This Privacy Policy explains how WS Vidcart ("we", "our", "the app"), operated by WebsStuff, handles information when a merchant installs and uses our shoppable video application on their Shopify store.
1. Information we collect
WS Vidcart is designed to collect as little data as possible.
Store information: When you install the app, we receive your store's domain, store name, owner name, email, phone, country, plan, and currency from Shopify. This is used to operate the app and provide support.
Product data: We read product titles, images, and IDs so you can tag products to your videos. We do not modify your products.
Order data: When an order is placed through one of our video widgets, we receive the order ID, name, and value via Shopify's webhook so we can attribute sales and tag the order. We do not store customer names, emails, addresses, or any other buyer personal information.
Anonymous analytics: We record aggregate, anonymous events (video views, clicks, add-to-carts) to power your analytics dashboard. These contain no personally identifiable information about your customers.
Video content: Videos you upload are stored on Cloudflare R2 object storage.
We do not collect customer personal data (PII). WS Vidcart does not request the read_customers scope and does not store buyer names, emails, phone numbers, or addresses.
2. How we use information
To provide and operate the shoppable video features.
To display analytics and sales attribution to you, the merchant.
To provide customer support and important service notices.
3. Data sharing
We do not sell or rent your data. We use the following sub-processors strictly to operate the service:
Cloudflare R2 — video and thumbnail storage/delivery.
Hostinger — application hosting and database.
4. Data retention & deletion
We retain your store's data while the app is installed. When you uninstall the app, your store is marked inactive. In line with Shopify's requirements, we honor the mandatory compliance webhooks:
shop/redact — all of your store's data (videos, widgets, analytics) is permanently deleted from our systems after uninstall.
customers/redact & customers/data_request — acknowledged; we hold no customer PII to return or erase.
5. Data security
Access tokens are encrypted at rest (AES-256-GCM). All data is transmitted over HTTPS. Webhook authenticity is verified using HMAC signatures.
6. Your rights
You may request access to, or deletion of, your store's data at any time by contacting us. Uninstalling the app triggers automatic data deletion as described above.
7. Changes to this policy
We may update this policy from time to time. The "Last updated" date above reflects the latest revision.