Privacy Policy — ViewForge: YMM Search & Filter
Last updated: February 19, 2026
ViewForge: YMM Search & Filter (“the App”) is developed by CunningOrb (“we”, “us”, “our”). This policy describes what data the App accesses, how it is used, and your rights regarding that data.
What data we collect
Merchant data (Shopify admin users)
When you install the App, Shopify provides us with:
- Shop domain and access tokens — required to authenticate API requests on your behalf.
- Admin user name and email — provided by Shopify’s OAuth flow for session management.
This data is stored in an encrypted database and used solely to operate the App within your Shopify admin.
Fitment data (product-level)
All fitment records — templates, taxonomy nodes, and entity assignments — are stored as Shopify metaobjects and metafields within your Shopify store. We do not copy or transmit this data to external servers. You retain full ownership and can delete it at any time through the Shopify admin.
Storefront visitor data
The App’s theme extension stores vehicle selections and garage entries in the visitor’s browser localStorage. This data:
- Never leaves the visitor’s browser.
- Is not transmitted to our servers or any third party.
- Can be cleared by the visitor at any time through their browser settings.
What we do NOT collect
- Customer personal information (names, emails, addresses, payment details).
- Analytics, tracking pixels, or behavioral data.
- Cookies.
How we use data
| Data | Purpose |
|---|---|
| Shop domain and access tokens | Authenticate Shopify API calls, manage your fitment configuration |
| Admin user session info | Maintain your logged-in session within the embedded app |
| Fitment metaobjects/metafields | Provide fitment search, filtering, and garage functionality on your storefront |
| Browser localStorage | Remember the visitor’s vehicle selection and garage between page loads |
Third-party services
The App does not share data with any third-party services. All API communication occurs directly between the App and Shopify’s APIs.
Data retention and deletion
- Session data is retained while the App is installed. When the App is uninstalled or a shop redact request is received from Shopify, all session records for that shop are deleted.
- Fitment data (metaobjects and metafields) persists in your Shopify store. Uninstalling the App does not delete this data — you can remove it through the Shopify admin if desired.
- Theme extension blocks are automatically removed by Shopify when the App is uninstalled.
- Browser localStorage persists on the visitor’s device until they clear it. It is not affected by App installation or removal.
GDPR compliance
The App responds to all mandatory Shopify GDPR webhooks:
- Customer data request — The App stores no customer personal data, so no data is returned.
- Customer redact — No customer data to delete; the request is acknowledged.
- Shop redact — Session records for the shop are deleted.
Your rights
You may request access to, correction of, or deletion of any data we hold about your store by contacting us. Since all fitment data lives in your Shopify store, you have direct control over it at all times.
Changes to this policy
We may update this policy to reflect changes in the App’s functionality. The “Last updated” date at the top will be revised accordingly.
Contact
For privacy questions or data requests, contact us at:
Email: info@normalview.pro