Legal

Privacy Policy

How CruxTab collects, uses, processes, discloses, safeguards, and retains information when you install, access, or use the Form Builder app on Shopify.

Last updated: April 17, 2026

CruxTab ("we," "us," "our," or "CruxTab") operates the Form Builder application ("App," "Service," or "Form Builder") for the Shopify platform. This Privacy Policy ("Policy") describes in detail how we collect, use, process, disclose, safeguard, and retain information when you install, access, or use our App, as well as the rights and choices available to you regarding your information.

This Policy applies to all users of the App, including Shopify merchants who install the App ("Merchants," "you," or "your") and the end users or customers who interact with forms created through the App on merchant storefronts ("End Users" or "Customers").

By installing, accessing, or using the App, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of information as described in this Privacy Policy. If you do not agree with any part of this Policy, please uninstall the App and discontinue use of the Service.

1. Scope of this policy

This Privacy Policy governs:

  • Information collected from Merchants who install and configure the App on their Shopify stores.
  • Information collected from End Users who submit forms created using the App on Merchant storefronts.
  • Information exchanged between the App and the Shopify platform through authorized API access.
  • Any additional information voluntarily provided to us through support requests, feedback, or other communications.

This Policy does not apply to:

  • The Shopify platform itself, which is governed by Shopify's own privacy policy.
  • Third-party services, applications, or websites that you may connect or integrate with the App, each of which has its own privacy practices.
  • Any data handling performed by Merchants outside of the App after they export or download information collected through the Service.

2. Information we collect

We collect information in several ways, as described below.

2.1 Information received from Shopify

When you install and authorize the App on your Shopify store, we receive the following information through Shopify's authorized interfaces:

  • Store information: Your Shopify store domain, store name, store identifier, primary currency, time zone, and general store configuration relevant to the App's functionality.
  • Merchant account details: The name, email address, language preference, and locale of the store owner and any staff members who install, configure, or access the App.
  • Session and authentication data: Access tokens, session identifiers, and credentials required to authenticate your session and keep the App connected to your Shopify store.
  • Customer data: Limited customer information as permitted by the access scopes granted during installation, used solely to associate form submissions with existing customer records, personalize form experiences, and provide features that require customer context.
  • Shop metadata: Store plan information, installation and uninstallation events, and other operational data necessary for billing, support, and compliance.

2.2 Information you provide directly

  • Form configurations: Form names, descriptions, field definitions and validations, multi-step layouts, styling settings, conditional logic, email notification configurations, integration settings, and publishing preferences.
  • Templates and saved content: Custom form templates, field presets, or reusable content you save within the App.
  • Account preferences: Display settings, notification preferences, and other personalization choices.
  • Support communications: Content of messages, attachments, and contact details you share when you reach out.
  • Feedback and survey responses: Optional information you choose to share to help us improve the App.

2.3 Information collected from End Users (your customers)

  • Form submission data: Any information End Users enter into the form fields you have configured — names, emails, phone numbers, addresses, message content, preferences, feedback, and similar data you choose to collect.
  • File uploads: Files, documents, images, or other attachments submitted through file upload fields.
  • Submission metadata: Date and time of submission, the URL from which the form was submitted, basic browser and device information, and general network origin for security and abuse-prevention purposes.
  • Interaction data: Limited information about how End Users interact with forms (started, abandoned, submitted) to help Merchants understand form performance.

Important: You, as the Merchant, are the controller of the personal information submitted through your forms. You are responsible for determining what information to collect, ensuring that your forms comply with applicable privacy laws (including obtaining required consents), providing privacy notices to your customers, and honoring privacy rights your customers assert. We strongly recommend collecting only the information you genuinely need.

2.4 Information collected automatically

  • Usage data: Pages and features accessed within the App, actions taken, errors encountered, and time spent on features.
  • Technical information: Browser type and version, operating system, screen resolution, and general device characteristics.
  • Log information: Access logs and diagnostic information used for security, troubleshooting, and improvement.

2.5 Information we do not collect

  • We do not collect payment card numbers or financial account information — payment processing on your store is handled by Shopify and its payment providers.
  • We do not collect government-issued identification numbers unless you specifically configure a form to request them (in which case you are responsible for compliance).
  • We do not collect biometric data.
  • We do not collect information about End Users beyond what they voluntarily submit through your forms.

3. How we use your information

3.1 To provide and operate the App

  • Authenticating your session and maintaining a secure connection to your Shopify store.
  • Saving, loading, displaying, and editing your forms and related configurations.
  • Storing form submissions and making them available for you to view, export, and manage.
  • Processing and storing file uploads submitted through your forms.
  • Delivering email notifications according to your configured settings.
  • Enabling integrations you set up with third-party services.

3.2 To communicate with you

  • Responding to your support requests, questions, and feedback.
  • Sending service-related notices, updates, and security alerts.
  • Notifying you of planned maintenance or service interruptions.
  • Informing you about new features (you can opt out of non-essential communications at any time).

3.3 To improve and develop the App

  • Analyzing aggregated usage patterns to identify improvement opportunities.
  • Diagnosing technical issues, debugging errors, and improving reliability.
  • Researching and developing new features, enhancements, and integrations.
  • Conducting internal testing and quality assurance.

3.4 To protect the App and our users

  • Detecting, preventing, and responding to fraud, abuse, spam, and security incidents.
  • Monitoring for unusual or suspicious activity.
  • Enforcing our Terms of Service and other agreements.

3.5 To comply with legal obligations

  • Meeting our obligations under applicable laws and regulations.
  • Responding to lawful requests from public authorities.
  • Protecting our rights, property, and safety, and those of our users and the public.

3.6 What we do not do

We do not:

  • Sell, rent, or trade your personal information or your customers' data to third parties.
  • Use your data or your customers' data for advertising or marketing purposes unrelated to the App.
  • Share form submission data with other merchants or unrelated third parties.
  • Access your form submissions for any purpose other than providing and improving the Service, responding to support, or complying with legal obligations.
  • Train artificial intelligence or machine learning models on your form submission data without your explicit consent.

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on:

  • Performance of a contract: To provide the App and fulfill our obligations under our Terms of Service.
  • Legitimate interests: To improve the App, ensure security, prevent fraud, and communicate with you, provided these interests are not overridden by your rights.
  • Consent: Where you have given explicit consent for specific processing activities (you may withdraw consent at any time).
  • Legal obligation: To comply with applicable laws and regulations.

For form submissions collected by Merchants through the App, the Merchant is the data controller and is responsible for establishing the appropriate legal basis for processing.

5. Data storage and security

5.1 Storage practices

Your data is stored securely using industry-standard cloud infrastructure with appropriate safeguards. We use separate, access-controlled systems for different types of data, including structured records (such as form configurations and submissions) and file attachments.

5.2 Security measures

  • Encryption in transit: All data transmitted between your browser, our servers, and Shopify is encrypted using industry-standard secure transport protocols.
  • Encryption at rest: Sensitive data is encrypted when stored.
  • Access controls: Access to production systems is restricted to authorized personnel under the principle of least privilege.
  • Authentication and authorization: Multi-factor authentication and strong password requirements for internal access.
  • Monitoring and logging: Continuous monitoring of systems for security events, with audit logs maintained for accountability.
  • Regular updates: Software and infrastructure components are kept current with security patches.
  • Secure development practices: Code is reviewed and tested for security issues as part of our development process.
  • Incident response: We maintain procedures to respond to security incidents and notify affected parties as required by law.

5.3 Your role in security

While we take data security seriously, no method of electronic transmission or storage is 100% secure. You play an important role by:

  • Using strong, unique passwords for your Shopify account.
  • Enabling two-factor authentication on your Shopify account.
  • Limiting access to your Shopify store to trusted staff members.
  • Promptly removing access for staff who no longer require it.
  • Notifying us immediately if you suspect unauthorized access to your account or the App.

6. Data sharing and disclosure

6.1 With Shopify

As an App built for the Shopify platform, the App exchanges information with Shopify as necessary to function, including authentication, loading store data, and displaying forms on your storefront. This exchange is governed by Shopify's platform requirements and terms.

6.2 With service providers

We work with trusted third-party service providers (cloud hosting, data storage, email delivery, error monitoring, customer support tools) who:

  • Have access only to the information necessary to perform their services.
  • Are contractually obligated to protect your data and use it only for the purposes we specify.
  • Are bound by confidentiality obligations.
  • Are selected based on their commitment to data protection and security.

6.3 With third-party integrations you configure

If you choose to configure integrations between the App and other services (email marketing, CRM, webhooks), we will transmit the relevant data to those services as directed by your configuration. Once data is transmitted to a third-party service, it is governed by that service's privacy policy.

6.4 For legal and safety reasons

We may disclose information if we believe in good faith that disclosure is necessary to:

  • Comply with a legal obligation, court order, subpoena, or other lawful governmental request.
  • Enforce our Terms of Service or other agreements.
  • Protect the rights, property, or safety of CruxTab, our users, or the public.
  • Detect, prevent, or address fraud, security, or technical issues.

6.5 In connection with a business transaction

If CruxTab is involved in a merger, acquisition, reorganization, sale of assets, financing, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and provide you with options regarding your data where required by law.

6.6 With your consent

We may share information in other ways if you give us specific consent to do so.

6.7 Aggregated or de-identified information

We may share aggregated or de-identified information (which cannot reasonably be used to identify you) with third parties for research, analytics, reporting, or business purposes.

7. Data retention

7.1 Retention periods

  • Merchant account data: Retained for as long as the App is installed on your store.
  • Form configurations: Retained for as long as the App is installed and the forms exist in your account.
  • Form submissions: Retained for as long as the App is installed, unless you delete them through the App.
  • File uploads: Retained alongside their associated form submissions until deleted by you or until the retention period following uninstallation expires.
  • Session and authentication data: Authentication sessions expire automatically and are cleaned up on a regular schedule.
  • Support communications: Retained for a reasonable period to enable ongoing support.
  • Log data: Retained for a limited period for security, troubleshooting, and compliance purposes.

7.2 Retention after uninstallation

  • Your data will be retained for up to 30 days to allow for reinstallation without loss of data.
  • After this grace period, your data will be permanently deleted from our active systems.
  • Residual copies may persist in backup systems for a limited additional period, after which they are also purged.
  • Certain information may be retained longer where required by law, for dispute resolution, or in aggregated or de-identified form.

7.3 Your deletion requests

You may request earlier deletion of your data at any time by contacting us at the email address provided below. We will honor such requests subject to any legal retention obligations.

8. Your rights and choices

8.1 Rights that may apply

  • Right to access: Request confirmation of whether we process your personal data and obtain a copy of that data.
  • Right to correction: Request correction of inaccurate or incomplete personal data.
  • Right to deletion: Request deletion of your personal data, subject to certain legal exceptions.
  • Right to restriction of processing: Request that we limit how we process your data in certain circumstances.
  • Right to data portability: Request a copy of your data in a structured, commonly used, machine-readable format.
  • Right to object: Object to certain processing activities, including processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time.
  • Right to lodge a complaint: File a complaint with a supervisory authority in your jurisdiction.

8.2 How to exercise your rights

To exercise any of these rights, please contact us at info@cruxtab.com. We may need to verify your identity before fulfilling your request, and we will respond within the time frames required by applicable law.

8.3 Rights of End Users

If you are an End User and you wish to exercise your rights regarding your submission data, please contact the Merchant directly, as they are the controller of your data. We will assist Merchants in responding to such requests as a data processor.

8.4 Your choices

  • Email communications: You may opt out of non-essential email communications by following the unsubscribe instructions or contacting us directly. Essential service-related communications cannot be opted out of while you continue to use the App.
  • Uninstallation: You may uninstall the App at any time through your Shopify admin, which will stop our collection of new data from your store (subject to the retention periods described above).

9. Third-party services and links

9.1 Shopify

The App operates within the Shopify platform and is subject to Shopify's Privacy Policy. We recommend reviewing Shopify's privacy practices.

9.2 Third-party integrations

The App may offer optional integrations with third-party services that you configure and authorize. When you enable such integrations, data may be shared with those third parties as necessary. These integrations are governed by the privacy policies of the respective services.

9.3 External links

Our communications or the App interface may contain links to external websites that are not operated by us. We are not responsible for the privacy practices or content of these sites.

10. Cookies and similar technologies

The App itself does not place tracking cookies on your customers' browsers for advertising or cross-site tracking. However:

  • Operational cookies: The App may use strictly necessary cookies to ensure forms function correctly (such as remembering a customer's progress through a multi-step form).
  • Shopify cookies: Because the App operates within Shopify, Shopify may place its own cookies, governed by Shopify's policies.
  • Admin interface: When you use the App's admin interface within your Shopify admin, session cookies are used to maintain your authenticated session.

You can typically control cookies through your browser settings, but disabling certain cookies may affect the App's functionality.

11. Children's privacy

The App is not directed to, and we do not knowingly collect personal information from, individuals under the age of 16 (or the equivalent minimum age in the relevant jurisdiction). If you are a Merchant, you are responsible for ensuring that your forms are not targeted to children and that any collection of children's data complies with applicable laws, such as COPPA in the United States.

If you become aware that a child has provided personal data through the App, please contact us at info@cruxtab.com, and we will take appropriate steps to delete such information.

12. International data transfers

The App and its supporting infrastructure may be operated in, and your information may be transferred to, processed in, or stored in, countries other than the one in which you reside. When we transfer personal data internationally, we take appropriate steps to ensure that your information receives an adequate level of protection, which may include:

  • Entering into standard contractual clauses approved by relevant authorities.
  • Ensuring that service providers and recipients adhere to recognized data protection frameworks.
  • Relying on other lawful transfer mechanisms as appropriate.

13. California privacy rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).
  • The right to request deletion of your personal information.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of personal information (not applicable, as we do not sell or share personal information as defined by these laws).
  • The right to limit the use of sensitive personal information.
  • The right to non-discrimination for exercising your privacy rights.

To exercise these rights, please contact us at info@cruxtab.com.

14. Other regional privacy notices

We comply with applicable privacy laws in the regions where we operate. If you are located in a jurisdiction with specific privacy regulations (such as the GDPR in the EEA, the UK GDPR, the LGPD in Brazil, or PIPEDA in Canada), you may have additional rights. Please contact us for more information about your specific rights and how to exercise them.

15. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • We will update the "Last Updated" date at the top of this Policy.
  • For material changes, we will take reasonable steps to notify you, such as by email, an in-App notice, or a prominent notice on our website.
  • Your continued use of the App after the effective date of the updated Policy constitutes your acceptance of the changes.

We encourage you to review this Policy periodically to stay informed about our data practices.

16. Contact us

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy, our data practices, or your personal information, please contact us at:

CruxTab
Email: info@cruxtab.com

We take your privacy seriously and will respond to your inquiries promptly. If you are not satisfied with our response, you have the right to contact your local data protection authority.

This Privacy Policy is provided to comply with Shopify App Store requirements and applicable data protection regulations. It should be read in conjunction with our Terms of Service.

Questions about your data?

We're happy to help clarify anything in this policy.

Email info@cruxtab.com