Privacy Policy

This Privacy Policy explains how the Shopify app "FitNumbers - Body Calculators" processes personal data. It applies to merchants who install and use the app, as well as to processing activities related to the calculators embedded in a Shopify storefront.

Last updated: May 4, 2026

1. Data Controller

2. About the App

FitNumbers is an embedded Shopify app with a theme extension. The app provides BMI, calorie, macro, and water intake calculators that can be added to a Shopify storefront.

Based on the current implementation, calculator inputs entered by store visitors are processed locally in the visitor's browser. These values are not transmitted to or stored on the app server.

3. Personal Data We Process

3.1 Merchant and store administrator data

• Shop domain and shop-related session data
• OAuth and authentication data, including access tokens and session IDs
• Granted app scopes and token or session expiration data
• Account information provided by Shopify where available, such as first name, last name, and email address
• Account status information such as locale, account owner status, collaborator status, and email verification status
• Information about the active app subscription within Shopify
• App installation metadata, including whether a subscription is active

3.2 Technical data

• Technical server and connection data that may arise during hosting and operation, such as IP address, timestamps, HTTP metadata, and error logs
• Webhook-related shop information sent by Shopify for synchronization and compliance handling

3.3 Store visitor data

4. Purposes and Legal Bases

• Providing, installing, and operating the app under Article 6(1)(b) GDPR
• Authenticating with Shopify and managing sessions under Article 6(1)(b) GDPR
• Checking subscription status and enabling app functionality under Article 6(1)(b) GDPR
• Meeting legal obligations, including privacy and compliance requests, under Article 6(1)(c) GDPR
• Ensuring security, stability, abuse prevention, and troubleshooting under Article 6(1)(f) GDPR

5. Data Sources

• Directly from Shopify during installation, authentication, billing, and app usage
• Directly from you when you contact us for support or other inquiries
• Automatically from technical operation of the app and hosting infrastructure

6. Recipients and Service Providers

• Shopify and affiliated Shopify entities as the commerce platform, authentication provider, billing infrastructure, and webhook source
• Fly.io as the hosting provider for the app infrastructure
• Prisma as the application's data access layer; Prisma is used as a technical component and not as a separate independent data recipient
• An S3-compatible object storage service only if backup replication is enabled in the production environment

Personal data is otherwise shared only when necessary to perform the contract, operate the app, or comply with legal obligations.

7. International Data Transfers

Because Shopify and parts of the technical infrastructure may process data outside the European Union or the European Economic Area, international transfers cannot be ruled out.

Where required by law, such transfers are made on the basis of appropriate safeguards, including adequacy decisions or standard contractual clauses.

8. Retention

• Session and authentication data is stored for as long as necessary to operate the app
• Session data is deleted when the app is uninstalled or when a shop-related deletion request requires removal
• Billing and contractual data is processed only as necessary and subject to applicable legal retention requirements
• Support communications are retained only for as long as needed to handle the request unless longer retention is legally required
• Calculator input entered by store visitors is not stored server-side by the app

9. Cookies and Similar Technologies

Based on the current implementation, FitNumbers does not use its own visitor-facing tracking cookies for calculator functionality and does not store calculator inputs in localStorage, sessionStorage, or similar browser storage.

Shopify, the store theme, or other third-party services used by the merchant may independently use cookies or similar technologies. Those providers remain responsible for their own data processing.

10. Data Subject Rights

Subject to the applicable legal requirements, you have the right to:

• Access your personal data
• Request correction of inaccurate personal data
• Request deletion of your personal data
• Request restriction of processing
• Receive your data in a portable format where applicable
• Object to certain processing activities
• Lodge a complaint with a supervisory authority

11. Privacy Contact

If you have questions about this Privacy Policy or about the processing of personal data, please contact: