CIMails — Privacy Policy

Last updated: June 26, 2026

CIMails ("the app", "we") helps Shopify merchants design their transactional notification emails without code. This policy explains what data the app processes and why. The app does not send emails — it generates code that the merchant pastes into Shopify, and Shopify sends.

Data we process

• Store identifiers & access: your myshopify.com domain and the Shopify access token used to authenticate the embedded app.
• Brand profile: logo URL, colors, fonts, and social links you enter, used to style your templates.
• Email designs: the template layouts and text you create (per notification type and language).
• Entitlement: whether you completed the one-time purchase (billing itself is handled by Shopify; we never see card details).

We do not collect, store, or have access to your customers' personal data. Email previews use built-in sample data, not real orders.

AI processing

When you use the AI design or translation features, the text and brand settings of the template you are editing are sent to our AI provider, Anthropic, to generate or translate the design. No customer personal data is included.

Subprocessors

• Shopify — platform, authentication, and billing.
• Anthropic — AI design generation and translation.
• DigitalOcean — application hosting.

Cookies & sessions

The app uses a session token to authenticate inside the Shopify admin. We do not use advertising or cross-site tracking cookies, and the app works without third-party cookies.

Data retention & deletion

• Your brand and design data are kept while the app is installed so you can keep editing.
• When you uninstall, your session is deleted immediately.
• We honor Shopify's GDPR webhooks: on shop/redact we erase all data we hold for your shop. For customers/data_request and customers/redact there is nothing to return or delete, because we store no customer personal data.

Your rights

You may request access to, correction of, or deletion of your data at any time by contacting us (or by uninstalling and requesting redaction through Shopify). We comply with GDPR and CCPA requests.

Security

Data is transmitted over HTTPS and stored on access-controlled infrastructure. Access tokens and API keys are kept server-side and never exposed to the browser.

Changes

We may update this policy; the "last updated" date above reflects the latest version. Material changes will be reflected here.

Contact

Questions or data requests: support@cimails.app

http://cimails.saphirly.com/privacy