JMS Dev Lab ("we", "us", "our") operates the website jmsdevlab.com, develops Shopify applications including JewelryStudioManager and StaffHub, and provides custom software development services. This Privacy Policy explains how we collect, use, and protect your personal data.
1. Information We Collect
Information You Provide
- Contact information: Name, email address, and message content when you contact us through our website or email.
- Account information: When you install one of our Shopify apps, Shopify provides us with your store name, store URL, email address, and the data access scopes you authorize. For custom development clients, we collect business name, contact details, and project requirements as provided during consultation.
Information Collected Automatically
- Usage data: When you use our apps, we collect information about how you interact with the application to improve our services.
- Shopify data: Depending on which app you install and the permissions you grant, we may access customer data, order data, and product data from your Shopify store. This data is used solely to provide the app's functionality.
Information We Do Not Collect
- We do not use cookies for tracking on this website.
- We do not sell your personal data to third parties.
- We do not share your data with advertising networks.
2. How We Use Your Information
- To provide and maintain our Shopify applications
- To respond to your enquiries and support requests
- To process billing through Shopify's payment system
- To improve our apps based on usage patterns
- To provide custom software development services as agreed with clients
- To comply with legal obligations, including Shopify's requirements and GDPR
3. Data Security
We take data security seriously. Our security measures include:
- All data is encrypted in transit using TLS (HTTPS)
- Sensitive data is encrypted at rest using AES-256 encryption
- Authentication uses secure HttpOnly cookies
- Passwords are hashed using bcrypt
- Shopify access tokens are encrypted with AES-256-GCM
- CSRF protection is implemented on all state-changing operations
4. Data Retention
We retain your data for as long as your account is active or as needed to provide our services. If you uninstall one of our apps:
- Your data is retained for 30 days to allow for reactivation or data export
- After 30 days, your data is permanently deleted
- You can request immediate deletion at any time by contacting us
For custom development clients, project-related data is retained for 12 months after project completion to support ongoing maintenance and warranty obligations, unless otherwise agreed in your project contract.
5. GDPR Compliance
We comply with the General Data Protection Regulation (GDPR). As a data processor for Shopify merchants, we:
- Process data only as instructed by the merchant (data controller)
- Implement appropriate technical and organisational security measures
- Handle all Shopify-mandated GDPR webhooks (customer data requests, customer data erasure, shop data erasure)
- Respond to data subject requests within 30 days
Your Rights Under GDPR
If you are in the European Economic Area or the UK, you have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Request erasure of your personal data
- Restrict processing of your personal data
- Data portability
- Object to processing of your personal data
To exercise any of these rights, please contact us at hello@jmsdevlab.com.
6. Third-Party Services
Our apps integrate with the following third-party services:
- Shopify: Our apps run on the Shopify platform. Shopify's use of your data is governed by Shopify's Privacy Policy.
- Cloudflare: Our website is hosted on Cloudflare Pages. Cloudflare may process minimal analytics data as described in their privacy policy.
7. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.
9. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us: