Privacy Policy

Broken Link Fixer

Last Updated: November, 2025

Effective Date: November, 2025

Introduction

This Privacy Policy describes how Broken Link Fixer ("we", "us", or "our") collects, uses, stores, and protects information when you use our Shopify application (the "App"). We are committed to protecting your privacy and being transparent about our data practices.

By installing and using Broken Link Fixer, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

Shop Information

When you install our App, we collect basic information about your Shopify store through Shopify's authentication system:

  • Store Domain: Your myshopify.com domain or custom domain
  • Shop Identifier: A unique identifier for your store
  • Store Owner Information: Name and email (provided by Shopify for communication and support)
  • Installation Date: When you installed the App
  • Subscription Information: Your current plan tier and billing status

404 Error Data

The core function of our App is to track 404 errors (broken links) on your storefront. We collect the following anonymous data when a visitor encounters a 404 error:

  • URL Path: The path of the page that returned a 404 error (e.g., "/products/old-product-name")
  • Full URL: The complete URL including query parameters (when available)
  • Referrer URL: The webpage URL that directed the visitor to the 404 page
  • User Agent: Browser type, version, and device information (e.g., "Chrome 120.0 on Windows")
  • Timestamp: The date and time when the 404 error occurred
  • Hit Count: The number of times this specific 404 error has been encountered
  • Viewport Information: Screen width and height dimensions (for analytics)
  • Language: Browser language preference
  • Platform: Operating system information

We do NOT collect:

  • Customer names, email addresses, or phone numbers
  • Customer IDs or account information
  • IP addresses (not permanently stored)
  • Payment information
  • Shopping cart contents
  • Personal identification information (PII) of your store visitors

Usage Data

We collect information about how you use the App:

  • Feature Usage: Which features you access (dashboard, analytics, export, etc.)
  • Subscription Tier: Your current plan (Basic, Advanced, or Ultimate)
  • API Requests: Count of 404 tracking events and API calls
  • Session Data: Authentication tokens and session information (managed by Shopify)

User-Created Content

We store data you create within the App:

  • Status Markings: When you mark 404 entries as "resolved", "active", or "ignored"
  • Filter Preferences: Your saved dashboard filters and display settings
  • Redirects: Redirect rules you create (these are stored in your Shopify store, not in our database)

How We Use Your Information

We use the collected information for the following purposes:

Core Functionality

  • Track 404 errors on your storefront in real-time
  • Display analytics, trends, and statistics about broken links
  • Provide dashboards and reporting tools
  • Generate CSV exports of your 404 data
  • Help you identify and fix broken links on your store

App Improvement

  • Analyze usage patterns to improve features and user experience
  • Identify and fix bugs and technical issues
  • Develop new features based on merchant needs and feedback
  • Optimize performance and reliability

Customer Support

  • Respond to your support inquiries and questions
  • Troubleshoot technical issues
  • Provide installation and usage guidance
  • Communicate important updates and changes

Billing and Subscription Management

  • Process subscription payments through Shopify's billing system
  • Track usage against your plan's monthly limits
  • Send billing notifications and renewal reminders
  • Manage plan upgrades, downgrades, and cancellations

Security and Fraud Prevention

  • Detect and filter out bot traffic and automated crawlers
  • Identify and ignore malicious probe attempts (honeypot paths)
  • Protect against abuse and unauthorized access
  • Ensure data integrity and system security
  • Implement rate limiting to prevent API abuse

Compliance

  • Comply with legal obligations and regulatory requirements
  • Respond to valid legal requests and court orders
  • Enforce our Terms of Service
  • Protect our rights and property

How We Store Your Information

Data Storage

  • Location: Our database is hosted on secure cloud infrastructure (PostgreSQL database on Fly.io or similar provider)
  • Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
  • Access Control: Strict access controls and authentication limit who can view your data
  • Backups: Regular automated backups ensure data durability and recovery
  • Security: Industry-standard security measures protect against unauthorized access

Data Retention

Your 404 error data is retained according to your subscription plan:

  • Basic Plan: Data retained for 90 days
  • Advanced Plan: Data retained for 1 year
  • Ultimate Plan: Data retained for 1 year

After the retention period expires, data is automatically and permanently deleted from our systems.

Other Data:

  • Shop information: Retained while the App is installed
  • Usage statistics: Retained for 1 year for analytics purposes
  • Session data: Retained for 30 days or until you log out
  • Redirects: Stored in your Shopify store (not in our database)

Data Deletion

You can request deletion of your data at any time:

  • App Uninstallation: All shop data is automatically deleted within 48 hours of uninstalling the App (via Shopify's shop/redact webhook)
  • Manual Deletion: Contact support for immediate data deletion
  • GDPR/CCPA Requests: We honor all valid privacy law requests promptly
  • Export Before Deletion: You can export your data as CSV before deletion

Data Sharing and Third-Party Services

We use the following third-party services to operate the App:

ServicePurposePrivacy Policy / Notes
ShopifyApp platform, authentication, billing, API access, redirect management. Data shared: store information, authentication tokens, subscription data.shopify.com/legal/privacy — Platform provider and payment processor.
Cloud Hosting (e.g., Fly.io, AWS)Database and application hosting. All collected data is stored on their infrastructure.SOC 2 certified, GDPR compliant. Data stored securely; not accessible to the hosting provider.
Email Service Provider (if applicable)Support communications and transactional emails. Data shared: your email and support messages.Gmail, SendGrid, Mailgun, or similar.

We do not:

  • Sell your data to third parties
  • Rent or lease your data
  • Share your data with marketing companies
  • Use your data for advertising purposes
  • Share your data with data brokers

Your Privacy Rights

Depending on your location, you may have the following rights:

Right to Access

You can request a copy of all data we have about your store at any time.

Right to Deletion

You can request deletion of your data at any time (subject to legal retention requirements).

Right to Correction

You can update or correct inaccurate information through the App or by contacting support.

Right to Portability

You can export your 404 data as CSV at any time from within the App's dashboard.

Right to Object

You can object to certain processing activities (e.g., marketing emails) by contacting us.

Right to Restriction

You can request we restrict processing in certain circumstances.

To exercise any of these rights, contact us at: support@spectreapps.io

We will respond to your request within 30 days (or as required by applicable law).

GDPR Compliance (EU Merchants)

If you are located in the European Economic Area (EEA), we comply with GDPR requirements:

  • Legal Basis: Our legal basis for processing is "Legitimate Interest" (providing the App's core functionality) and "Contractual Necessity" (fulfilling our service agreement)
  • Data Controller: You are the data controller of the 404 error data collected from your store visitors; we are the data processor
  • Data Protection Officer: Contact us at support@spectreapps.io for GDPR-related inquiries
  • Data Transfers: We use EU-US Privacy Framework compliant providers and Standard Contractual Clauses (SCCs) where applicable
  • Breach Notification: We will notify you within 72 hours of any data breach that affects your data
  • Data Processing Agreement: We act as a Data Processor on your behalf and process data only per your instructions

CCPA Compliance (California Residents)

If you are a California resident, you have additional rights under CCPA:

  • Right to Know: You can request to know what categories of data we collect and how we use it
  • Right to Delete: You can request deletion of your data
  • Right to Opt-Out: We do not sell your data, so no opt-out is needed
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: TLS/HTTPS encryption for all data in transit, encryption at rest for stored data
  • Access Controls: Multi-factor authentication, role-based access controls, and principle of least privilege
  • Monitoring: 24/7 security monitoring, logging, and intrusion detection
  • Audits: Regular security audits and vulnerability scans
  • Incident Response: Documented incident response procedures and breach notification protocols
  • Rate Limiting: API rate limiting to prevent abuse and DoS attacks
  • Bot Filtering: Automated filtering of bot traffic and malicious requests

However, no method of transmission or storage is 100% secure. While we implement strong security measures, we cannot guarantee absolute security.

Cookies and Tracking

Our App does NOT use cookies on your storefront. We only use:

  • Shopify Session Tokens: For authentication within the Shopify admin interface (managed by Shopify)
  • Local Storage: The theme app extension uses browser localStorage to generate anonymous session IDs for tracking 404 events (stored locally on the visitor's device, not sent to our servers)

The theme app extension uses a simple JavaScript snippet to track 404 errors via an API call. No cookies, persistent tracking mechanisms, or third-party tracking scripts are used on your storefront.

Children's Privacy

Our App is not intended for use by anyone under the age of 18. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately at support@spectreapps.io.

International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): For EU data transfers to countries without adequate protection
  • Privacy Framework: We use Privacy Shield compliant providers where applicable
  • Adequacy Decisions: We transfer data to countries with adequate data protection laws
  • Security Measures: All data transfers are encrypted and secured

Shopify Compliance Webhooks

We have implemented Shopify's mandatory compliance webhooks:

Customer Data Request (customers/data_request)

If a customer requests their data from your store, we will provide all 404 data associated with that customer (if identifiable). Note: Since we collect anonymous data only, we typically have no customer-specific data to provide.

Customer Redact (customers/redact)

If a customer requests deletion, we will delete all associated 404 data within 30 days. Note: Since we don't store customer IDs, there is typically no customer-specific data to delete.

Shop Redact (shop/redact)

When you uninstall the App, we will delete ALL shop data within 48 hours (or immediately upon request). This includes all 404 routes, usage data, and shop information.

Your Store Visitors

Important: This Privacy Policy covers our relationship with you (the merchant). You are responsible for providing a privacy policy to your store visitors that covers:

  • That you use third-party apps to track 404 errors and broken links
  • What data the app collects (404 paths, referrers, user agents, viewport information)
  • That the data collection is anonymous and does not include personal information
  • How visitors can exercise their privacy rights (through you, as the data controller)

We recommend adding a clause to your store's privacy policy mentioning that you use error tracking tools to identify and fix broken links. Since we collect anonymous data only (no PII), this is typically a minor addition to your existing privacy policy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

  • Updates: Changes will be posted on this page with an updated "Last Updated" date
  • Material Changes: We will notify you via email or in-app notification for significant changes that affect your rights or how we use your data
  • Your Continued Use: Continued use of the App after changes constitutes acceptance of the updated Privacy Policy
  • Review: We encourage you to review this Privacy Policy periodically

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: support@spectreapps.io
Response Time: We will respond within 48 hours (usually faster)

For GDPR-related inquiries or Data Processing Agreement requests, please contact us at the email address above.

Data Processing Addendum

For GDPR-compliant merchants, we act as a Data Processor on your behalf. You are the Data Controller of the 404 error data collected from your store visitors.

Our Responsibilities as Processor

  • Process data only per your instructions (as outlined in this Privacy Policy)
  • Implement appropriate technical and organizational security measures
  • Assist with GDPR compliance (Data Subject Access Requests, Data Protection Impact Assessments)
  • Notify you of any data breaches that affect your data
  • Delete data upon request or when the App is uninstalled
  • Maintain records of processing activities

Your Responsibilities as Controller

  • Provide a privacy notice to your store visitors
  • Obtain necessary consent if required by applicable law
  • Respond to visitor data subject requests
  • Maintain records of processing activities
  • Ensure you have a lawful basis for processing visitor data

If you require a formal Data Processing Agreement (DPA), please contact us at support@spectreapps.io.

Summary

In simple terms, here's what this Privacy Policy means:

What We Collect

  • Anonymous 404 error data (broken link paths, referrers, browser info)
  • Your shop information (for account management)
  • How you use the App (for improvements)

What We Don't Collect

  • Customer names, emails, or personal information
  • IP addresses (permanently stored)
  • Payment information
  • Shopping behavior data

How We Use It

  • To help you find and fix broken links on your store
  • To provide analytics and reporting
  • To improve the App
  • To process your subscription

How We Protect It

  • Encrypted storage and transmission
  • Strict access controls
  • Regular security audits
  • Compliance with privacy laws

Your Rights

  • Access your data
  • Export your data (CSV)
  • Delete your data
  • Request corrections

We don't sell your data. We don't share it with marketers. We only use it to provide the App's core functionality: helping you identify and fix broken links on your Shopify store.

© 2025 Broken Link Fixer. All rights reserved.

For questions or concerns, contact us at: support@spectreapps.io