Privacy Policy

Information We Collect

We collect information you provide directly to us when using our application, including:

• Store information: Your Shopify store name, domain (*.myshopify.com), and the email address associated with your Shopify account.
• Product data: Information about the products and product images you choose to watermark, including product titles, image URLs, file metadata (dimensions, format), and variant information.
• Logo files: Watermark logo images you upload to the application, stored securely for processing and re-application.
• Original images for rollback: When you apply a watermark, we store a backup reference to the original product image in your own Shopify Files so you can roll back any watermark application without data loss.
• Configuration settings: Your preferences within the application, including watermark placement, opacity, scale, rotation, auto-watermark settings, and language preferences.

We automatically collect certain information when you use our application:

• Usage data: Information about how you interact with our application, including features used and actions taken.
• Device information: Browser type, operating system, and device identifiers.
• Performance data: Web Vitals metrics (LCP, CLS, INP) reported through Shopify's App Bridge to monitor and improve application performance.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our application and services.
• Process and apply watermarks to your selected product images.
• Manage your watermark configurations, plan limits, and billing through Shopify's Managed Pricing.
• Respond to your comments, questions, and customer service requests.
• Send you technical notices, updates, and support messages.
• Monitor and analyze trends, usage, and activities in connection with our application.
• Detect, investigate, and prevent fraudulent transactions and other illegal activities.

Log Files

Viking Watermark follows standard procedures for using log files. These files log visitors when they use our application. The information collected may include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamps, referring/exit pages, and HTTP request metadata. This information is not linked to any personally identifiable information beyond the merchant's Shopify store domain. The purpose of the information is for analyzing trends, administering the application, troubleshooting errors, and gathering aggregate usage information.

Cookies and Web Beacons

Viking Watermark uses a minimal set of cookies necessary for application functionality:

• Session tokens: Provided by Shopify App Bridge to authenticate embedded admin sessions.
• Locale preference: A first-party cookie (app-locale) stored with SameSite=None; Secure; Partitioned (CHIPS-compliant) to remember your preferred language across sessions.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies.

Where Your Data Is Stored

Viking Watermark stores merchant data primarily in the United States:

• Application database (Supabase, AWS US-East-1, N. Virginia): Store records, watermark configurations, and image processing metadata.
• Cache layer (Upstash, AWS US-East-1): Short-lived performance cache and background job queue.
• Application servers (Fly.io, Ashburn VA): Application runtime; no persistent merchant data is stored on application servers.
• Email delivery (Resend, US): Transactional email for support requests and notifications.
• Marketing site contact form (Formspree, US): When you submit the contact form on vikingwatermark.com, your name, email, optional Shopify store URL, subject, and message are processed by Formspree to deliver the message to our support inbox. Used only for marketing site enquiries — not for in-app support.

The following sub-processors handle limited categories of data outside the United States:

• Error tracking (Sentry GmbH, Germany — EU): Anonymized error reports and stack traces to help us debug production issues. No merchant credentials, customer data, or product images are transmitted to Sentry.
• Live chat (Crisp IM SAS, France — EU): If you open the in-app live chat, the messages you send, your Shopify store domain, and basic browser metadata are processed by Crisp so we can reply. Chat is optional — closing the widget stops further data flow. No product images or merchant credentials are transmitted.

Third-Party Services

Viking Watermark integrates with and shares limited data with the following service providers, each governed by their own privacy policy:

• Shopify: As our application operates on the Shopify platform, certain data is shared with Shopify in accordance with their terms and privacy policy.
• Supabase, Inc.: Database hosting (US).
• Upstash, Inc.: Caching and queue infrastructure (US).
• Fly.io, Inc.: Application hosting and compute (US).
• Sentry GmbH: Error tracking and observability (Germany).
• Resend, Inc.: Transactional email delivery (US).
• Formspree, Inc.: Marketing site (vikingwatermark.com) contact-form delivery and spam prevention (US).
• Crisp IM SAS: Live chat support widget (France — EU). Loaded only when you open the chat.

We advise you to consult the respective Privacy Policies of these services for more detailed information.

CCPA Privacy Rights (California Residents)

Under the California Consumer Privacy Act (CCPA), California consumers have the right to:

• Request that a business that collects personal data disclose the categories and specific pieces of personal data collected.
• Request that a business delete any personal data collected about the consumer.
• Request that a business that sells personal data not sell the consumer's personal data. (Viking Watermark does not sell personal data.)

If you are a California resident and would like to exercise any of these rights, please contact us at support@vikingwatermark.com.

GDPR Data Protection Rights (EU/EEA Residents)

Viking Watermark is operated from Turkey and we comply with the General Data Protection Regulation (GDPR). If you are a resident of the European Union or European Economic Area, you have the following data protection rights:

• Right to access: You have the right to request copies of your personal data.
• Right to rectification: You have the right to request that we correct inaccurate or incomplete information.
• Right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• Right to data portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. To exercise any of these rights, please contact us at support@vikingwatermark.com.

In addition to these rights, Viking Watermark honours Shopify's mandatory GDPR webhooks. When a merchant or buyer initiates a data request or deletion through Shopify, we automatically:

• Respond to customers/data_request webhooks with any relevant data we hold.
• Permanently delete data identified by customers/redact webhooks within 30 days.
• Permanently delete all merchant data identified by shop/redact webhooks within 48 hours of an uninstall.

Children's Information

Viking Watermark does not knowingly collect any Personal Identifiable Information from children under the age of 13. The application is intended for use by Shopify merchants who must be at least 18 years of age (or the age of majority in their jurisdiction) per Shopify's Terms of Service. If you think that a child provided this kind of information through our application, please contact us immediately and we will do our best to promptly remove such information from our records.

Data Retention

We retain your information for as long as your Shopify store has the application installed. When you uninstall the application from your Shopify store, we will retain your data for a brief reasonable period (up to 48 hours) to allow for accidental-uninstall recovery and to satisfy Shopify's shop/redact webhook timing. After this period, your data is permanently deleted from our systems, including:

• Watermark configurations and settings
• Logo files you uploaded
• Watermarked image references and rollback metadata
• Merchant preference records (locale, etc.)
• Cached records in Upstash

Aggregate usage data and error logs may be retained for longer periods in anonymized form (no personally identifiable data) for analytics and product improvement.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. You are advised to review this Privacy Policy periodically for any changes.

Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: