Gridwell Privacy Policy

Last updated: June 16, 2026

Gridwell ("we", "us") is an app for Shopify merchants, published by Ovenir. This policy explains what data Gridwell accesses, how we use it, and how we protect it.

1. Who this applies to

This policy applies to Shopify merchants who install and use Gridwell. Gridwell does not collect or process personal data about a store's end customers.

2. Data we access and store

• Shopify store data: To preview and apply your bulk edits, Gridwell reads your products and variants and writes only the fields you choose (variant prices and variant metafields). We store your column mappings, your sheet connection details, and a snapshot of the specific fields changed by your most recent push, used only to power one-click undo.
• Google account data: When you connect Google, Gridwell uses the Google Drive "drive.file" permission with the Google Picker so you can select a specific spreadsheet. Gridwell can only access the spreadsheet you explicitly choose, and reads its contents to prepare your edits. We store Google access and refresh tokens so the app can read your selected sheet.
• Account identifiers: your store domain and the email address of your connected Google account.

We do not access or store your store's customer personal data.

3. How we use the data

We use this data solely to provide the app's functionality: reading your sheet, previewing changes, applying bulk edits to your catalog, and enabling undo. We do not sell your data, and we do not use it for advertising.

4. Google user data and Limited Use

Gridwell's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google data to provide and improve user-facing features, we do not transfer it to third parties except as needed to operate the service or as required by law, and we do not use it for advertising or to train generalized AI or ML models.

5. Service providers

We use the following providers to operate Gridwell: Shopify (platform and APIs), Google (Sheets and Drive APIs), and Railway (application hosting and database). We share data with them only as needed to run the app.

6. Security

Connection tokens are encrypted at rest (AES-256), and all data is transmitted over encrypted connections (TLS). Access to stored data is restricted.

7. Data retention and deletion

We keep your data only while the app is installed. When you uninstall Gridwell, or upon a verified deletion request, we delete your stored data (sheet connections, column mappings, push history, and tokens). You can disconnect your Google account at any time from within the app.

8. Your rights

Depending on your location (including under the GDPR), you may have the right to access, correct, or delete your data. To exercise these rights, contact us at support@ovenir.com.

9. Changes to this policy

We may update this policy from time to time. We will post the updated version at this URL with a new "Last updated" date.

10. Contact

Ovenir - support@ovenir.com