Skip to main content
support@appolar.com|+1 707 706 0501
AppolarAPPOLAR

Legal

Privacy Policy

Last updated June 11, 2026

What Appolar collects from Shopify merchants and from end-customers using apps built with Appolar, where the data lives, and how it flows between Shopify, Appolar, and Expo.

1. Who this policy is for

Appolar has two distinct audiences and we describe each one separately because the data they generate is different:

  • Merchants — Shopify store owners who install the Appolar app from the Shopify App Store and use the Appolar visual builder to ship a native mobile app for their store.
  • End-customers— people who download and use a mobile app that was built with Appolar. The app appears under the merchant's brand on the App Store and Google Play; Appolar is the platform underneath but not the publisher.

We're an indie platform built and operated by Moe Talaat (“we,” “our,” or “us”). We don't sell merchant or end-customer data and we don't run ad networks.

2. Data flows

The clearest way to understand our model is to follow the data:

  • Merchant ↔ Shopify ↔ Appolar.When a merchant installs Appolar from the Shopify App Store, Shopify performs OAuth and returns an access token to us. We store that token and the merchant's shop domain so we can read the merchant's catalog, customers, and orders via Shopify's APIs while the app is installed. We never see the merchant's Shopify password.
  • Merchant ↔ Appolar builder.Inside the Shopify admin, the merchant configures their mobile app — theme colors, font, home page block layout, push campaigns. That configuration is stored in our PostgreSQL database under the merchant's store ID.
  • Merchant ↔ Appolar ↔ EAS.The merchant uploads their own Apple App Store Connect API key and Google Play service account JSON. We encrypt these credentials at rest with AES-256-GCM, then use them only to submit builds to Expo's EAS Build service and the two app stores under the merchant's developer accounts. The merchant's app binary, store listing, and ownership belong to the merchant.
  • End-customer ↔ Shopify.The mobile app talks directly to Shopify's Storefront API for catalog, cart, customer accounts, and checkout. End-customer accounts, orders, addresses, and payment data live with Shopify, not with Appolar.
  • End-customer ↔ Appolar. When an end-customer opens the mobile app, an anonymous Expo push token is registered with Appolar so the merchant can send push notifications. If the customer signs in to their Shopify account inside the app, we link the token to a Shopify customer ID (per-store, never shared across merchants). That linkage is severed on a Shopify customers/redact GDPR webhook.
  • End-customer ↔ Expo.Push notifications are delivered through Expo's push service, which forwards them to Apple Push Notification service (APNs) and Google Firebase Cloud Messaging (FCM). Notification content is composed by the merchant.
  • End-customer ↔ third-party analytics (optional, per merchant). Merchants can enable Facebook Pixel (Conversions API) or Google Analytics 4 (Measurement Protocol) for their app. When enabled, the mobile app sends e-commerce events to those services using IDs the merchant provides. Appolar passes these events through but does not maintain a separate analytics database of end-customer behavior.

3. What we store (merchants)

Account & install: Shopify store domain, Shopify-issued access token and scope list, install/uninstall dates, active plan synced from Shopify Billing.

Builder configuration:design config (starter preset chosen, plus the merchant's edits to colors, fonts, and per-screen layouts), app name, bundle ID, brand colors, chosen Google Font, home page block layout, tab visibility, optional third-party integration IDs.

Developer credentials, encrypted at rest: Apple App Store Connect API key (.p8) + Team/Issuer IDs, Google Play service account JSON. Encrypted with AES-256-GCM. The encrypted blob is what lives in the database; raw key material never sits in plaintext on disk.

Build history:EAS build IDs, status, timestamps, and pointers to the binaries on EAS's servers. We don't store the binaries ourselves.

4. What we store (end-customers)

Appolar's direct touch on end-customer data is intentionally narrow. Most of what end-customers do in an Appolar-built app talks to Shopify, not to Appolar.

Device push tokens:the Expo push token (an opaque identifier from Apple/Google), the store ID it belongs to, and optionally the Shopify customer ID of the signed-in account. Push tokens never cross merchants — a customer's token on Store A has no relationship to anything on Store B.

What we don't store about end-customers:email addresses, names, phone numbers, order history, addresses, payment methods (all stay in Shopify); browsing or session-replay data (Appolar doesn't run session-replay anywhere); cross-merchant identifiers.

5. Where data is stored

  • PostgreSQL on our VPS(Hostinger KVM, Ubuntu). Bound to localhost; external access requires SSH with a private key. Row-level isolation by store ID means a query in one merchant's context cannot read another's rows.
  • EAS Build (Expo)temporarily holds compiled binaries for download to the merchant's developer accounts. EAS's privacy policy applies to that transit storage.
  • Shopifyholds all merchant-customer relationships, orders, products, and payment data. Appolar reads from Shopify; we don't mirror Shopify's customer data.

6. This website (analytics)

The marketing site you are reading right now (appolar.com) uses PostHogas an analytics processor to understand how visitors use the site. When analytics is active, PostHog records page views, page-leave events, the pages you visit, your browser and device type, and a randomly generated visitor identifier. That identifier is persisted in your browser's localStorage so repeat visits can be counted as one visitor; it is not tied to your name or email unless you contact us and tell us who you are.

We use this data only to see which pages get read and where the site is confusing. We do not use it for advertising, we do not run ad-network trackers or third-party ad cookies, and we do not sell or share visitor data. PostHog processes this data on our behalf; their own privacy policy applies to their infrastructure.

The contact and lead forms on this site send what you type to our support inbox via Resend (an email delivery service) so we can reply to you. Form contents are not added to any marketing list.

7. GDPR / mandatory data webhooks

Shopify requires every app to handle three GDPR webhooks. Appolar implements all three:

  • customers/redact — unlinks the customer ID from any device tokens we hold for that store. Tokens stay valid (device may belong to a different signed-in user later) but the link to the redacted customer is removed.
  • customers/data_request — we don't store customer-content data, only optional device-token links. We log the request and respond within Shopify's 30-day window.
  • shop/redact — fired 48 hours after a merchant uninstalls Appolar. We delete the entire store row, which cascades and removes all related configuration, credentials, build history, and device tokens.

8. Subprocessors

  • Shopify— identity, billing, store data; without Shopify, Appolar doesn't function.
  • Expo (EAS Build & Expo Push) — building binaries, delivering push notifications.
  • Apple (App Store Connect, APNs) and Google (Play Console, FCM)— distribution and notification delivery, under the merchant's own developer accounts.
  • Hostinger — the VPS where our PostgreSQL database and API run.

9. Security

  • All database traffic is on a private network (localhost-bound, accessible only via SSH tunnel).
  • Public traffic to api.appolar.com and app.appolar.comis HTTPS only (Let's Encrypt).
  • Merchant-uploaded developer credentials are encrypted with AES-256-GCM at rest.
  • Shopify webhook payloads are verified with HMAC signatures before any database write.
  • SSH access to the host requires a private key; password-based SSH is disabled.

10. Your rights

Merchants: uninstall Appolar from your Shopify admin at any time. 48 hours later, Shopify fires shop/redact and we delete everything associated with your store. You can also email support@appolar.com to request immediate deletion or to ask what we have on file.

End-customers:the apps built with Appolar are published by the merchant who built them. Account deletion is handled through Shopify and the merchant's own customer support channel. If you uninstall the mobile app, the push token tied to that install is invalidated on the next push attempt.

11. Contact

Privacy questions: support@appolar.com. Data controller of record: Moe Talaat (sole operator of Appolar).

12. Changes

If we change what data Appolar collects or how it flows, we update this page with a new “Last updated” date and, for material changes, notify merchants by email and inside the Shopify admin. Read about how we handle refunds and cancellations for related billing questions.