Privacy Policy
This Privacy Policy describes how McDaniel Creative ("we," "us," "our") collects, uses, and shares information in connection with the Scrabb Shopify app ("Scrabb," the "Service"), available at mcdanielcreative.com/scrabb-app and installed by merchants in their Shopify admin.
If you have questions about this policy or your data, contact us at mcdanielcreative@gmail.com.
1. The short version
Scrabb is a whiteboard for your team. It lets the staff on your Shopify store type and draw on boards to jot down ideas, to-dos, and sketches.
The most important things to know up front:
- Scrabb does not read or store any of your customers' data. No customer names, emails, phone numbers, addresses, orders, or payment details, ever. It requests no data access scopes at all.
- The only information Scrabb stores is the board content your staff create and the identity of the staff member who created each board.
- Scrabb has no storefront code, no pixel, and sets no cookies on your storefront. It never touches your shoppers' browsers.
2. Who this policy applies to
This policy describes data we collect about merchants — Shopify store owners and the staff members they add to their store, who install and use Scrabb.
Scrabb collects no data about your customers (the people who shop on your store). It has no access to orders, customers, or your storefront, so there is no shopper data for this policy to cover.
3. What we collect
When you install Scrabb, we collect from Shopify:
- Your shop's myshopify.com domain, contact email, and store name.
- An OAuth access token with no data scopes — Scrabb cannot read your orders, products, customers, themes, or storefront. The token only lets Scrabb run as an embedded app in your admin.
- Staff identity, via Shopify's standard online (user-context) session: the Shopify user ID, name, and email of the staff member using the app. We use this only to keep each person's personal boards visible to that person alone, and to label shared boards with the creator's name.
When you use Scrabb, we also store:
- Board content — the title and canvas of each board your staff create: the text, shapes, drawings, and notes they add.
- Which staff member owns each board, and whether a board is personal or shared.
Our servers also record standard request metadata (IP address, browser type, pages visited within the app) for reliability and security.
We do not collect or store any customer (shopper) data of any kind, or any product, inventory, or storefront data.
4. Why we collect it (legal basis)
Our legal basis for processing merchant and staff data is performance of the contract that begins when you install the app and accept our terms, plus our legitimate interest in operating, securing, and improving the Service. Board content is stored solely to provide the Service, so your boards are there when you come back. We don't analyze, mine, or repurpose what you write or draw.
5. How we use it
- Save your boards and show them back to the right people.
- Label shared boards with the creator's name.
- Operate, secure, debug, and improve the Service.
- Comply with our legal obligations.
We do not sell data to anyone, ever. We do not use board content or staff data for advertising, profiling, training AI models, or any purpose other than running Scrabb for you.
6. Sub-processors
| Sub-processor | What they do | Data they receive |
|---|---|---|
| Shopify | Underlying platform and authentication | Scrabb runs inside Shopify's admin; staff identity and the install originate from Shopify |
| Our hosting provider | Application hosting and database | All Scrabb data (boards, staff identity) is stored on our hosting infrastructure |
We do not share data with advertising networks, data brokers, AI providers, or analytics providers.
7. Where data is stored
Scrabb data is hosted in the United States. If you're a merchant outside the United States, your store's board data will be transferred to and processed in the U.S. For merchants in the European Economic Area, the United Kingdom, or Switzerland, this transfer relies on Standard Contractual Clauses as the applicable safeguard.
8. Data retention
| Data | Retention |
|---|---|
| Boards (titles + canvas content) | Retained while the app is installed. Deleted when you delete the board, or when the app is uninstalled. |
| Staff identity / session records | Retained while the app is installed; deleted on uninstall. |
| All shop data | Deleted when Shopify sends the shop/redact webhook after uninstall, and when you uninstall the app. |
| Admin request logs | Deleted after 90 days. |
You can request earlier deletion at any time at mcdanielcreative@gmail.com.
9. Cookies
Scrabb uses only the session cookies required by Shopify's embedded-app authentication. Scrabb sets no cookies on your storefront and has no storefront-facing code at all. There is nothing for your shoppers to consent to, because Scrabb never touches their browsers.
10. Privacy webhooks
Scrabb implements Shopify's three mandatory privacy webhooks. Because Scrabb stores no customer data, the customer ones have nothing to act on:
- customers/data_request — Scrabb holds no data about any shopper, so there is nothing to return.
- customers/redact — Scrabb holds no data about any shopper, so there is nothing to erase.
- shop/redact — when Shopify fires this webhook after you uninstall, we delete every board and record associated with your shop.
Merchant staff who wish to exercise access, deletion, correction, or portability rights over their own identity data or board content can contact us at mcdanielcreative@gmail.com and we will respond within 30 days. California residents: we do not sell or share personal information as those terms are defined under the CCPA.
11. Security
- All data encrypted in transit (HTTPS / TLS 1.2+) and at rest.
- Database backups are encrypted.
- Production secrets stored only in our host's encrypted secrets store, never in source code.
- Access to production infrastructure protected by two-factor authentication.
- Shopify webhook and OAuth signatures verified on every inbound request.
- No data access scopes — Scrabb cannot reach your orders, customers, or storefront.
- No customer data stored — data we never hold can never leak.
No system is perfectly secure; if you believe your data may have been compromised, contact us immediately at mcdanielcreative@gmail.com.
12. Children's privacy
Scrabb is a merchant productivity tool and is not directed to children under 13 (or under 16 in the European Economic Area). We do not knowingly collect personal data from children.
13. Changes to this policy
We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. Material changes will be announced via the Scrabb admin interface and, where required, by email to merchants. Your continued use of the Service after a change indicates your acceptance of the updated policy.
14. Contact
McDaniel Creative
Email: mcdanielcreative@gmail.com
Website: mcdanielcreative.com/scrabb-app
© 2026 McDaniel Creative