Company
Privacy Policy
Last updated: May 1, 2026
This policy explains what data EditEngine can access when you install it on a Shopify store, what we do with it, and what your rights are. EditEngine is operated by Profitonium Apps ("we", "us"), based in Pune, India.
Plain-English summary. We use Shopify data to run the app: previewing, applying, importing, exporting, scheduling, and undoing catalog edits. Shopify may show broader data access on the install screen because some app scopes include customer, order, staff, Online Store, file, location, and sales-channel resources. We don't sell that data, use it for advertising, or train AI models on it. We store merchant data only as long as needed to operate the app, support undo, and meet legal obligations.
1. Who this policy applies to
This policy covers:
- Merchants who install EditEngine on their Shopify store.
- Customers of those stores, whose data may be included in Shopify resources that the app is authorized to access.
It does not cover the Profitonium Apps website or other Profitonium products. Those have their own policies.
2. What data we collect
From merchants (you)
When you install EditEngine, we receive from Shopify:
- Store identification: shop domain (e.g.
your-store.myshopify.com), shop ID, plan, country, primary locale. - Authentication tokens issued by Shopify to let EditEngine make API calls on your behalf.
- Contact email associated with your Shopify account, used for support and important product notices.
When you contact support, we also receive whatever information you choose to send us (typically: a description of your issue, screenshots, your store URL).
From your Shopify store
To do its job, EditEngine reads and writes Shopify resources needed for catalog editing, imports, exports, undo, scheduling, support, and platform compliance:
- Products: title, handle, description, vendor, type, tags, status, SEO metadata, theme template, options.
- Variants: price, compare-at price, SKU, barcode, cost, weight, inventory policy, tax settings, country of origin, HS codes.
- Customers and orders, when Shopify grants these scopes as part of the installed app access. We do not use customer or order data for advertising, resale, or unrelated profiling.
- Staff and contributor data, when Shopify exposes it for store ownership, authentication, audit, or support context.
- Collections, to let you filter products by collection.
- Metafields, when you opt to edit or delete metafields.
- Inventory items and locations, when editing inventory-related fields.
- Files and images, only when you opt to bulk-edit images (read-only metadata).
- Online Store, sales channel, and Shopify admin resources, when needed for publishing, theme template, file, navigation, or data-access workflows.
The current access list is shown by Shopify on the install screen before you accept.
What we don't collect
- We do not sell, rent, or trade customer personal data.
- We do not use customer or order data for advertising, unrelated profiling, or AI training.
- We do not track customer browsing behavior on your storefront.
- We do not use third-party advertising or marketing trackers inside the embedded app.
3. How we use the data
We use the data to:
- Execute bulk edits you've configured and previewed.
- Show the Edit Preview by reading current values and computing the proposed new values.
- Support undo and revert by storing a copy of the previous catalog values for each edited field.
- Operate the app: authentication, scheduled jobs, queued runs, error reporting.
- Provide customer support when you contact us.
- Comply with legal obligations (tax invoices, audit logs).
We do not use your data to train AI models, build aggregate datasets, or sell to third parties.
4. Where data is stored
EditEngine runs on infrastructure provided by:
- Google Cloud Platform for application servers, queued bulk-edit execution, and file exports (Google Cloud Storage).
- MongoDB Atlas as our primary database for store configuration, edit history, and undo snapshots.
Data is processed in regions we select for performance and reliability. Both providers are GDPR- and SOC 2-compliant and act as our data sub-processors.
5. How long we keep data
| Data | Retention |
|---|---|
| Edit history and undo snapshots | 90 days from the run, then deleted |
| Authentication tokens | Until you uninstall the app |
| Store configuration | Until you uninstall the app |
| Support email correspondence | 2 years for warranty and dispute purposes |
| Anonymized usage metrics | Indefinitely (no personal data) |
When you uninstall EditEngine, Shopify revokes our access and we delete merchant-identifying data within 30 days, except where retention is required for legal or tax reasons.
6. Data sharing
We share data only with:
- Shopify, by definition, since EditEngine runs as a Shopify app.
- Sub-processors listed in §4 (Google Cloud, MongoDB Atlas).
- Legal authorities if compelled by valid legal process.
We do not sell, rent, or trade merchant or customer data.
7. Your rights
Depending on your jurisdiction (GDPR, CCPA, India DPDP Act), you have the right to:
- Access the data we hold about you.
- Correct inaccurate data.
- Delete your data. Uninstalling the app triggers this; see §5.
- Export your data in a portable format.
- Object to specific processing.
- Withdraw consent where processing is consent-based.
Email hello@profitoniumapps.com to exercise any of these. We respond within 30 days.
8. Shopify's mandatory webhooks
Per Shopify's app requirements, EditEngine implements three GDPR webhooks:
customers/data_request: on receipt, we search for any personal data tied to the customer and return it through Shopify's required process.customers/redact: on receipt, we delete or redact any personal data tied to the customer unless retention is legally required.shop/redact: within 30 days of uninstall, all merchant-identifying data tied to that shop is deleted.
9. Security
- All data in transit is encrypted with TLS 1.2+.
- Data at rest is encrypted by our cloud providers (AES-256).
- Access to production systems is limited to authorized engineers and protected by strong authentication.
- We do not store payment information. Shopify handles billing for our app.
If you discover a security vulnerability, please email hello@profitoniumapps.com with the subject line "Security". We acknowledge reports within two working days.
10. Cookies and tracking
The marketing site you're reading does not use third-party advertising cookies. The embedded app inside Shopify uses only the session cookies necessary for authentication.
11. Children's privacy
EditEngine is a B2B tool sold to Shopify merchants. It is not directed at children under 16, and we do not knowingly collect data from them.
12. Changes to this policy
We update this policy when our data practices change. The "Last updated" date at the top reflects the most recent change. Material changes are announced via email to active merchants at least 14 days before they take effect.
13. Contact
Questions, requests, or complaints:
Profitonium Apps hello@profitoniumapps.com SR.N 6/3/2/2 Urban Forest, Opp Masulkar Farm BL 201 Kiwale Haveli, Pune, Maharashtra, 412101, India
If you're not satisfied with our response, you may contact your local data protection authority.
