APIfy – Privacy Policy
BrainsOnTech — www.brainsontech.com · Last updated: January 25, 2026
1. Introduction
This Privacy Policy describes how BrainsOnTech (“we”, “us”, or “our”) collects, uses, and shares information when you install and use the APIfy application (“the App”) on your Shopify store.
APIfy is an API gateway application that allows Shopify merchants to create custom API endpoints, automate workflows, and connect their stores to external services.
By installing and using APIfy, you agree to the collection and use of information in accordance with this policy.
2. Data Controller
In compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws, the data controller is:
- Name: BrainsOnTech
- Website: www.brainsontech.com
- Contact email: info@brainsontech.com
3. Information We Collect
When you install and use APIfy, we collect the following categories of information:
3.1 Shopify Store Information
- Store domain (myshopify.com URL)
- Store owner email address
- Shopify access tokens (required for the App to function)
- Store locale and timezone settings
3.2 App Configuration Data
- API endpoints you create (URLs, headers, authentication settings)
- Request chains and workflow configurations
- Scheduled tasks and cron expressions
- Conditional routing rules
- Batch request configurations
- Webhook notification settings
3.3 Usage and Log Data
- API request logs (HTTP method, target URL, response status codes, response times)
- Execution history for chains, schedules, and batches
- Error messages and debugging information
- Health check results
- Feature usage statistics
3.4 Information We Do NOT Collect
APIfy does not directly collect or store:
- Your customers’ personal information (names, emails, addresses, phone numbers)
- Payment or credit card information
- Order details or transaction data
- Product information beyond what you explicitly configure in endpoints
Important: If you configure endpoints that access Shopify customer data or send it to external services, you are responsible for ensuring compliance with applicable privacy laws regarding that data.
4. How We Use Your Information
We use the collected information for the following purposes:
- Provide the Service: To operate APIfy, execute your configured endpoints, chains, schedules, and automations.
- Authentication: To verify your Shopify store and maintain secure access to the App.
- Billing: To manage your subscription plan through Shopify’s billing system.
- Support: To provide technical support and respond to your inquiries.
- Monitoring: To track request logs, errors, and usage for debugging and service improvement.
- Analytics: To understand how merchants use the App and improve features.
- Communication: To send important notifications about your account, service updates, or security alerts.
- Legal Compliance: To comply with applicable laws and respond to legal requests.
5. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data based on the following legal grounds:
- Contract Performance: Processing is necessary to provide the APIfy service as per our agreement when you install the App.
- Legitimate Interest: To improve our services, ensure security, and prevent fraud.
- Legal Obligation: To comply with applicable laws and regulations.
- Consent: Where required, such as for marketing communications (which you can withdraw at any time).
6. Information Sharing and Disclosure
We do not sell your personal information. We may share your information with:
6.1 Service Providers
- Shopify: As the platform provider, Shopify processes installation and billing data.
- Hosting Providers: Our servers and databases are hosted on secure cloud infrastructure.
- Analytics Tools: To understand App usage and improve the service.
6.2 External APIs (Configured by You)
When you configure endpoints in APIfy, requests are sent to the external services you specify (e.g., Slack, Stripe, HubSpot). The data sent to these services is determined by your configuration. We act as a processor for routing these requests.
6.3 Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect our rights, privacy, safety, or property.
7. Data Retention
We retain your data as follows:
- Account Data: Retained while your App is installed and for 30 days after uninstallation to allow for reinstallation.
- Request Logs: Retained for 30 days, then automatically deleted.
- Execution History: Retained for 30 days.
- Configuration Data: Retained while your App is installed. Deleted upon uninstallation or upon your request.
- Billing Records: Retained as required by law for accounting purposes.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication using Shopify OAuth 2.0
- Access controls and authentication for all systems
- Regular security assessments and updates
- Secure cloud infrastructure with industry-standard protections
While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
9. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Data processing agreements with our service providers
- Compliance with applicable data protection frameworks
10. Your Rights
Under the GDPR and other applicable laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your data (“right to be forgotten”).
- Restriction: Request limitation of processing in certain circumstances.
- Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise these rights, contact us at info@brainsontech.com.
If you believe your rights have not been properly addressed, you may lodge a complaint with your local data protection authority (in Spain, the Agencia Espanola de Proteccion de Datos – AEPD).
11. Shopify Data Protection
APIfy complies with Shopify’s Partner Program Agreement and API Terms of Use. We implement Shopify’s mandatory compliance webhooks:
- Customer Data Request: We respond to requests for customer data within 30 days.
- Customer Data Erasure: We delete customer data upon receiving erasure requests.
- Shop Data Erasure: We delete all shop data within 48 hours of app uninstallation or upon receiving shop redact requests.
12. Children’s Privacy
APIfy is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor without parental consent, we will take steps to delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy on this page with a new “Last updated” date
- Sending a notification through the App or email for significant changes
We encourage you to review this policy periodically.
14. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
- Email: info@brainsontech.com
- Website: www.brainsontech.com
- App Support: info@brainsontech.com