Privacy Policy

1. Who we are

XyberDreams ("XyberDreams", "we", "us") provides a Shopify application and platform that turns a merchant’s product pages into interactive 3D product experiences. This Privacy Policy explains what information we access, how we use it, and how we protect it when a merchant installs and uses our app.

2. Information we access and store

When a merchant installs our app, Shopify grants us an access token scoped to the permissions the merchant approves (such as reading products and editing themes). We store the merchant’s store domain, this access token, and related installation details so the app can operate on the store’s behalf.

To build and maintain a product experience, we access and store product information (such as titles, descriptions, images, options, and variants) and theme information needed to place and render the experience. We also store the experience configurations we generate for the merchant.

We do not collect or store shoppers’ personal information, and we do not process or store payment or checkout data. Orders and payments are handled entirely by Shopify.

3. How we use information

We use the information solely to provide and operate the service: to generate, deploy, update, and render product experiences on the merchant’s store, to keep experiences in sync with the merchant’s products, and to provide support. We do not sell merchant or shopper data.

4. Service providers

We rely on a small number of trusted providers to run the service: Shopify (the platform the app integrates with), Google Cloud Platform (data storage and hosting of generated assets), Vercel (application hosting), and AI service providers used to generate product experience content from product information. These providers process data only to provide their services to us.

5. Data retention and deletion

We retain a merchant’s data for as long as the app is installed. When the app is uninstalled, we delete the stored access token and brand record for that store. Merchants may also request deletion of their data at any time by contacting us.

We honor Shopify’s mandatory data-protection webhooks, including requests to redact shop data. Because we do not store shopper personal information, customer data requests and redaction requests contain no personal data for us to return or delete.

6. Security

Access tokens are stored server-side and are never exposed to browsers or third parties. We use industry-standard measures to protect the data we store and limit access to it.

7. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected on this page with an updated effective date.

8. Contact

For privacy questions or data requests, contact us at info@xyberdreams.com.