Privacy Policy

Last updated: January 2026

CSV Import Guardian ("we", "our", or "the app") is a Shopify application that validates CSV files before import. This privacy policy explains how we handle your data when you use our service.

Data We Access

To provide CSV validation services, CSV Import Guardian accesses the following data from your Shopify store:

  • Products: Product titles, handles, SKUs, variants, prices, and inventory levels for validation against your CSV
  • Customers: Customer emails and identifiers to validate customer CSV imports
  • Inventory: Location names and inventory levels to validate inventory CSV imports
  • Orders: Order identifiers to validate order CSV imports
  • URL Redirects: Existing redirects to check for conflicts

Important: We only access this data when you actively use the app to validate a CSV file. Data is fetched on-demand and is not continuously monitored.

Data We Store

CSV Import Guardian is designed with privacy in mind. We minimize data storage to only what is strictly necessary:

What We DO Store

  • Session tokens: Required for app functionality and authentication with your Shopify store
  • Shop domain: To identify your store and maintain your session

What We DO NOT Store

  • We do NOT permanently store any product data
  • We do NOT permanently store any customer data
  • We do NOT permanently store any order data
  • We do NOT store uploaded CSV files
  • We do NOT store validation results or reports
  • We do NOT use cookies for tracking purposes

How We Process Data

  1. CSV Upload: When you upload a CSV file, it is processed entirely in your browser's memory. The file content is never saved to our servers.
  2. Validation: Your shop data is fetched from Shopify's API and compared with your CSV in memory. This data is discarded immediately after validation completes.
  3. Results: Validation results are displayed in your browser and are not stored on our servers.
  4. Export: If you export a fixed CSV, it is generated in your browser and downloaded directly to your device.

All shop data processing happens in memory and is discarded immediately after validation. No customer or product data is ever written to persistent storage.

Data Retention

  • Session data: Stored only while the app is installed. Deleted immediately when you uninstall the app.
  • Shop data: Temporarily cached in memory during validation (typically less than 1 hour). Never persisted to disk.
  • CSV content: Processed in browser memory only. Never transmitted to or stored on our servers.

GDPR Compliance

CSV Import Guardian is designed to be GDPR compliant:

  • Right to Access: We do not store customer personal data. The only data we store (session tokens) is available to you through this app.
  • Right to Erasure: Uninstalling the app immediately deletes all stored data. We also respond to Shopify's mandatory GDPR webhooks.
  • Data Minimization: We only access the minimum data required to provide CSV validation services.
  • Purpose Limitation: Data is only used for CSV validation and is never used for marketing, analytics, or sold to third parties.

Third-Party Services

CSV Import Guardian uses the following third-party services:

  • Shopify API: To access your store data for validation. Governed by Shopify's privacy policy.
  • Hosting Provider: Our infrastructure provider for running the application. They do not have access to your shop data.

We do NOT share your data with any other third parties, advertisers, or data brokers.

Security

We take security seriously:

  • All communications are encrypted using HTTPS/TLS
  • We use Shopify's secure OAuth for authentication
  • Session tokens are stored securely and encrypted
  • We follow Shopify's security best practices
  • Our application undergoes regular security reviews

Deleting Your Data

To delete all data associated with your store:

  1. Navigate to your Shopify admin panel
  2. Go to Settings → Apps and sales channels
  3. Find CSV Import Guardian and click "Uninstall"

Upon uninstallation, all session data is immediately and permanently deleted. Since we don't store any other data, there is nothing else to delete.

Governing Law and Jurisdiction

This privacy policy is governed by the laws of the Federal Republic of Germany, without regard to its conflict of law provisions.

Any disputes arising from or relating to this privacy policy shall be subject to the exclusive jurisdiction of the courts in Saarland, Germany.

Note: This policy is provided in English. The English version is legally binding. Any translations are provided for convenience only.

Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the app or via email. Continued use of the app after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us:

Robin Spanier Softwareentwicklung

Email: robin.spanier@robspan.de

We aim to respond to all privacy-related inquiries within 48 hours.

CSV Import Guardian - CSV Validation for Shopify