Effective date: 2 July, 2026
Last updated: 2 July, 2026
HIVE MOPRH (“HiveMorph”, “we”, “us”, “our”) operates the HiveMorph
application and website at https://hivemorph.com and https://app.hivemorph.com.
This Privacy Policy explains how we collect, use, store, and delete information
when merchants install and use HiveMorph on their Shopify stores.
1. Who this policy applies to
- Merchants who install HiveMorph on their Shopify store
- Merchant team members who access the HiveMorph dashboard
- Store visitors only to the limited extent our audit crawler analyzes
public storefront pages (we do not collect end-customer account data)
2. Information we collect
2.1 Information from Shopify (via APIs)
When you connect your store, we access data authorized by the OAuth scopes
you approve:
| Data category | Examples | Purpose |
|---|---|---|
| Theme files | Liquid templates, snippets, CSS, JS, config JSON | Sync, audit, AI bug fixes, preview, publish, version rollback |
| Theme metadata | Theme ID, name, active status | Identify which theme to work on |
| Store content | Products, collections, pages, blogs (titles, handles, body HTML, SEO fields) | SEO, UX, accessibility, policy, and GDPR audits |
| Files | Theme assets and uploaded files via Shopify Files API | Theme editing and deployment |
| Shop information | Store domain, shop name | Authentication, store identification |
We do not request access to customer personal data, orders, or payment
information through Shopify APIs.
2.2 Theme file synchronization
HiveMorph synchronizes your Shopify theme files to our secure servers to
power our features. This includes:
- Full theme source code (templates, sections, snippets, assets)
- File hashes and modification timestamps
- Dependency graphs and search indexes built from theme files
- Version snapshots taken before publishing changes (for rollback)
Synced theme files are stored in our encrypted database and, for snapshots
and artifacts, in cloud object storage (AWS S3 or equivalent).
We never:
- Share, sell, or publish your theme files to third parties
- Use one merchant’s theme data to train models for or serve other merchants
- Reuse your theme content across different stores
2.3 Information you provide directly
- Account email and name (when you register or are provisioned via Shopify login)
- Organization and team membership details
- Support messages and feedback
- Billing and subscription selections
2.4 Information generated by the app
- Audit results (SEO, UX, performance, accessibility, policy, GDPR scores and findings)
- AI patch proposals and revision history
- Credit usage and billing event logs
- Application logs (errors, API requests) for debugging and security
2.5 Storefront crawling
For audits, our crawler (HiveMorph-AuditBot) fetches publicly accessible
storefront HTML. We analyze page structure, meta tags, accessibility signals,
and compliance indicators. We do not log individual shopper behavior or
drop tracking cookies on your customers’ browsers.
2.6 AI processing
When you use AI features (bug fixer, compliance fixes, recommendations),
relevant theme code, page content, and your prompts may be sent to our AI
provider(s) (currently OpenAI) to generate suggestions and patches.
- AI providers process data only to fulfill your request
- We configure AI providers to not use your data for model training
(per provider enterprise/API terms) - See our Subprocessors page for the current list
2.7 Cookies and local storage
The HiveMorph dashboard uses essential cookies and browser local storage for:
- Authentication session tokens
- UI preferences (language, sidebar state)
- Client-side state for in-progress work
We do not use third-party advertising cookies in the merchant dashboard.
3. How we use information
We use collected information solely to:
- Provide, operate, and improve HiveMorph features
- Sync, analyze, and modify your theme files at your direction
- Run audits and generate AI-powered recommendations
- Process billing and credit usage
- Provide customer support
- Ensure security, prevent fraud, and debug issues
- Comply with legal obligations
We do not use merchant data for advertising, sell data to third parties,
or build cross-merchant datasets.
4. Legal basis for processing (EEA/UK)
Where GDPR applies, we process data based on:
| Basis | When |
|---|---|
| Contract | Providing the service you signed up for |
| Legitimate interest | Security, fraud prevention, service improvement |
| Consent | Where required (e.g., optional marketing emails) |
| Legal obligation | Compliance with applicable law |
5. Data storage and security
- Database: PostgreSQL with encrypted credentials (AES encryption for
Shopify access tokens) - File storage: Cloud object storage (S3-compatible) for snapshots and artifacts
- Transit: TLS/HTTPS for all API and dashboard traffic
- Access controls: Role-based access; production access restricted to
authorized personnel - Isolation: Each merchant’s data is logically separated; no cross-tenant access
6. Data retention
| Data type | Retention while app is installed | After uninstall |
|---|---|---|
| Theme files (synced) | Retained while connected; refreshed on sync | Deleted within 30 days of shop/redact webhook |
| Version snapshots | Up to 90 days after creation, or until next publish overwrites | Deleted within 30 days of uninstall |
| Audit results | 12 months | Deleted within 30 days of uninstall |
| Billing/usage logs | 7 years (legal/tax requirements) | Anonymized; shop identifiers removed |
| Support tickets | 3 years | Retained for support history unless deletion requested |
| Application logs | 90 days | Automatically purged |
See our full Data Retention Policy for details.
7. Data deletion
When you uninstall HiveMorph
- Shopify sends an
APP_UNINSTALLEDwebhook — we immediately revoke your
access token and mark the connector inactive - Within 48 hours, Shopify sends a
shop/redactwebhook - Within 30 days of
shop/redact, we permanently delete:
- Synced theme files and indexes
- Audit results and patch history
- Version snapshots in cloud storage
- Encrypted Shopify credentials
- Shop-specific events and logs (identifiers anonymized where legally required to retain)
Customer data requests
HiveMorph does not store Shopify customer personal data. If Shopify sends
a customers/data_request or customers/redact webhook, we confirm receipt
and respond that no customer PII is held by our application.
Merchant data requests
Merchants may request export or deletion of their data by contacting
[privacy@hivemorph.com]. We respond within 30 days.
8. International transfers
We may process data in [COUNTRY/REGION] and using cloud infrastructure
in [e.g., United States, EU]. Where required, we rely on Standard
Contractual Clauses or equivalent safeguards for cross-border transfers.
9. Your rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict or object to processing
- Data portability
- Withdraw consent (where processing is consent-based)
- Lodge a complaint with a supervisory authority
Contact us at [privacy@hivemorph.com] to exercise these rights.
10. Children
HiveMorph is a B2B service for merchants. We do not knowingly collect
data from individuals under 16.
11. Changes to this policy
We may update this policy. We will notify merchants of material changes
via the app or email. Continued use after changes constitutes acceptance.
12. Contact us
HIVE MORPH
London Eve
Riverside Building, County Hall
Westminister Bridge Rd, London SE
7PB, UK
Email: [privacy@hivemorph.com]
Support: [support@hivemorph.com]
Website: https://hivemorph.com
Data Protection Officer (if applicable): [dpo@hivemorph.com]

