Hive Morph
Hive Morph Hive Morph

Data Handling & File Sync Policy

  • Home
  • Data Handling & File Sync Policy

Effective date: 2 July 2026
Last updated: 2 July 2026

This policy explains how HiveMorph collects, syncs, stores, processes, and
protects your Shopify store data — with specific detail on file synchronization, which is central to how our Service works.

For general privacy rights and contact information, see our Privacy Policy.


1. Overview

HiveMorph is an AI-powered website engineering tool for Shopify merchants.
To provide features like theme exploration, AI bug fixing, audits, preview,
and publish, we must maintain a synchronized copy of your theme source code
on our secure servers.

We never:

  • Sell or share your theme files with third parties
  • Use one merchant’s theme data to serve or train models for other merchants
  • Publish your theme source code externally
  • Access Shopify customer personal data or order data (we do not request
    those API permissions)

2. What data we sync and collect

2.1 Theme files (primary sync)

When you connect your store, HiveMorph copies your Shopify theme assets via
the Shopify Admin API using the permissions you grant at install:

DataExamplesStorage
Liquid templatestheme.liquid, product.liquid, sections, snippetsEncrypted database
Stylesheets & scripts.css, .js, .scss files in themeEncrypted database
Config filessettings_schema.json, config/settings_data.jsonEncrypted database
Binary assetsImages, fonts referenced in themeEncrypted database + metadata
File metadataPath, content hash, last-modified date, public URLEncrypted database

We also build derived data from synced files:

  • Search index for file explorer
  • Component dependency graph
  • Theme structure metadata

2.2 Store content (for audits)

For SEO, UX, accessibility, policy, and GDPR audits, we read:

DataFields accessedStored?
ProductsTitle, handle, body HTML, tags, SEO fields, imagesAudit results only (not full product DB)
CollectionsTitle, handle, body HTML, SEO fieldsAudit results only
Pages & blogsTitle, handle, body HTML, SEO fieldsAudit results only
Public storefront HTMLCrawled via HiveMorph-AuditBot user-agentParsed stats only; raw HTML not permanently stored

2.3 Data you provide

  • Account email and name
  • Organization and team membership
  • Bug descriptions, AI prompts, and support messages
  • Billing plan selections

2.4 Data we generate

  • Audit scores and findings
  • AI patch proposals and revision history
  • Version snapshots (taken before publish, for rollback)
  • Credit usage and billing event logs
  • Application logs for security and debugging

3. Why we sync theme files

FeatureWhy sync is required
File ExplorerBrowse and search your theme structure
File GraphShow dependencies between templates, snippets, and assets
AI Bug FixerRead surrounding code context to generate accurate patches
AuditsAnalyze Liquid templates, meta tags, accessibility markup
PreviewApply patches to a Shopify draft theme
PublishDeploy approved changes to your store
Version RollbackSnapshot theme state before changes so you can revert

Without theme sync, these features cannot function.


4. Where your data is stored

LayerTechnologyLocationContents
Primary databasePostgreSQL[e.g., AWS eu-west-1 / US-East]Theme file content, indexes, audits, credentials (encrypted), billing
Object storageS3-compatible (AWS S3 / Backblaze B2)[Same region]Version snapshots, export artifacts, preview screenshots
Cache / queuesRedisSame region as APIJob queues, temporary cache (no persistent theme content)

All data is encrypted:

  • In transit: TLS 1.2+ on all connections
  • At rest: Database encryption + AES-256-GCM for Shopify access tokens

5. How we protect your data

  1. Tenant isolation — Every record is scoped to your organization and store.
    No cross-merchant data access is possible at the application layer.
  2. Encrypted credentials — Shopify access tokens are encrypted before
    database storage and decrypted only at request time.
  3. Access controls — Production database access is restricted to authorized
    personnel with audit logging.
  4. No external sharing — Theme files are never published, sold, or
    distributed outside the Service.
  5. No cross-merchant reuse — Your theme data is never used to improve
    the Service for other merchants or to train shared AI models.

6. AI processing

When you use AI features (bug fixer, compliance fixes, recommendations),
we send to our AI provider (OpenAI):

  • Relevant theme file excerpts (scoped to the issue, not your entire theme
    unless a large refactor requires it)
  • Your description of the bug or compliance issue
  • Page/content context needed for the specific fix

We do not send:

  • Customer personal data (we do not have access to it)
  • Data from other merchants’ stores
  • Full theme dumps unless you explicitly trigger a large-scope action

AI providers process data only to fulfill your request. We configure API
access so your data is not used to train AI models. See Subprocessors.


7. Sync behavior

EventAction
First connectFull theme crawl — all assets downloaded and indexed
Manual re-syncFull or incremental re-crawl on your request
After publishRe-sync to reflect published state
Active theme changeDetected and flagged; re-sync recommended
Interrupted syncMarked as stale; auto re-sync available

Synced files are refreshed to stay current with your Shopify theme. We do
not modify your live theme without your explicit publish action.


8. Your controls

ActionHow
Review before publishAll AI changes go through draft theme preview
RollbackRestore from version snapshot (within retention window)
DisconnectUninstall HiveMorph from Shopify Admin → OAuth revoked
Delete dataAutomatic deletion after uninstall per Data Retention Policy
Export dataEmail support@hivemorph.com with your store domain
Revoke permissionsUninstall the app; we cannot access your store after token revocation

9. Data sharing

We share data only with:

RecipientPurposeData shared
ShopifyStore API access, billingPer OAuth scopes you approve
OpenAIAI generationTheme excerpts + prompts (per request)
Cloud infrastructureHosting and storageAll application data (encrypted)
Email providerSupport and transactional emailEmail address, message content

We do not sell personal data. See Subprocessors for the
full list.


10. International transfers

Data may be processed in UK and in cloud regions including
[US, EU, Asia], e.g., United States, European Union]. Where required by law,
we use Standard Contractual Clauses or equivalent safeguards.


11. Questions and requests

Data export or deletion: privacy@hivemorph.com
General support: support@hivemorph.com
Mailing address: HIVE MORPH, London Eve
Riverside Building, County Hall
Westminister Bridge Rd, London SE

7PB, UK

We respond to data requests within 30 days.