Privacy Policy
Spectre Form Builder
Last Updated: January 29, 2026
Overview
Spectre Form Builder ("we," "our," or "the app") is a Shopify application that helps merchants create and manage forms for their online stores. This privacy policy explains what data we collect, why we collect it, how we use it, and your rights regarding your data.
We believe in being straightforward: we only collect data that's necessary to make the app work, and we don't sell your data to anyone.
Who This Policy Applies To
This policy covers two groups:
- Merchants – Shopify store owners who install and use Spectre Form Builder
- End Users – Customers who submit forms on merchants' stores
Data We Collect
From Merchants
| Data | Why We Collect It |
|---|---|
| Shopify store domain | Identify your store and scope your data |
| Shop locale settings | Enable multi-language form support |
| OAuth session tokens | Authenticate your access to the app |
| Subscription status | Determine which features you can access |
From End Users (Form Submissions)
When someone submits a form on a merchant's store, we collect:
| Data | Why We Collect It |
|---|---|
| Form responses | This is the content the user chose to submit |
| Email address (if provided) | Part of form submission; used for notifications |
| IP address | Analytics (conversion tracking, geographic insights) |
| User agent (browser/device info) | Analytics (device breakdown, troubleshooting) |
| Timestamp | Record when the submission occurred |
| Page URL | Track which page the form was embedded on |
| Referrer URL | Understand where traffic comes from |
| Locale/language | Display forms in the correct language |
| Uploaded files (images only) | Store files the user attaches to their submission |
Interaction Data (Analytics)
To help merchants understand how their forms perform, we track:
- Form views (someone saw the form)
- Form interactions (started filling out, focused on fields, changed steps)
- Completion time
- Step abandonment (for multi-step forms)
- Device type and browser
This data is aggregated to show conversion rates and identify where users drop off. We don't use this data for advertising or sell it to third parties.
How We Use Your Data
For Merchants
- Display and manage your forms
- Store and retrieve form submissions
- Send email notifications when forms are submitted
- Calculate analytics (views, submissions, conversion rates)
- Sync submissions to integrations you configure (Google Sheets, Klaviyo, etc.)
- Enforce subscription limits (forms, submissions, storage)
For End Users
- Process and store the form submission
- Deliver the submission to the merchant
- Send the submission to integrations the merchant has configured
- Generate anonymized analytics for the merchant
We do not:
- Sell data to advertisers
- Build profiles of end users across different stores
- Use end user data for our own marketing
- Share data with third parties except as described in this policy
Third-Party Services
We use the following services to operate the app:
| Service | Purpose | Their Privacy Policy |
|---|---|---|
| Shopify | Platform, authentication, billing | shopify.com/legal/privacy |
| AWS S3 | File storage for uploads | aws.amazon.com/privacy |
| Google reCAPTCHA | Spam protection (when enabled by merchant) | policies.google.com/privacy |
| Resend | Email delivery for notifications | resend.com/legal/privacy-policy |
Merchant-Configured Integrations
Merchants can optionally connect their forms to third-party services. When enabled, submission data is sent to these services according to the merchant's configuration:
- Google Sheets
- Klaviyo
- MailChimp
- HubSpot
- Zapier
- Custom webhooks
- Shopify Flow
End users should review the privacy policy of the specific store they're submitting forms to. Merchants are responsible for disclosing their use of these integrations to their customers.
Data Storage and Security
Where Data Is Stored
- Database: Application data is stored in our database infrastructure
- File uploads: Stored in AWS S3 with server-side encryption
- Backups: Encrypted backups are maintained for disaster recovery
Security Measures
- Shop-scoped data isolation (merchants can only access their own data)
- Signed URLs for secure file access
- Server-side validation on all submissions
- reCAPTCHA integration for spam protection
- API key authentication for webhooks
- File type and size validation
Data Retention
- Form submissions: Retained until the merchant deletes them or uninstalls the app
- Uploaded files: Retained until the merchant deletes them or uninstalls the app
- Analytics data: Retained for the lifetime of the form
- Session data: Expires according to Shopify's session management
Your Rights
For Merchants (GDPR and Similar Laws)
You have the right to:
- Access your data (export submissions as CSV or JSON)
- Delete your data (delete individual submissions or entire forms)
- Portability (export your data in standard formats)
- Uninstall the app at any time, which initiates data deletion
For End Users
If you submitted a form on a Shopify store and want to:
- Access your submission data
- Correct inaccurate information
- Delete your submission
Please contact the merchant (store owner) directly. They control the data and can fulfill your request. We provide merchants with tools to search, view, and delete submissions.
If you cannot reach the merchant or they are unresponsive, contact us at the address below and we will assist.
GDPR Compliance
We support Shopify's GDPR webhooks:
| Webhook | What It Does |
|---|---|
| Customer data request | Provides merchants with customer data for GDPR requests |
| Customer redaction | Deletes customer data when requested |
| Shop redaction | Deletes all shop data when a merchant uninstalls |
When a merchant uninstalls the app, we receive a shop redaction webhook from Shopify and delete all associated data (forms, submissions, uploads, analytics).
Children's Privacy
Spectre Form Builder is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has submitted personal information through a form, contact the merchant or us to have it removed.
Changes to This Policy
We may update this privacy policy from time to time. When we make significant changes:
- We'll update the "Last Updated" date at the top
- For material changes, we'll notify merchants through the app or via Shopify
Continued use of the app after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this privacy policy or how we handle data:
Email: your-email@example.com
For end users: Please contact the merchant (store owner) first regarding their use of your data. If you need to reach us directly, use the email above.
Summary
| Question | Answer |
|---|---|
| Do you sell my data? | No |
| Do you use data for advertising? | No |
| Can I export my data? | Yes (CSV or JSON) |
| Can I delete my data? | Yes |
| What happens when I uninstall? | All your data is deleted |
| Where is data stored? | Secure cloud infrastructure (AWS) |
| Is data encrypted? | Yes (at rest and in transit) |
| Do you track users across stores? | No |