Privacy Policy

Last updated: March 6, 2026

1. Introduction

Hammer Forge Apps ("we," "us," or "our"), operated by Thrifties LLC, provides Shopify applications including LabLinks - COA Lab Report Link (the "App"). This Privacy Policy explains how we collect, use, and protect information when you use our App and website.

2. Information We Collect

2.1 Store Information

When you install our App, we collect:

  • Your Shopify store domain (e.g., yourstore.myshopify.com)
  • Store name and contact email
  • Product catalog data (product titles, IDs, images, variants) — read-only access
  • Theme information — read-only access for display functionality

2.2 Lab Test Data

Data you voluntarily upload and enter, including:

  • Lab test PDF documents and images
  • Lab test details (test date, expiration date, batch/lot numbers, lab name, status)
  • Custom field values associated with lab tests
  • Industry and template selections

2.3 Analytics Data (Business Plan)

If you use our analytics features, we collect anonymized interaction data:

  • Page views and clicks on lab test badges and popups
  • PDF download counts
  • QR code scan counts with a one-way hash of the scanner's IP address (used solely for duplicate scan detection — the original IP address is never stored)
  • No personally identifiable customer information is collected

2.4 Support Requests

When you contact us for support, we collect your name, email address, and message content.

3. How We Use Your Information

  • To provide and operate the App's core functionality
  • To display lab test information on your storefront as you configure
  • To provide customer support
  • To process billing through Shopify's billing system
  • To improve our App and develop new features

4. Data Storage & Security

Your data is stored securely in our database hosted on Supabase (built on PostgreSQL, hosted on AWS). We implement:

  • Row-level security (RLS) policies on all database tables
  • Encrypted connections (TLS/SSL) for all data transmission
  • Scoped access — each store can only access its own data
  • Uploaded files are stored in secure cloud storage with access controls

5. Data Sharing

We do not sell, rent, or trade your data to third parties.

We share data only with:

  • Supabase — our database and file storage provider
  • Shopify — as required for App functionality and billing
  • Resend — for transactional emails (support responses only)
  • Law enforcement — only when required by law

6. Data Retention & Deletion

We retain your data for as long as you have the App installed. When you uninstall the App:

  • We receive a webhook notification from Shopify
  • Your store data, lab tests, uploaded files, settings, QR codes, analytics events, and support requests are permanently deleted within 48 hours
  • No data is retained after deletion — all records associated with your store are fully removed from our systems

You may also delete individual lab tests, QR codes, and uploaded files at any time from within the App. You may request full data deletion by contacting us at support@hammerforgeapps.com.

7. GDPR Compliance

For merchants and customers in the European Economic Area:

  • We process data under the legal basis of contractual necessity and legitimate interest
  • You have the right to access, correct, or delete your data
  • You have the right to data portability
  • We respond to GDPR data subject access requests within 30 days

8. Shopify Customer Data

Our App has read-only access to product data only. We do not access, store, or process any customer personal information from your Shopify store (no customer names, emails, addresses, or order data).

9. Cookies

Our website uses minimal cookies:

  • Theme preference — stored in localStorage (not a cookie), remembers your dark/light mode choice
  • Session cookie — for admin panel authentication (HTTP-only, secure, same-site)

We do not use tracking cookies, advertising cookies, or third-party analytics on our public website.

10. Children's Privacy

Our App is designed for business use by Shopify merchants. We do not knowingly collect information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify affected merchants via email for material changes.

12. Contact Us

For privacy-related questions or requests: