Privacy Policy

VOIDD ("VOIDD", "we", "us") builds animated Shopify theme sections and the VOIDD Shopify app. This policy describes what data we collect through our marketing site at voidd.app and through the VOIDD app installed on Shopify stores, how we use it, and your rights over it.

voidd.app is a static marketing site. We do not run analytics, advertising pixels, or third-party trackers. We do not set cookies. We do not collect IP addresses, device fingerprints, or browsing behavior.

The site uses your browser's localStorage for small features (e.g. remembering the position of an interactive widget on the home page). This data never leaves your device.

Our hosting provider (Vercel) and DNS provider (Cloudflare) process basic request metadata (IP, user-agent) for security and abuse prevention as part of standard edge-network operation. We do not access or retain those logs.

When you install the VOIDD app on your Shopify store, we collect the minimum data required to operate:

• Store information — your shop domain, shop name, and the OAuth scopes you grant.
• Theme and section configuration — settings you save for the animated sections you install.
• Chat conversations— if you enable the in-app chat assistant, your messages and the assistant's replies are stored so the assistant can maintain context across the conversation.
• Operational logs — request timestamps, error traces, and usage counters used to keep the app running reliably.

We do not collect customer personal data, order details, or payment information from your Shopify store unless explicitly required by a feature you turn on, and only with the OAuth scopes you have granted.

Merchant data collected at install:

• Store owner email — received via Shopify OAuth at install time. Used for transactional notifications (install welcome, GDPR notifications) and as the contact address for breach notifications.
• Shopify Admin API access token — received via OAuth at install, stored encrypted in our database, used only to perform the theme operations the merchant authorized (read/write theme sections). Hard-deleted when the merchant uninstalls, via the shop/redact flow described below.

Mandatory GDPR webhooks.VOIDD implements Shopify's required GDPR webhooks:

• customers/data_request — VOIDD does not store end-customer PII. These requests are logged, acknowledged, and flagged to support.
• customers/redact — Same; acknowledged, logged, and confirmed to Shopify. No customer records to delete.
• shop/redact — Fires 48 hours after uninstall. VOIDD atomically deletes all shop-scoped data (block configurations, chat history, billing metadata, Shopify access token) across every storage system.

• To provide, maintain, and improve the VOIDD app.
• To respond to support requests you send us.
• To send chat messages to our AI provider (Anthropic) so the assistant can generate a reply.
• To detect and prevent abuse, fraud, or security incidents.
• To comply with legal obligations.

We do not sell your data. We do not share your data with advertisers or data brokers. We do not use your data to train AI models.

VOIDD maintains a private internal archive of SupaHero section configurations that merchants publish live on their public Shopify storefronts. When a block has been live and unmodified for one hour, we record:

• The block’s public configuration (colors, typography, copy, product references you already chose to display publicly).
• The public storefront URL where the block is embedded, and the theme and template it’s placed in.
• Optionally, a screenshot of the public page so we can visually review the work.
• The shop owner’s name and email (sourced from your Shopify install session) so we can contact you if we’d like to feature your work.

We never capture visitor or customer PII, cart contents, checkout data, or anything behind your admin. Only content that is already publicly visible on your storefront to any shopper.

Internal review is automatic. Public display on voidd.app or in our marketing is never automatic and always requires your explicit written consent, granted via a tokenized link in an outreach email. You may revoke that consent at any time by replying to the outreach email or contacting support@voidd.app.

Opt-out is always available.In the VOIDD app Settings, toggle “Exclude my store from the VOIDD community archive” and we will skip your shop and remove any previously captured configurations from the archive.

Community Showcase data is deleted along with all other shop-scoped data when you uninstall VOIDD, via the shop/redact webhook (within 48 hours).

We use the following sub-processors to operate the service. Each is bound by data-processing agreements:

• Shopify — app hosting and OAuth surface for merchants who install VOIDD.
• Vercel — hosting for voidd.app.
• Cloudflare — DNS and email routing for voidd.app.
• Anthropic — AI inference for the chat assistant. Messages you send are processed by Anthropic under their commercial terms; Anthropic does not train on commercial inputs.
• Fly.io — hosting for the VOIDD Shopify app backend (voidd.fly.dev).
• Fly Postgres — managed PostgreSQL database for merchant configuration, chat history, and billing metadata.
• Sentry — error tracking and crash reporting for the VOIDD app backend.
• Resend — transactional email delivery (install welcome messages, GDPR notifications).
• Better Stack — uptime monitoring and alerting for VOIDD infrastructure.

We retain app configuration data for as long as your app is installed. If you uninstall VOIDD, we delete or de-identify your shop's configuration and chat history within 30 days, except where a longer retention period is required by law (e.g. financial records).

AI chat assistant conversations are retained for the duration of your active VOIDD install + 30 days post-uninstall, then hard-deleted via the shop/redact flow.

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these rights, email support@voidd.app. We will respond within 30 days.

For merchants in the EU/UK: VOIDD is the data controller for our marketing site, and a data processor for the VOIDD Shopify app on behalf of the merchant who installs it. EU/UK residents may also lodge a complaint with their local data protection supervisory authority.

For California residents: you have the right to know what personal information we collect, to delete it, and to opt out of any sale (we do not sell personal information).

VOIDD is not directed at children under 13. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

We protect your data with industry-standard safeguards: encryption in transit (TLS 1.2+), encryption at rest, and least-privilege access controls. No system is perfectly secure; if we discover a breach affecting your data, we will notify you within 72 hours of becoming aware, as required by GDPR Article 33, or as otherwise required by applicable law.

Our processors operate globally. By using VOIDD, you consent to your data being transferred to and processed in jurisdictions where our processors have infrastructure, including the United States. We rely on Standard Contractual Clauses or equivalent safeguards where required.

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated via the VOIDD app dashboard or email to admins of stores that have VOIDD installed.

Privacy questions, data requests, or anything else: support@voidd.app