Legal

Privacy Policy

Security Policy

Terms of Service

Effective January 1, 2026
Last updated April 1, 2026

Overview

Welcome to HeadlessDB.

We value privacy and are committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website, headless-db.com, or use our Shopify app.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it.

Information We Collect

2.1 Personal Information

We may collect the following personal information:

  • Name
  • Email address
  • Phone number

2.2 Non-Personal Information

We may also collect non-personal information, including:

  • Browser type
  • Device type
  • IP address
  • Browsing behavior, such as pages viewed and links clicked

2.3 Shopify Information

When you install our app, we are automatically able to access certain types of information from your Shopify account:

  • Store information and metadata
  • Other data as approved by you during installation via Shopify’s APIs
  • App installation and uninstallation dates and times

How We Use Your Information

3.1 Providing Our Services

  • Provide and maintain our app’s functionality
  • Enhancing user experience
  • Analyzing app usage and trends
  • Improving customer service and support

3.2 To Communicate

  • Sending updates and information related to our app
  • Responding to inquiries and customer service requests

Data Protection

4.1 Security Measures

We use a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information. These measures include SSL encryption, secure servers, and restricted access to personal data.

4.2 Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements.

Sharing Your Information

5.1 Third-Party Services

We may share your information with third-party service providers who assist us in operating our website and/or app, conducting our business, or servicing you. These third parties are contractually obligated to keep your information confidential and secure.

5.2 Legal Requirements

We may disclose your information if required by law, such as to comply with a subpoena or similar legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Your Rights

6.1 Access and Update

You have the right to access and update your personal information. To exercise these rights, please contact us using the details below.

6.2 Opt-Out

You can opt-out of receiving promotional emails from us at any time by following the unsubscribe link in any email you receive from us or by contacting us directly.

6.3 Data Deletion

You can request the deletion of your personal data by contacting us. We will take reasonable steps to delete your information from our records, unless we are required to retain it by law or for legitimate business purposes.

Technologies We Use

Use of Cookies

We use cookies and similar tracking technologies to enhance browsing experience, analyze site traffic, and understand where our visitors are coming from. You can control the use of cookies at the individual browser level.

Log Files

We track actions occurring in our app, including IP address, browser type, internet service provider, timestamps, and referring or exit pages.

Sub-Processors

We use the following sub-processors to help us provide our services:

  • Google Analytics – For tracking app listing related events and analytics

We carefully select our sub-processors based on their commitment to data security and privacy. Each sub-processor has been assessed to ensure they maintain appropriate technical and organizational measures to protect your data.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on our website and updating the effective date at the bottom of this policy.

Contact Us

If you have any questions or concerns about this privacy policy, please contact us at:

Email: support@headless-db.com.

Overview

We take the security of our app and your data seriously. This document outlines our policy for security vulnerabilities.

Reporting a Vulnerability

If you discover a security vulnerability, please report it to us by emailing support@headless-db.com. We take all reports seriously and will investigate them promptly.

We appreciate the efforts of security researchers and will work with you to resolve any issues you find.

Incident Response

In the event of a critical security vulnerability, our priority is to protect our merchants and their customers. We reserve the right to deploy a fix without immediately disclosing the vulnerability’s details to prevent potential exploitation.

Our standard response process is:

  1. Silently deploy a fix to our production systems, securing all merchants.
  2. After a fix is confirmed to be effective, we will disclose the nature of the vulnerability and, with their permission, credit the reporter.

We may adjust this timeline to best ensure the security of our users. For example, we might notify specific merchants directly before a wider public announcement if appropriate.

Emergency Measures

During a severe and active incident, we may need to temporarily disable parts of our service to prevent further harm. We will work to restore full functionality as quickly as possible and will strive to keep affected merchants informed.

Agreement to Terms

By installing or using HeadlessDB, you agree to be bound by these Terms of Service. If you do not agree, do not install or use the app.

“You” refers to the Shopify merchant or developer installing the app. “We” refers to HeadlessDB, the operator of HeadlessDB.

Description of Service

HeadlessDB is a Shopify embedded application that enables import and export of Shopify Metaobject data via CSV and JSONL files. The service runs inside the Shopify Admin and interacts with your store via the Shopify Admin API.

Acceptable Use

You may use HeadlessDB only for lawful purposes and in accordance with these Terms. You agree not to:

  • Use the service to import data you do not have the right to use or distribute.
  • Attempt to reverse-engineer, decompile, or extract the source code of HeadlessDB.
  • Use automated scripts to abuse import or export functions in ways that exceed normal merchant use.
  • Resell, sublicense, or otherwise commercialize access to HeadlessDB.

Your Data

You retain ownership of all data you upload to or export from HeadlessDB. We process your data solely to operate the service. See our Privacy Policy for details on data handling.

You are responsible for ensuring you have the right to import any CSV content into your Shopify store.

Availability and Uptime

We aim for high availability but do not guarantee uninterrupted service. We may perform maintenance, apply updates, or experience downtime outside our control, including Shopify API outages. We will communicate planned maintenance where possible.

Billing and Cancellation

Billing is handled by Shopify’s billing API. By activating a paid plan, you authorize Shopify to charge your account on a recurring basis per the plan terms. Subscription fees are non-refundable except where required by law.

To cancel, uninstall HeadlessDB from your Shopify Admin. Your subscription is cancelled at the end of the current billing cycle. Job history is deleted within 30 days of uninstall.

Disclaimer of Warranties

HeadlessDB is provided “as is” and “as available” without warranty of any kind. To the fullest extent permitted by law, we disclaim all warranties, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

We do not warrant that the service will be error-free, that defects will be corrected, or that the service is free of viruses or other harmful components.

Limitation of Liability

To the maximum extent permitted by applicable law, HeadlessDB shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, data, or goodwill, arising from your use of or inability to use the service.

Our total liability to you for any claim arising from these Terms or the service shall not exceed the amounts you paid us in the three months preceding the claim.

Changes to These Terms

We may update these Terms at any time. Material changes will be communicated via an in-app notice or website update where possible. Continued use of HeadlessDB after the effective date constitutes acceptance of the updated Terms.

Governing Law

These Terms are governed by the laws of England and Wales. Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Contact

Questions about these Terms? Email support@headless-db.com.