use our Shopify application (the "App"). By installing and using the App, you agree to this Privacy Policy.

Information We Collect

Information from Shopify

When you install the App, we receive the following information from your Shopify store:

  • Store Information: Shop domain, store name, email address, currency, timezone
  • Store Owner Information: Store owner name, email address, and contact details
  • Product Data: Product titles, descriptions, variants, prices, inventory levels
  • OAuth Token: Encrypted access token to communicate with your Shopify store
  • Installation Data: Installation date, app configuration settings

Information You Provide

  • User Account Data (Standalone Mode):
    • Email address, username, password (hashed), display name
    • Store URLs and shop domains for multi-store management
    • Account preferences and notification settings
  • Sync Preferences: Selected product sets and pricing configurations
  • Pricing Rules: Markup percentages, minimum prices, rounding preferences
  • Scheduled Sync Settings: Automated price sync configurations
  • App Settings: User interface preferences, default views, and feature toggles

Automatically Collected Information

  • Usage Data: Features accessed, sync history, error logs
  • Technical Data: IP address, browser type, device type, session information
  • Performance Metrics: Sync duration, API response times, success/failure rates

How We Use Your Information

We use the collected information for the following purposes:

Core App Functionality

  • Product Synchronization: Create and update collectible products in your Shopify store
  • Pricing Management: Apply pricing rules and sync prices from market data sources
  • Inventory Management: Manage product variants and inventory levels
  • Metafield Management: Store and update product-specific metadata

Service Improvement

  • App Performance: Monitor and improve sync performance, fix bugs
  • Feature Development: Understand usage patterns to develop new features
  • Error Tracking: Identify and resolve technical issues
  • Analytics: Aggregate usage statistics (anonymized)

Communication

  • Service Updates: Notify you of app updates, new features, maintenance
  • Support: Respond to support requests and troubleshoot issues
  • Transactional Emails: Send sync completion notifications, error alerts
  • GDPR Compliance: Process data according to GDPR requirements
  • Terms Enforcement: Ensure compliance with our Terms of Service
  • Legal Obligations: Respond to legal requests and prevent fraud

Data Storage and Security

Data Storage

  • Database: Secure, industry-leading cloud infrastructure with encryption at rest
  • Encryption: OAuth tokens and sensitive data encrypted using industry-standard encryption protocols
  • Session Storage: Shopify session tokens stored securely with session secrets
  • Job Queue: Temporary job data with automatic expiration

Security Measures

  • Transport Security: All data transmitted over HTTPS/TLS
  • Access Control: Role-based access control and authentication
  • Password Security: Passwords hashed using bcrypt with salt
  • API Security: Shopify request verification middleware
  • Regular Audits: Periodic security reviews and vulnerability scanning

Data Retention

  • Active Stores: Data retained while the App is installed
  • Uninstalled Stores: Store data deactivated promptly (within 48 hours); OAuth tokens invalidated immediately
  • Shopify Webhooks: We comply with Shopify's mandatory data deletion webhooks (customers/data_request, customers/redact, shop/redact)
  • Sync History: Retained for 90 days for troubleshooting
  • Logs: Application logs retained for 30 days
  • Backups: Database backups retained for 7 days

Data Sharing and Disclosure

Third-Party Services

We use the following third-party services that may have access to your data:

  • Shopify: Product and store data (as required for app functionality)
  • Cloud Database Providers: Database hosting on secure cloud infrastructure
  • Cloud Platform Providers: Application hosting and infrastructure (such as Google Cloud Platform or AWS)
  • Market Data Providers: Product and pricing data (we send no merchant personally identifiable information to them)
  • Error Tracking Services (if enabled): Aggregated error logs and monitoring

We may disclose your information if required by law or in response to:

  • Legal process (subpoena, court order)
  • Government requests
  • Protection of rights, property, or safety
  • Terms of Service violations
  • Fraud prevention

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email or prominent notice in the App.

Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights:

Right to Access

Request a copy of the personal data we hold about you. Email us at privacy@lgsforge.com with subject "Data Access Request."

Right to Rectification

Request correction of inaccurate or incomplete personal data. Update your preferences in the App Settings or email privacy@lgsforge.com.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data. To exercise this right:

  1. Uninstall the App from your Shopify store, or
  2. Email privacy@lgsforge.com with subject "Data Deletion Request"

We will delete your data within 30 days, except where retention is required by law.

Right to Data Portability

Request your personal data in a structured, machine-readable format. Email privacy@lgsforge.com with subject "Data Portability Request."

Right to Object

Object to processing of your personal data for specific purposes. Note that this may limit App functionality.

Right to Restriction

Request restriction of processing under certain conditions.

Withdraw consent at any time by uninstalling the App or contacting us.

Response Time

We will respond to all requests within 30 days.

CCPA Privacy Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Exercise CCPA rights without discriminatory treatment

To exercise these rights, email privacy@lgsforge.com.

Cookies and Tracking

Cookies We Use

  • Essential Cookies: Session cookies for authentication (required for App functionality)
  • Functional Cookies: User preferences and settings
  • Analytics Cookies (if enabled): Aggregate usage statistics

You can control cookies through your browser settings. Disabling essential cookies may prevent the App from functioning properly.

Children's Privacy

The App is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

  • EU-US Data Transfers: Standard Contractual Clauses (SCCs)
  • Data Processing Agreement: Available upon request
  • Adequate Protection: Encryption, access controls, and security measures

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via:

  • Email notification to your registered email address
  • In-app notification upon next login
  • Notice on the docs.lgsforge.com website

Continued use of the App after changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: privacy@lgsforge.com
Support: support@lgsforge.com
Website: https://lgsforge.com
Documentation: https://docs.lgsforge.com

Privacy Coordinator (for GDPR inquiries):
Email: privacy@lgsforge.com

Shopify-Specific Information

Shopify App Store Requirements

This Privacy Policy meets Shopify's App Store listing requirements and discloses:

  • What data we collect from Shopify stores
  • How we use and protect that data
  • How merchants can request data deletion
  • Third-party services that access merchant data

Uninstalling the App

To remove your data:

  1. Go to your Shopify Admin → SettingsApps and sales channels
  2. Find LGS Forge and click Uninstall
  3. Confirm uninstallation
  4. Your OAuth token is immediately invalidated
  5. Your store data is deactivated within 48 hours (fully deleted within 30 days)
  6. Shopify's mandatory webhooks (shop/redact) are processed within their required timeframes

For expedited deletion, email privacy@lgsforge.com after uninstalling.

Version: 1.0
Governing Law: This Privacy Policy is governed by the laws of the State of Delaware, United States.
Questions? Contact privacy@lgsforge.com