Privacy Policy

Fountainhead Sales Engine - Shopify App

Last updated: 27 March 2026

1. Introduction

This Privacy Policy describes how Fountainhead Consulting ("we", "our", or "us") collects, uses, and protects information when you use the Fountainhead Sales Engine app ("the App") on Shopify.

By installing and using the App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Store Information

When you install the App, we collect:

  • Shop domain (e.g., your-store.myshopify.com)
  • Access token (encrypted and securely stored)
  • Store name

This information is necessary to provide our store building and customisation services.

2.2 What We Do NOT Collect

The Fountainhead Sales Engine app does NOT collect:

  • Customer personal information
  • Customer email addresses
  • Order information
  • Payment details
  • Customer browsing behaviour

3. How We Use Your Information

We use the collected information solely to:

  • Build and customise your Shopify store
  • Apply theme presets and colour configurations
  • Create and update store pages
  • Configure store navigation
  • Manage product listings

4. Data Storage and Security

Your store data is securely stored using Supabase, a SOC 2 Type II compliant database service. Access tokens are encrypted and only used for authorised API calls to your store.

We implement industry-standard security measures including:

  • HTTPS encryption for all data in transit
  • Encrypted storage for sensitive credentials
  • Role-based access controls
  • Regular security audits

5. Data Sharing

We do not sell, trade, or otherwise transfer your information to third parties. Your data is only shared with:

  • Shopify - via their official API for store operations
  • Supabase - our database provider (data processor)
  • Vercel - our hosting provider (data processor)

6. Data Retention

We retain your store data for as long as the App is installed. When you uninstall the App, your data is automatically deleted within 48 hours in accordance with Shopify's GDPR requirements.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

  • Access - Request a copy of your data
  • Rectification - Request correction of inaccurate data
  • Erasure - Request deletion of your data
  • Portability - Request your data in a portable format
  • Object - Object to processing of your data

To exercise these rights, contact us at privacy@thefountainhead.com.au

8. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

11. Shopify App Compliance

This app complies with Shopify's Partner Program Agreement, API Terms of Service, and Acceptable Use Policy. We implement all mandatory GDPR webhooks as required by Shopify for app store compliance.

Fountainhead Consulting
Sydney, Australia