Latch — Privacy policy

← Back to home

Privacy Policy

Last updated: February 2025

Latch ("we", "our", or "the app") is a Shopify app that lets merchants gate product page content behind a password. This policy describes how we collect, use, and protect data when you use Latch.

1. Information we collect

1.1 Through Shopify's APIs

When you install and use Latch, we access Shopify data only as needed to provide the app:

  • Shop and session data — We store your shop domain and OAuth session information so you can stay logged in and we can communicate with Shopify on your behalf.
  • Product and theme data — We use product and theme-related APIs to support the Latch theme block and app proxy (e.g. serving locked content on your storefront). We do not store copies of your product or theme content beyond what is needed to display locked content when a visitor has the password.
  • App configuration — We store the locks you create (names, hashed passwords, and the content or references you configure) so the app and your storefront can enforce access correctly.

We do not collect or store your customers’ personal data (e.g. names, emails, order history). Latch does not use customer or order scopes for tracking or analytics.

1.2 Information from merchants

  • Account and contact — Your shop domain and any contact or support details you provide (e.g. when you email us).
  • Lock content — The lock names, passwords (stored in hashed form), and the HTML or snippet references you set for each lock.

We do not collect information directly from your store visitors (e.g. no cookies or tracking on their devices for Latch). Password entry on the storefront is used only to unlock content for that session and is not stored by us for analytics or profiling.

1.3 Automated logs

We may log technical data (e.g. request logs, errors) to operate and secure the service. These logs may include shop domain and timestamps but are not used to build profiles of merchants or visitors.

2. How we use the information

We use the information we collect to:

  • Provide, maintain, and improve Latch (e.g. authentication, lock management, theme block and app proxy).
  • Respond to support requests and comply with applicable law.
  • Fulfill data subject requests via Shopify’s mandatory compliance webhooks (e.g. data request, redaction).

We do not sell your data or your customers’ data. We do not use your data for advertising or marketing unrelated to the app.

3. Data retention

  • Session and shop data — Retained while the app is installed. After uninstall, we respond to Shopify’s shop/redact webhook and delete or redact data associated with your shop as required.
  • Lock configuration — Retained until you delete a lock or uninstall the app; we then delete or redact in line with our compliance webhook handling.
  • Logs — Retained only as long as needed for operations and security, then removed or anonymized.

4. Data location and transfers

Our systems may store and process data in regions where our infrastructure operates. If you are in the European Economic Area, United Kingdom, or another regulated region, we apply appropriate safeguards where required by law for any such transfers.

5. Your rights and Shopify compliance

  • You can request access, correction, or deletion of your data by contacting us (see below).
  • We implement Shopify’s mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact) and respond as required. Because we do not store customer personal data, customer data request and redaction responses are limited to what we hold (e.g. shop/session and lock data as applicable).

6. Security

We use industry-standard measures (including HTTPS, hashed passwords, and secure session handling) to protect the data we process. You are responsible for keeping your Shopify admin access and any app passwords secure.

7. Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top will change when we do. Continued use of Latch after changes constitutes acceptance of the updated policy.

8. Contact

For privacy-related questions or to exercise your rights, contact us at [email protected].