Privacy Policy

 

 

Last updated: April 22, 2026

App name: Cinemerce ("we," "us," or "our")
Operated by: Brightmode Pty Ltd (ACN 689 954 756)
Contact: support@cinemerce.com
Postal address: PO Box 5088, Bentleigh East, Victoria, Australia 3165

This Privacy Policy describes how we collect, use, disclose, and protect information when you install or use the Cinemerce application ("App") from the Shopify App Store, or when you visit our website at https://cinemerce.com ("Site").

If you use the App, you are typically a merchant (or an authorized user of a merchant's Shopify store). This policy explains our practices in that context. It does not describe Shopify's own privacy practices; those are governed by Shopify's policies and your agreement with Shopify.

1. Who we are

Cinemerce is a Shopify app that helps merchants create and manage 360° orbit video content for their stores and products by processing the product images and settings you choose, and connecting the resulting videos back to Shopify.

Data controller: Brightmode Pty Ltd, Australia. If you have questions about this policy, contact us at the email above.

2. Information we collect

We collect information in the ways described below.

2.1 Information from Shopify and the App

When you install the App and while it remains installed, we may receive or generate:

  • Store and account identifiers, such as your shop domain, shop ID, and the access tokens and session data required to maintain a secure connection with Shopify.
  • Shopify staff or user profile fields provided at login: first name, last name, email, locale, user ID, and flags indicating whether the user is the store's account owner or a collaborator. We use these only to identify the authenticated user during a session and to personalize the App interface.
  • Technical and diagnostic data such as IP address, browser or client type, timestamps, and error logs typical of web applications, where collected by our hosting or logging systems.

2.2 Information you provide through using the App

Depending on how you use Cinemerce, we may process:

  • Product-related data you select in the App, such as product IDs, product titles, and URLs or references to images used as input for video generation.
  • App configuration, such as settings you choose for each render (for example, the orbit camera angles or generation parameters), stored as needed to run jobs and show status in the App.
  • Job and output data, such as render job identifiers, external rendering job references, output video URLs, Shopify file references for uploaded videos, and status or error messages associated with a job.

2.3 Billing and credits

If you subscribe to a paid plan through Shopify's Managed Pricing, we may process:

  • Billing-related identifiers (for example, the subscription identifier Shopify provides), the plan key associated with your store, credit balances, and transaction records (credits added or consumed and the reason category).

We use this information to administer plans, credits, and entitlements. Payment information itself is processed by Shopify, not by us.

2.4 What we do not collect

Cinemerce does not access or store your store's buyers, customers, orders, checkout data, or inventory records. The App's functionality is scoped to product media (images you choose) and the generated video outputs. We do not request or use access scopes such as read_customers, read_orders, or read_all_orders. The only Shopify scopes Cinemerce requests are read_products, write_products, and write_files.

2.5 Website visitors (if you use our Site)

If you visit our Site (separate from the embedded App), we may collect contact information if you submit a form, communications you send us, and usage or technical data as described in the Cookies section below.

3. How we use information

We use the information above to:

  • Provide, operate, and improve the App and our services.
  • Authenticate requests, maintain sessions, and protect against abuse or fraud.
  • Process and complete video-related workflows you initiate, including communication with the infrastructure and vendors that perform rendering on our behalf.
  • Manage billing, credits, subscriptions, and support.
  • Comply with law, respond to lawful requests, and enforce our terms.
  • Send service-related messages (for example, about the App or your account). We do not use your data to send unrelated third-party marketing unless we obtain appropriate consent where required.

4. Legal bases (EEA, UK, and similar regions)

Where applicable data protection law requires a "legal basis," we rely on:

  • Performance of a contract — providing the App and features you request.
  • Legitimate interests — security, troubleshooting, improving the service, and efficient administration, balanced against your rights.
  • Legal obligation where the law requires us to process data.
  • Consent where we specifically ask for it (for example, certain cookies or marketing, if offered).

5. How we share information

We do not sell your personal information. We may share information as follows:

  • Shopify, as necessary for the App to function within your store and under Shopify's platform rules.
  • Service providers (sub-processors) that host our application or databases, process media or video workflows, or provide logging and security — only on our instructions and subject to appropriate safeguards.
  • Professional advisors (lawyers, accountants) where permitted.
  • Authorities or third parties when required by law, or to protect rights, safety, or security.

5.1 Categories of sub-processors

To run the App we use sub-processors in the following categories. All are bound by appropriate data-processing terms:

  • Shopify — platform, OAuth, file hosting, and billing (as required for the App to function within your store). Shopify's own processing is governed by Shopify's agreements and privacy policy.
  • Cloud hosting and managed database providers — run the App's web servers and store shop, credit, and render-job records. Data is stored in the United States.
  • AI rendering providers — produce the orbit videos from images. When you start a render job, we send the image URLs and generation parameters you select to our rendering provider for processing. We do not send product descriptions, customer information, order data, or any other store data to these providers.

A current named list of sub-processors is available on request by emailing support@cinemerce.com. We will notify you of material changes to the categories above in accordance with Section 15.

6. International transfers

We process data in Australia (our operating country) and the United States (where our cloud hosting, database, and AI rendering providers operate). Shopify also processes your store data in locations governed by its own agreements with you. Where we transfer personal data from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) or other mechanisms recognized by applicable law.

7. Retention

We retain information only as long as needed for the purposes above. Specifically:

  • Session and access tokens: Deleted immediately when the App is uninstalled.
  • Shop plan state (subscription ID, cycle dates): Cleared when the App is uninstalled.
  • Unused paid credit balances, render job history, and billing transaction history: Retained while the App is installed, and for a reasonable period after uninstall so that if you reinstall, your balance and history are restored. Deleted in full when Shopify issues a shop/redact webhook (typically 48 hours after a shop is permanently deleted).
  • Free intro credit ledger: Retained to prevent the same store from repeatedly claiming the free trial credit by uninstalling and reinstalling.
  • Technical and diagnostic logs: Retained for up to 30 days for security and debugging purposes.

When retention is no longer required, we delete or anonymize data in line with our internal procedures.

8. Security

We implement reasonable technical and organizational measures designed to protect information against unauthorized access, loss, or alteration — including TLS/SSL in transit, access controls on our databases, and the principle of least privilege for staff accounts. No method of transmission over the Internet is completely secure.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing; data portability; and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

Because much of our processing is tied to your Shopify store, some requests may need to be coordinated with the store owner or with Shopify as the platform provider.

To exercise rights, contact support@cinemerce.com. We may need to verify your request.

10. California residents (CCPA/CPRA summary)

If California law applies, we provide this summary:

  • Categories collected: Identifiers (e.g., shop domain, email where provided by Shopify); commercial information (subscription plan, credit balance, transactions); internet or technical information; professional information related to the merchant account; and other categories described in Sections 2–3.
  • Purposes: As described in Section 3.
  • Sharing / "sale" / "sharing" for cross-context advertising: We do not sell personal information, and we do not use or share it for cross-context behavioral advertising as defined under the CPRA.
  • Rights: You may have rights to know, delete, correct, and opt out of certain sharing, and to limit the use of sensitive personal information (if applicable). Contact us as in Section 9.

11. Cookies and similar technologies (Site only)

Our Site uses cookies and similar technologies. Some cookies are essential for the Site to work (for example, security, load balancing, or basic preferences). Others are non-essential (for example, analytics or marketing) and are used only where allowed by law.

Where required, we obtain your consent before setting non-essential cookies. You can also opt out of non-essential cookies at any time through our cookie preferences or banner, or through your browser settings. Opting out may affect how certain features work.

12. Children's privacy

The App and Site are not directed at children. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions that apply a higher minimum age).

13. Roles: controller and processor

For store data processed through the App, you (the merchant) are the data controller and Brightmode Pty Ltd is a data processor (service provider) acting on your instructions. For our own Site visitors and our own business records (for example, billing and support), Brightmode Pty Ltd acts as the data controller.

14. Shopify's role and GDPR webhooks

Shopify processes merchant and end-customer data under Shopify's own agreements and privacy policy. Our access is limited to what you authorize during app installation.

Cinemerce implements Shopify's mandatory data-protection webhooks:

  • customers/data_request — We do not store end-customer personal data, so there is nothing to report.
  • customers/redact — We do not store end-customer personal data, so there is nothing to delete.
  • shop/redact — When a store is permanently deleted, we remove all data associated with that store from our systems, including sessions, credit balances, transaction history, render jobs, and free-credit ledger entries.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date. For material changes — such as new sub-processors, new data categories, or changes to international transfers — we will additionally notify you within the App or by email before the changes take effect.

16. Contact

Brightmode Pty Ltd
Address: PO Box 5088, Bentleigh East, Victoria, 3165 Australia
Email: support@cinemerce.com