Hive Morph
Hive Morph Hive Morph

Privacy Policy

Effective date: 2 July, 2026
Last updated: 2 July, 2026

HIVE MOPRH (“HiveMorph”, “we”, “us”, “our”) operates the HiveMorph
application and website at https://hivemorph.com and https://app.hivemorph.com.

This Privacy Policy explains how we collect, use, store, and delete information
when merchants install and use HiveMorph on their Shopify stores.


1. Who this policy applies to

  • Merchants who install HiveMorph on their Shopify store
  • Merchant team members who access the HiveMorph dashboard
  • Store visitors only to the limited extent our audit crawler analyzes
    public storefront pages (we do not collect end-customer account data)

2. Information we collect

2.1 Information from Shopify (via APIs)

When you connect your store, we access data authorized by the OAuth scopes
you approve:

Data categoryExamplesPurpose
Theme filesLiquid templates, snippets, CSS, JS, config JSONSync, audit, AI bug fixes, preview, publish, version rollback
Theme metadataTheme ID, name, active statusIdentify which theme to work on
Store contentProducts, collections, pages, blogs (titles, handles, body HTML, SEO fields)SEO, UX, accessibility, policy, and GDPR audits
FilesTheme assets and uploaded files via Shopify Files APITheme editing and deployment
Shop informationStore domain, shop nameAuthentication, store identification

We do not request access to customer personal data, orders, or payment
information through Shopify APIs.

2.2 Theme file synchronization

HiveMorph synchronizes your Shopify theme files to our secure servers to
power our features. This includes:

  • Full theme source code (templates, sections, snippets, assets)
  • File hashes and modification timestamps
  • Dependency graphs and search indexes built from theme files
  • Version snapshots taken before publishing changes (for rollback)

Synced theme files are stored in our encrypted database and, for snapshots
and artifacts, in cloud object storage (AWS S3 or equivalent).

We never:

  • Share, sell, or publish your theme files to third parties
  • Use one merchant’s theme data to train models for or serve other merchants
  • Reuse your theme content across different stores

2.3 Information you provide directly

  • Account email and name (when you register or are provisioned via Shopify login)
  • Organization and team membership details
  • Support messages and feedback
  • Billing and subscription selections

2.4 Information generated by the app

  • Audit results (SEO, UX, performance, accessibility, policy, GDPR scores and findings)
  • AI patch proposals and revision history
  • Credit usage and billing event logs
  • Application logs (errors, API requests) for debugging and security

2.5 Storefront crawling

For audits, our crawler (HiveMorph-AuditBot) fetches publicly accessible
storefront HTML. We analyze page structure, meta tags, accessibility signals,
and compliance indicators. We do not log individual shopper behavior or
drop tracking cookies on your customers’ browsers.

2.6 AI processing

When you use AI features (bug fixer, compliance fixes, recommendations),
relevant theme code, page content, and your prompts may be sent to our AI
provider(s) (currently OpenAI) to generate suggestions and patches.

  • AI providers process data only to fulfill your request
  • We configure AI providers to not use your data for model training
    (per provider enterprise/API terms)
  • See our Subprocessors page for the current list

2.7 Cookies and local storage

The HiveMorph dashboard uses essential cookies and browser local storage for:

  • Authentication session tokens
  • UI preferences (language, sidebar state)
  • Client-side state for in-progress work

We do not use third-party advertising cookies in the merchant dashboard.


3. How we use information

We use collected information solely to:

  • Provide, operate, and improve HiveMorph features
  • Sync, analyze, and modify your theme files at your direction
  • Run audits and generate AI-powered recommendations
  • Process billing and credit usage
  • Provide customer support
  • Ensure security, prevent fraud, and debug issues
  • Comply with legal obligations

We do not use merchant data for advertising, sell data to third parties,
or build cross-merchant datasets.


4. Legal basis for processing (EEA/UK)

Where GDPR applies, we process data based on:

BasisWhen
ContractProviding the service you signed up for
Legitimate interestSecurity, fraud prevention, service improvement
ConsentWhere required (e.g., optional marketing emails)
Legal obligationCompliance with applicable law

5. Data storage and security

  • Database: PostgreSQL with encrypted credentials (AES encryption for
    Shopify access tokens)
  • File storage: Cloud object storage (S3-compatible) for snapshots and artifacts
  • Transit: TLS/HTTPS for all API and dashboard traffic
  • Access controls: Role-based access; production access restricted to
    authorized personnel
  • Isolation: Each merchant’s data is logically separated; no cross-tenant access

6. Data retention

Data typeRetention while app is installedAfter uninstall
Theme files (synced)Retained while connected; refreshed on syncDeleted within 30 days of shop/redact webhook
Version snapshotsUp to 90 days after creation, or until next publish overwritesDeleted within 30 days of uninstall
Audit results12 monthsDeleted within 30 days of uninstall
Billing/usage logs7 years (legal/tax requirements)Anonymized; shop identifiers removed
Support tickets3 yearsRetained for support history unless deletion requested
Application logs90 daysAutomatically purged

See our full Data Retention Policy for details.


7. Data deletion

When you uninstall HiveMorph

  1. Shopify sends an APP_UNINSTALLED webhook — we immediately revoke your
    access token and mark the connector inactive
  2. Within 48 hours, Shopify sends a shop/redact webhook
  3. Within 30 days of shop/redact, we permanently delete:
  • Synced theme files and indexes
  • Audit results and patch history
  • Version snapshots in cloud storage
  • Encrypted Shopify credentials
  • Shop-specific events and logs (identifiers anonymized where legally required to retain)

Customer data requests

HiveMorph does not store Shopify customer personal data. If Shopify sends
a customers/data_request or customers/redact webhook, we confirm receipt
and respond that no customer PII is held by our application.

Merchant data requests

Merchants may request export or deletion of their data by contacting
[privacy@hivemorph.com]. We respond within 30 days.


8. International transfers

We may process data in [COUNTRY/REGION] and using cloud infrastructure
in [e.g., United States, EU]. Where required, we rely on Standard
Contractual Clauses or equivalent safeguards for cross-border transfers.


9. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Withdraw consent (where processing is consent-based)
  • Lodge a complaint with a supervisory authority

Contact us at [privacy@hivemorph.com] to exercise these rights.


10. Children

HiveMorph is a B2B service for merchants. We do not knowingly collect
data from individuals under 16.


11. Changes to this policy

We may update this policy. We will notify merchants of material changes
via the app or email. Continued use after changes constitutes acceptance.


12. Contact us

HIVE MORPH
London Eve
Riverside Building, County Hall
Westminister Bridge Rd, London SE

7PB, UK

Email: [privacy@hivemorph.com]
Support: [support@hivemorph.com]
Website: https://hivemorph.com

Data Protection Officer (if applicable): [dpo@hivemorph.com]