Effective date: May 22, 2026
Who we are: K1 Apps LLC, 30 N Gould St, STE R, Sheridan, WY 82801, USA ("we", "us", "our").
Contact: support@k1apps.com
This Privacy Policy explains how we collect, use, and protect personal data in connection with the K1 Upload Files Shopify application (the "App"), which enables merchants to receive file uploads from buyers on product pages, attach files to existing orders via secure magic links, and download attached files in bulk. For the K1 Apps website (k1apps.com), see our Website Privacy Policy.
Merchant data (Shop data). When you install and use the App, we act as an independent controller for your merchant/account information needed to operate, support, and improve the App (e.g., subscription, App settings, upload rules, widget design, diagnostics).
Store customer data and uploaded files processed via Shopify APIs and the App. When buyers (your End‑Customers) upload files through the App's storefront widget or magic links, and when our App reads or writes limited order/product data, we act as a processor on your behalf. You remain the controller for your customers' data and the contents of their uploads. We process this data only under your documented instructions (the actions & logic you configure in the App, including Upload Rules, accepted file types, size limits, and magic‑link parameters). We do not re‑purpose customer data or file contents.
Data Processing Addendum (DPA). We offer a Controller‑Processor DPA with SCCs/UK Addendum at K1 Upload Files DPA.
End‑customers. Where buyers interact with the App directly — by uploading a file on a product page or via a magic link sent by you — we process their submissions on your behalf. We do not market to End‑Customers and do not contact them outside of what is strictly required to deliver the upload workflow you configure.
We collect the minimum data necessary to run the App reliably, support you, and understand product usage.
When a buyer or magic‑link recipient uploads a file through the App, we store the file in encrypted object storage (Cloudflare R2) and record the following metadata in our database: filename, file size, MIME type / detected file type (verified via magic bytes), upload timestamp, antivirus scan result, associated Shopify order ID (once linked), associated Upload Rule ID, and a privacy‑safe identifier. File contents may include personal data of your End‑Customers (for example, images, scanned documents, design briefs, photographs) — the actual categories depend entirely on what you configure the App to accept and what your End‑Customers choose to upload.
Shop identifiers (theme name/ID/version, storefront/locale settings, location settings, time zone), catalog context (product/variant IDs, collection IDs/titles, Upload Rule configuration, conflict logs, UI preferences), order context (orders to which uploads are attached), magic‑link records (hashed tokens, expiry, single‑use vs multi‑use flag), and technical logs (timestamps, request IDs, API errors, App version, device data).
If you contact our support widget, the App may pass helpful shop context to reduce back‑and‑forth and speed resolution (e.g., store URL, installed theme name/ID, shop locale, time zone, App version, purely technical diagnostics such as feature flags, onboarding status). You can ask us to remove or limit what's shared.
Mixpanel (pseudonymous event data about admin UI usage, device/OS/browser, performance metrics); Hotjar (optional session insights for admin interface; we mask input fields where feasible and avoid capturing sensitive text; no storefront replays and no capture of uploaded file content); Mantle (install & lifecycle telemetry; no end‑customer personal data and no file content).
Business contact information, such as email — we send operational/service emails needed to run the App (e.g., technical, security/reliability, onboarding, antivirus quarantine notifications, storage quota warnings). We may also send brief product communications that help improve quality and support (tips, highlights, short surveys) and limited information about closely related features or services. You can opt out of non‑operational emails at any time by contacting support@k1apps.com (transactional/service notices may still be sent).
We process data for the following purposes, under these typical legal bases:
| Purpose | Examples | Legal bases |
|---|---|---|
| Provide & operate the App | Accept resumable uploads, store files in R2, scan files with antivirus, attach files to orders, generate magic links, build bulk ZIP downloads, render the storefront widget per your Upload Rules, maintain uptime/security | Performance of our agreement with your organization (Terms and Conditions); legitimate interests (operate a reliable app) |
| Support & diagnostics | Troubleshoot via Tidio, reproduce issues, communicate resolutions | Performance of our agreement (Terms and Conditions); legitimate interests |
| Product analytics & UX research | Understand feature adoption (Mixpanel), optional session insights (Hotjar), improve onboarding & performance, develop new features | Legitimate interests |
| Security, antivirus & abuse prevention | Scan every uploaded file with ClamAV, quarantine malicious content, detect misuse, protect APIs and infrastructure, audit access | Legitimate interests; legal obligations |
| Compliance | Respond to data subject requests (Shopify GDPR webhooks); maintain records; tax/transactional communications | Legal obligations |
| Product communications & quality insights | Operational updates, relevant tips/highlights, short surveys; where permitted, info on closely related features/services | Legitimate interests (operate/improve the App and inform existing business users) |
Our admin UI and documentation may use cookies or local storage for authentication, preferences, and analytics (Mixpanel) plus optional session insights (Hotjar) — admin interface only. The storefront upload widget itself does not set tracking cookies. If you prefer, you can email support@k1apps.com and we will disable Hotjar session capture for your shop.
We share data only with service providers that help us run the App (e.g., Shopify platform services; Cloudflare R2 — object storage; Hetzner Online — cloud hosting and primary processing; Mixpanel — product analytics; Hotjar — optional session insights; Mantle — install/lifecycle telemetry; Tidio — in‑app support chat; Twilio SendGrid — service emails; Sentry — error and performance logging; Better Stack — log aggregation and uptime monitoring). We require appropriate contractual safeguards and limit access to the minimum necessary. Our up‑to‑date Subprocessor List (vendor, service, country, DPF/SCC status) is published at the end of this document.
Advance notice. We will notify at least 30 days in advance of material changes to subprocessors; you may object within that time.
Our providers may process data outside your country. Where data is transferred internationally, we rely on appropriate safeguards and measures:
We keep data only as long as needed for the purposes above, to comply with law, or to resolve disputes. Our retention schedule:
| Data Category | Purpose | Retention |
|---|---|---|
| Uploaded files attached to an order | Order fulfilment, merchant access | 3 months after the order's creation date, then delete from R2 and database |
| Orphan uploads (not yet attached to an order) | Reliability of upload sessions | 24 hours after creation, then delete from R2 and database |
| Quarantined files (failed antivirus scan) | Security | Deleted from R2 immediately upon quarantine; metadata kept up to 90 days for security audit |
| Temporary ZIP archives (bulk download) | Bulk download delivery | 1 hour after generation, then delete from R2 |
| Magic‑link records | Order‑level upload requests | Until the link's expiry date (default 7 days) plus a short audit window, then delete |
| Shop configuration, Upload Rules, widget design, UI translations | Operate the App; audit | Active subscription + 30 days after uninstall (shop/redact triggers immediate purge), then delete/anonymize |
| Error/diagnostic logs (Sentry) | Reliability & security | 90 days |
| Application logs (Better Stack) | Operations & security | 30–90 days depending on retention tier |
| Analytics (Mixpanel) | Product analytics | 14 months (or shorter if tool allows) |
| Session replays (Hotjar) | UX research | 30 days max |
| Support chats (Tidio) | Support history | 12 months from last interaction |
| Webhook delivery logs | Compliance proof | 30 days |
| Billing & accounting records | Tax/audit compliance | 7 years |
| Database backups | Disaster recovery | 30 days; deletion cascades within that window |
If deletion conflicts with legal retention obligations (e.g. tax/audit), we will retain only what's necessary and isolate it from routine use.
We use industry‑standard safeguards including:
No internet service is 100% secure, but we continuously work to protect your data and promptly remediate incidents. We assess incidents promptly and notify affected merchants and authorities as required by law (GDPR/UK/Law 25).
Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or port your personal data. As a Shopify app, we also support Shopify's mandatory privacy webhooks (see §11) to help you satisfy requests from your customers, including requests to delete buyer‑uploaded files.
Response timelines & verification. We respond within 1 month (GDPR/UK) or 45 days (US states). We verify identity via admin email/domain verification or reasonable equivalent.
Appeals (US states). If we deny a request, you may appeal within 30 days by writing to privacy@k1apps.com. We will respond within 45 days.
To exercise your rights or ask questions, contact support@k1apps.com.
Analytics & replays. We use Mixpanel (pseudonymous) for product analytics and may use Hotjar session insights in the admin. If you prefer to opt out of Hotjar for your shop, email support@k1apps.com and we'll disable it.
Global Privacy Control (GPC). Where applicable, we honor Global Privacy Control (GPC) and similar browser signals for "sale"/"sharing" and targeted ads. (We do not sell/share personal information.)
Support context to Tidio. You can ask us to limit or turn off automatic shop‑context sharing; we can handle your request via email instead.
Email preferences. We send operational/service emails necessary to run the App. We may also send concise product communications that help improve quality and support and information about closely related features/services. You can opt out of non‑operational emails via support@k1apps.com or the unsubscribe link (where available).
We subscribe to and honor Shopify's mandatory privacy topics so you can meet your obligations:
Deletion SLA. On shop/redact, we erase shop data and uploaded files from our systems within 30 days (sooner where possible). customers/redact requests are completed promptly upon webhook receipt. You can also request deletion via email.
Cloudflare R2 (object storage). Primary storage for uploaded files, temporary ZIP archives, and merchant‑uploaded widget icons. Files are encrypted at rest. Access is gated by short‑lived presigned URLs. Cloudflare is a Data Privacy Framework participant.
Hetzner (cloud hosting). US‑based cloud infrastructure hosting for our application, database, Redis queue, and antivirus worker. Primary processing and storage of structured data occurs in the United States (Hetzner US region). Transfers from the EEA/UK rely on the 2021 EU SCCs (Modules 2/3) with the UK Addendum/IDTA (as applicable), plus supplementary technical measures (e.g., encryption in transit and at rest).
ClamAV (self‑hosted antivirus). Runs on our infrastructure (no external sub‑processor) to scan every uploaded file before it becomes available. Signature updates are pulled from the ClamAV project.
Mixpanel (admin analytics). Used to understand feature adoption and improve UX. We do not use Mixpanel for advertising. Data is pseudonymous and focused on App UI usage.
Hotjar (session insights). Used occasionally to review how merchants interact with our admin screens. We focus on layout/navigation issues, mask input fields where feasible, and do not capture storefront sessions or uploaded file content.
Mantle (install telemetry). Used to monitor installation health, onboarding progress, and aggregate reliability metrics. We do not send end‑customer personal data or file content to Mantle.
Tidio (support). Used to provide real‑time chat and faster support. We pass helpful shop context (see §2C) to accelerate troubleshooting. You can always contact us by email instead.
Twilio SendGrid (email). Delivery of service emails and permitted product communications (see §§2 and 10). Includes standard message metadata (recipient address, timestamps, delivery status).
Sentry (error and performance logging). Error and performance telemetry to improve reliability. We scrub sensitive fields and avoid collecting customer payload content or uploaded file content.
Better Stack (logs & uptime). Centralized application logs and uptime monitoring. Logs are designed to exclude file content and to minimize personal data.
Our App is intended for businesses. We do not knowingly collect personal data from children. You must not configure the App to collect uploads from children under 16 (or the applicable age of consent in your jurisdiction) without appropriate verifiable parental consent obtained by you.
We may update this Policy from time to time. We will post the updated version in‑app and update the "Effective date" above.
Company: K1 Apps LLC
Address: 30 N Gould St, STE R, Sheridan, WY 82801, USA
General inquiries: support@k1apps.com
Privacy inquiries: privacy@k1apps.com
This appendix lists our current subprocessors. We will notify at least 30 days in advance of material changes (add/replace) and provide an opportunity to object.
| Vendor | Service (Purpose) | Country/Region | Transfer Mechanism (DPF/SCC/UK Addendum) |
|---|---|---|---|
| Shopify Inc. and affiliates | Platform APIs & privacy webhooks | Various | See Shopify transfer statements |
| Cloudflare, Inc. | R2 object storage for uploaded files and temporary archives | Global (data primarily stored in chosen region) | DPF/SCC/UK Addendum (as applicable) |
| Hetzner Online GmbH | Cloud hosting (application, database, queue, antivirus worker) | US | SCCs (EU 2021 — Modules 2/3) + UK Addendum/IDTA |
| Mixpanel, Inc. | Product analytics (admin only) | US | DPF/SCC/UK Addendum (as applicable) |
| Hotjar Ltd. (optional) | Session insights (admin only) | EU | DPF/SCC/UK Addendum (as applicable) |
| Tidio | In‑app support chat | EU/US | DPF/SCC/UK Addendum (as applicable) |
| Mantle | Telemetry/diagnostics | TBD | TBD |
| Twilio SendGrid, Inc. | Service emails and permitted product communications | US | DPF/SCC/UK Addendum (as applicable) |
| Sentry (Functional Software, Inc.) | Error & performance logs | EU/US | DPF/SCC/UK Addendum (as applicable) |
| Better Stack (Productive Pulse s.r.o.) | Log aggregation & uptime monitoring | EU | SCCs (EU 2021) where applicable |