UndoHero Logo

UndoHero Privacy Policy

Last updated: January 2026

Introduction

UndoHero ("we", "our", "us") provides a product backup and recovery service for Shopify merchants. This Privacy Policy explains how we collect, use, and process your data when you install and use our app.

Information We Collect

When you install UndoHero, we automatically access certain types of information from your Shopify account:

  • Shop Data: We collect your shop ID, domain, and installation status to manage your account.
  • Product & Collection Data: We fetch full product details including titles, descriptions, variants, metafields, and collection mappings via Shopify's GraphQL API. We listen to product creation, update, and deletion webhooks to maintain an up-to-date snapshot of your catalog.
  • Media Assets: We retrieve product images and store them securely to enable media restoration.

How We Use Your Data

We use your data exclusively to provide the UndoHero service:

  • To save "snapshots" of your products when they are updated and mark them as deleted in our system when removed from your Shopify store.
  • To securely copy and store your product images in our system and restore them to your live store when requested.
  • To enforce monthly restore quotas based on your subscription plan.

Third-Party Service Providers

To operate our app securely, we share specific data with trusted infrastructure partners:

  • Mantle: We share your shopId to manage billing, subscription plans, and plan limits.
  • Amazon Web Services (AWS S3): We use AWS S3 to securely host and manage the image binaries copied from your store.
  • Gadget.dev: We use Gadget as our primary database and backend infrastructure to process internal APIs, background syncing, and snapshot storage.

Data Retention and Deletion

  • Active Use: Product snapshots and images are retained in our database and AWS S3 buckets to allow for restoration.
  • App Uninstallation: If you uninstall the app, we listen to the app/uninstalled and shop/redact webhooks to process the permanent deletion of your data. This triggers the removal of your product snapshots and the deletion of images from our AWS S3 storage.
  • Customer Data: Our app does not actively store or process end-customer personal identifying information (PII). However, we fully support Shopify's GDPR webhooks (customers/data_request and customers/redact) to ensure compliance if customer data deletion is ever requested.
← Back to UndoHero