Privacy

Privacy Policy

Last updated: April 5, 2026

1. Scope

Cabineo provides a Shopify app and theme app extension for fashion brands using Shopify. This policy explains how we handle merchant data, storefront try-on requests, and support communications.

2. Merchant Data

When a merchant installs Cabineo, we receive and store data needed to operate the app, including:

  • Shop domain and Shopify session data
  • App settings and package status
  • Product identifiers, product images, and configuration data used for try-on
  • Operational usage logs such as successful and failed try-on events
  • Support requests submitted by the merchant

3. Storefront Try-On Requests

When a shopper uses the try-on experience, Cabineo processes the uploaded photo, the selected product, and related storefront request data in order to generate a try-on result.

In Cabineo's own server flow, shopper photos are validated in memory. When a try-on request is queued for asynchronous processing, Cabineo first normalizes the image and strips embedded metadata such as EXIF orientation and location metadata. The shopper photo is then stored temporarily in encrypted form in Cabineo's application database until the queued job is submitted to the image generation infrastructure or marked failed, and is then cleared from the job record.

While a queued job is active, Cabineo issues an opaque polling token back to the requesting browser and stores only a hashed form of that token in the application database so that try-on status polling remains limited to the originating requester.

To generate the result, Cabineo sends the shopper photo and garment reference to cloud image generation infrastructure. Provider documentation indicates that request history and generated outputs can be retained by the provider for operational purposes. Cabinéo does not independently control provider-side retention windows and does not publish unverified provider guarantees. Cabinéo also does not enable provider callback/webhook completion unless callback authenticity requirements are documented strongly enough for safe verification. We periodically review provider documentation and update this policy when provider retention behavior is explicitly documented.

4. How We Use Data

We use data to:

  • Authenticate merchants and run the app
  • Display and configure try-on on Shopify product pages
  • Generate try-on results requested by storefront users
  • Measure operational usage and package consumption
  • Provide merchant support
  • Meet Shopify platform and legal compliance requirements

5. Service Providers

Cabineo relies on third-party providers to operate the service, including:

  • Shopify for app hosting context, authentication, and billing
  • Cloud image generation infrastructure for try-on processing
  • Database and hosting infrastructure providers
  • Email delivery providers for support and transactional communication

6. Retention and Deletion

We retain merchant operational data for as long as it is needed to provide the app, support merchants, and satisfy Shopify compliance obligations.

By default, completed or failed try-on job records are retained for up to 30 days, and completed or failed webhook delivery audit records are retained for up to 90 days, unless a longer period is required for security, incident response, or legal compliance.

When Shopify sends uninstall or redact requests, we delete shop-scoped records from our application database as part of the required cleanup workflow.

7. Security

We use transport encryption, authenticated Shopify requests, access-controlled infrastructure, and server-side validation for file uploads and storefront requests.

8. Your Rights

Merchants may contact us to request access, correction, or deletion of data that we control, subject to applicable law and Shopify platform requirements.

9. Contact

Questions about privacy can be sent to: