FastMe Privacy Policy

This Privacy Policy explains what data FastMe ("we", "our", "the app") collects from Shopify merchants who install the app, how we use it, who we share it with, and how merchants can control or delete it. FastMe is a Shopify app that improves storefront performance by optimizing how third-party scripts, images, and fonts load.

FastMe is operated by PORDIX LIMITED, based at 187 Lancing Road, Sheffield, England, S2 4EW. For any privacy-related questions or requests, contact us at pordixlimited@gmail.com.

2.1 Shop information

When a merchant installs FastMe, we receive the following from Shopify:

• The merchant's shop domain, for example example-store.myshopify.com
• A Shopify-issued access token that lets FastMe make API calls on behalf of the shop, limited to the permission scopes the merchant approved at install
• Session metadata required to keep the merchant signed into the FastMe dashboard inside Shopify Admin

2.2 App configuration data

When the merchant uses the FastMe dashboard, we store the configuration choices they make, including:

• Performance profile selection, such as Balanced, Aggressive, or Custom
• Lists of third-party scripts to delay or exempt
• Page handles where the merchant has disabled FastMe
• Toggles for individual optimization features
• Optional custom CSS for layout-shift reservation

2.3 Performance scan results

When the merchant clicks "Run Performance Scan", or when the app runs the first automatic baseline scan after install, FastMe calls the Google PageSpeed Insights API against the merchant's storefront URL and stores the returned results, which may include:

• Overall performance scores for mobile and desktop
• Lab metrics, including First Contentful Paint, Largest Contentful Paint, Total Blocking Time, Cumulative Layout Shift, Speed Index, and Time to Interactive
• Category scores, including Accessibility, Best Practices, and SEO
• The URL of the storefront's Largest Contentful Paint image, so FastMe can preload it on future page loads
• Timestamp of the scan

2.4 What we do not collect

FastMe does not collect, request, or process:

• Customer personal data, such as names, emails, addresses, or phone numbers
• Order data or order history
• Payment data or billing details, because Shopify handles billing directly
• Browsing behavior of storefront visitors
• Analytics or tracking data about individual visitors

We use the data described above only to:

• Operate the FastMe dashboard inside Shopify Admin
• Apply the merchant's chosen optimization settings to their storefront through Shopify's Theme App Extension
• Generate and display performance scan results in the merchant's dashboard
• Provide technical support if the merchant contacts us about an issue
• Diagnose and resolve errors in the app

We do not use merchant data for advertising, do not sell merchant data, and do not share merchant data for any purpose unrelated to operating the app.

4.1 Google PageSpeed Insights API

When a performance scan runs, FastMe sends the merchant's storefront URL to Google's PageSpeed Insights API. Google then loads the storefront in a simulated Chrome browser to measure performance and returns the results to FastMe. The only data sent to Google is the public storefront URL, which is the same URL anyone with a browser could visit. Google's handling of this data is governed by Google's own privacy policy at https://policies.google.com/privacy.

4.2 Shopify

FastMe runs inside the Shopify platform and uses Shopify's APIs to read theme information and write configuration metafields. Shopify's privacy practices are described at https://www.shopify.com/legal/privacy.

4.3 Our hosting infrastructure

Merchant configuration and scan results are stored on servers operated by FastMe at our hosting provider. Database access is restricted to authorized FastMe operators only.

4.4 No other third parties

We do not share merchant data with any other third parties. We do not use analytics services, advertising networks, or data brokers.

Merchant data is stored in a PostgreSQL database hosted on our infrastructure. It is encrypted in transit using HTTPS/TLS between Shopify, the merchant's browser, and our servers.

We retain merchant data only for as long as the merchant has the app installed. When the merchant uninstalls FastMe:

• Shopify automatically notifies us through the app/uninstalled webhook
• After receiving and processing that webhook, FastMe deletes the merchant's configuration data and scan results from our database
• Shopify also revokes the access token, so we can no longer access the shop's data

We also respond to the standard Shopify privacy webhooks: customers/data_request, customers/redact, and shop/redact. Since FastMe does not collect customer personal data, the customer-related webhooks are acknowledged and require no customer-data deletion action. The shop/redact webhook triggers deletion of shop-related app data if it is fired separately from uninstall.

Merchants have the following rights at any time:

• Right to access: Merchants can view their stored configuration and scan data directly in the FastMe dashboard inside Shopify Admin.
• Right to delete: Merchants can delete their app-related data by uninstalling FastMe from their Shopify Admin.
• Right to contact us: Merchants can email pordixlimited@gmail.com with any privacy question or request.

We follow industry-standard practices to protect merchant data, including:

• HTTPS/TLS encryption for all data in transit
• Restricted server access through SSH keys and firewall rules
• Use of Shopify's official authentication libraries to handle session tokens
• No storage of payment information, because Shopify handles all billing directly

No system is perfectly secure. If we ever discover a security incident affecting merchant data, we will notify affected merchants and Shopify as soon as we are aware of the issue.

We may update this policy from time to time to reflect changes in the app's functionality, business operations, or legal requirements. When we update it, we will revise the "Last updated" date at the top. Material changes may be announced in the FastMe dashboard or by contacting the merchant through the contact details available through Shopify.

For privacy questions, data deletion requests, or any other privacy-related concern, contact us at:

pordixlimited@gmail.com

PORDIX LIMITED
187 Lancing Road
Sheffield, England
S2 4EW