Privacy Policy
1. Introduction
Histora ("we", "us", or "our") is a Shopify application operated by Slate Apps Ltd (Company No. 06898498), registered at Unit 6, Fosters Business Park, Old School Road, Hook, Hampshire, RG27 9NY, United Kingdom.
Histora helps Shopify merchants track product changes, maintain audit histories, back up product media, edit products, and comply with EU Omnibus pricing regulations. This Privacy Policy explains what data we collect, why we collect it, and how we protect it. By installing or using Histora, you agree to the practices described below.
2. Data We Collect
2.1 Store Information
When you install Histora, we receive and store basic information about your Shopify store, including your store name, domain, email address, store owner name, country, currency, Shopify plan, and timezone. This data is provided by Shopify as part of the standard app installation process.
2.2 Product, Variant, and Media Data
Histora's core function is tracking changes to your products. We receive and store snapshots of your product data each time a change occurs, including:
- Product details: title, description, status, vendor, product type, tags, SEO title and description, handle, and template suffix.
- Variant details: price, compare-at price, cost, SKU, barcode, weight, inventory policy, tax settings, and option values.
- Media details: image URLs, alt text, media type, and file metadata.
- Price list and market data: prices across different markets and currencies, and configuration changes to price lists and markets.
If you enable media tracking, we also download and store backup copies of product image previews and thumbnails so you can view historical versions of your product media even after the original has been changed or removed from Shopify.
2.3 Staff Attribution Data
To show which team member made each product change, Histora collects limited information about the Shopify staff users who access the app. This includes first name, last name, email address, locale, and whether the user is the account owner or a collaborator. This data is obtained through Shopify's standard token exchange mechanism when a staff member opens the app.
2.4 Shopify Event Data
When enabled, Histora retrieves events from Shopify's Events API to enrich change attribution. These events record which user or app triggered a product change within Shopify, and are used solely to provide more accurate attribution in your audit history.
2.5 Support Requests
If you submit a support request through the app, we collect the email address you provide, your message, and any file attachment you include. This data is used solely to respond to your enquiry.
2.6 Billing and Subscription Data
We track your subscription status, billing period, and usage metrics to manage your plan and charges. All payment processing is handled by Shopify through their standard billing APIs. We do not collect or store any payment card details.
3. How We Use Your Data
We use the data we collect for the following purposes:
- To provide our core service: recording product, variant, media, and pricing changes as an audit history for your store.
- To attribute changes to the staff member or app that made them, so you know who changed what and when.
- To back up product media so you can view historical images even after they have been changed or deleted in Shopify.
- To enable product editing from within the Histora interface, writing your changes back to Shopify on your behalf.
- To compute and display EU Omnibus lowest-price compliance data on your storefront, including writing price metafields to your Shopify store.
- To generate reports and CSV exports of your product change history.
- To manage your subscription, calculate usage-based charges, and process billing through Shopify.
- To respond to support requests you submit through the app.
- To monitor and fix errors in the application so we can maintain service reliability.
We do not use your data for advertising, profiling, or any purpose unrelated to delivering and improving the Histora service.
4. Data We Write Back to Your Store
Histora is not read-only. With your authorisation, it writes data back to your Shopify store in the following situations:
- Product edits: when you use Histora's editing features (via the embedded app or admin block extensions), your changes are written directly to Shopify.
- EU Omnibus compliance: Histora writes lowest-price data as product metafields so the information can be displayed on your storefront theme.
- App settings: Histora stores configuration data (such as display preferences and editable field lists) as shop-level metafields.
These write operations use the Shopify OAuth scopes you grant during installation. You can review the permissions Histora has at any time in your Shopify admin under Settings > Apps and sales channels.
5. Third-Party Services
We share data with a limited number of trusted third-party services that help us operate Histora. We do not sell your data to any third party.
5.1 Gadget (Hosting and Infrastructure)
Histora is built on and hosted by Gadget (gadget.dev), a full-stack application platform. Your data is stored in Gadget-managed databases and file storage, which run on Google Cloud infrastructure. Gadget processes your data solely to provide hosting services to Histora.
5.2 Shopify
As a Shopify app, Histora communicates with Shopify's APIs to receive webhooks, sync product data, write changes, and process billing. Shopify's own privacy policy governs how Shopify handles your data. All subscription charges are processed through Shopify's standard billing APIs.
5.3 Mantle (Billing Management)
We use Mantle (heymantle.com) to manage subscription plans and usage-based billing. Mantle receives your store name, domain, email, country, currency, Shopify plan name, and feature usage data. Mantle operates on top of Shopify's Billing APIs, meaning all actual charges are still processed and authorised through Shopify. Mantle does not independently charge your payment method.
5.4 Sentry (Error Monitoring)
We use Sentry (sentry.io) to monitor application errors and maintain service reliability. When an error occurs, Sentry may receive technical data such as error messages, stack traces, and request context. This data is used solely for diagnosing and resolving issues.
6. Data Retention
Your audit log history (product, variant, media, and pricing changes) is retained according to a configurable retention period which you can adjust in the app's settings. Expired records are automatically deleted on a rolling basis.
If you uninstall Histora, your data is retained for a limited grace period to allow for reinstallation, after which it is permanently deleted by an automated cleanup process.
Support request data is retained for as long as necessary to resolve your enquiry and for our internal records.
7. Data Security
- All data is transmitted over HTTPS with TLS encryption.
- Our hosting infrastructure (Gadget on Google Cloud) provides enterprise-grade security, including encryption at rest and in transit.
- Access to your data is restricted to authenticated Shopify store staff with appropriate permissions.
- Multi-tenant isolation ensures each store's data is separated and inaccessible to other stores.
- Sensitive file storage (media backups, support attachments, exports) is not publicly accessible and requires authentication.
8. Your Rights
Depending on your location, you may have certain rights regarding your personal data under applicable laws such as the UK GDPR, EU GDPR, or the California Consumer Privacy Act (CCPA). These may include the right to access the personal data we hold, request correction of inaccuracies, request deletion, export your data in a portable format (Histora provides CSV export), and object to or restrict certain processing.
To exercise any of these rights, contact us via our contact page. We will respond to valid requests within the timeframes required by applicable law. Additionally, Histora processes Shopify's mandatory GDPR webhooks (customer data requests, customer data erasure, and shop data erasure) in compliance with Shopify's requirements for all apps.
9. Cookies and Tracking
Histora operates as an embedded Shopify application and does not place its own cookies on your browser. Session management is handled by Shopify's standard authentication framework. Our billing partner Mantle includes a lightweight analytics script within the app to track installation attribution. This script does not track your browsing activity outside the app.
10. Children's Privacy
Histora is a business tool for Shopify merchants and is not directed at children under the age of 16. We do not knowingly collect personal data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, features, or legal requirements. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of Histora after any changes constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions or concerns about this Privacy Policy, or wish to exercise your data rights, please contact us via our contact page.
- Operator: Slate Apps Ltd (Company No. 06898498)
- Address: Unit 6, Fosters Business Park, Old School Road, Hook, Hampshire, RG27 9NY, United Kingdom
- Website: https://askslate.com
