Privacy Policy.
Last updated: 26 June 2026
1. Who we are
Vunda is a product operated by Blue Sky PPC Ltd, a company registered in England and Wales (company number 13739023), with its registered office at Suite GA, St George's House, Lever Street, Wolverhampton, WV2 1EZ. Blue Sky PPC Ltd is the data controller responsible for your personal data. For any privacy-related enquiry, contact us at support@vunda.app.
2. Information we collect
We collect the following categories of information:
- Account information - your store owner name and email address, obtained from Shopify when you install the app, together with the Shopify session and store identifiers used to authenticate you inside the Shopify admin.
- Shopify store data - when you connect your Shopify store, you authorise Vunda to access your store information, products and collections through the Shopify Admin API, along with an access token used to keep your app in sync. Vunda does notcollect your customers' personal data, except the limited cart-reminder information described in section 5 (and only if you turn on abandoned-cart reminders).
- Shopper data for push features you enable- if you turn on abandoned-cart reminders, your app sends Vunda a signed-in shopper's Shopify customer identifier and a short cart summary (item count, value, currency, and the leading product's title and image) so we can send one reminder. See section 5. This is collected only while the feature is enabled, and never for guest shoppers.
- App content you create - the app design, layout, branding, colours and any images you upload while building your app. Uploaded files are stored via Vercel Blob; your app configuration is stored in our database.
- Usage and device data - IP address, browser type, operating system, pages visited, referring URLs and interactions with our site.
- Product analytics data - interactions, clicks, page views, and (where enabled) session recordings and error reports, collected via PostHog to help us improve the service and fix issues.
3. How we use your information
- To provide, maintain and improve the service.
- To connect your Shopify store and keep your app in sync with your products and collections.
- To build, preview, and publish your app to the Apple App Store and Google Play.
- To send the push notifications and abandoned-cart reminders you choose to enable, and to cancel a reminder once a shopper checks out.
- To authenticate you and secure your account.
- To send you service and account communications.
- To measure how our funnel and product are used, so we can improve them.
- To detect fraud, prevent abuse, and maintain security.
4. Legal basis for processing (UK GDPR)
Under UK GDPR, we process your personal data on the following legal bases:
- Contract - processing necessary to provide the service you signed up for, including connecting your store and building your app.
- Consent - for non-essential analytics in regions that require it, and for any marketing communications. You can withdraw consent at any time.
- Legitimate interest - for security, fraud prevention and improving the service, where these interests are not overridden by your rights.
5. Your Shopify store and your customers' data
Vunda's access to your Shopify store is limited to the data needed to build and run your app, primarily your products, collections and store information.
By default, Vunda does notcollect or store your customers' personal data. The one exception is a push feature you choose to switch on:
- Abandoned-cart reminders.If you enable abandoned-cart reminders, your app reports a signed-in shopper's Shopify customer identifier and a short cart summary (item count, value, currency, and the leading product's title and image) to Vunda, so we can send a single reminder push if they do not check out. We use this only to send and then cancel that reminder. It is deleted automatically a short time after the reminder is sent or the cart is recovered, and immediately when Shopify sends us a customer redaction request. Guest (not signed-in) shoppers are never included.
Push notifications are delivered through your configured push provider (OneSignal), acting as a processor on your behalf; see OneSignal's privacy policy at onesignal.com/privacy.
If you uninstall the app or request erasure, we delete the data associated with your store, in line with Shopify's data-protection requirements (typically within around 48 hours of an uninstall).
6. Analytics
We use PostHogfor funnel and product analytics, session replay and error tracking, to understand how people use the service and to find and fix issues. PostHog may collect interaction data, page views, session recordings (which can capture mouse movements, clicks and page content) and error reports. Our PostHog data is stored in the EU (Frankfurt). We do not use advertising pixels such as the Meta Pixel or Google Ads tracking on this site. For more information, see PostHog's privacy policy at posthog.com/privacy.
7. Third-party services
We rely on the following providers to operate the service:
- Shopify - store integration via the Shopify Admin API, and authentication via the App Bridge session token, under your authorisation.
- MongoDB Atlas - database hosting for your account and app configuration.
- Vercel - web hosting, infrastructure, and file storage (Vercel Blob).
- PostHog - product analytics, session replay and error tracking (EU / Frankfurt).
- OneSignal - mobile push notification delivery, used only where you enable it as your push provider; acts as a processor for the campaigns and reminders you send.
- Apple and Google - the App Store and Google Play, where your app is published under your own developer accounts.
When you pay to publish your app, billing is handled by Shopify App Pricing on your Shopify invoice; we do not process or store your card details.
8. International data transfers
Vunda is operated from the United Kingdom. Some of our providers are based in the United States; our PostHog data is stored in the EU (Frankfurt). When your data is transferred outside the UK, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the UK Extension to the EU Standard Contractual Clauses, or adequacy decisions where applicable. By using the service you acknowledge that your data may be processed in the UK, the EU, the US and other countries where our providers operate.
9. Cookies and similar technologies
- Essential cookies - required for authentication, session management and security. These cannot be disabled.
- Analytics cookies - set by PostHog to understand product usage and to capture session recordings and error reports.
We do not set advertising cookies. You can control cookies through your browser settings, though disabling essential cookies may affect how the service works.
10. Data retention
We retain your account and app data for as long as your account is active. If you close your account or disconnect your store, we delete or anonymise your data within a reasonable period, except where we are required to retain it for legal, accounting or security reasons. You can request earlier deletion by contacting us. Abandoned-cart reminder data is short-lived: it is deleted automatically within about two weeks of a reminder being sent or a cart being recovered, and sooner on a customer-redaction request.
11. Your rights
United Kingdom (UK GDPR) and EU (GDPR). You have the right to access, rectify, erase, restrict, and port your personal data, and to object to processing or withdraw consent. To exercise these rights contact support@vunda.app; we will respond within 30 days. You may also complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.
United States (California and other states). If you are a California resident you have the right to know, delete, and correct your personal information, and to opt out of its sale or sharing (we do not sell your personal information). Residents of other states with comprehensive privacy laws have similar rights. Contact support@vunda.app to exercise them.
Canada (PIPEDA) and Australia (Privacy Act 1988). You have the right to access and correct your personal information and to complain to the relevant regulator (the Office of the Privacy Commissioner of Canada, or the OAIC in Australia).
12. Data security
We use reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and secure handling of API keys and tokens. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.
13. Children
The service is intended for business use and is not directed at children. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.
14. Changes
We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account or by notice on the site. Continued use of the service after changes take effect constitutes acceptance.
15. Contact
For questions about this Privacy Policy or to exercise your rights, contact us at support@vunda.app.