ENES

Privacy Policy

Blog Sidebar by PangoStudio

1. Data Controller

The Blog Sidebar app ("the App") is developed and maintained by PangoStudio. This Privacy Policy explains how the App handles data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

2. What Data We Process

The App processes the following data from your Shopify store:

No personal data of customers, merchants, or staff is collected, stored, or transmitted by the App. The App does not use cookies, trackers, or analytics.

3. Lawful Basis (Art. 6 GDPR)

The processing of blog data is necessary for the performance of the service requested by the merchant (Art. 6(1)(b) GDPR). The data is processed solely to display the sidebar on blog article pages as configured by the merchant.

4. Data Storage & Retention

The App does not store any data on its own servers. All blog data is read directly from your Shopify store via the Shopify Storefront API and rendered client-side in the browser. No data is retained after the page is closed.

The only persistent data is the block configuration (widget settings, colors, etc.), which is stored in your Shopify theme settings. This is standard Shopify theme data and never leaves your Shopify environment.

5. Data Sharing & Sub-processors

The App does not share any data with third parties. No sub-processors are used. The App operates entirely within the Shopify ecosystem (Admin API and Storefront context).

6. International Data Transfers (Art. 44-49 GDPR)

Since the App does not collect or transmit any personal data, no international data transfers occur. Data remains within your Shopify store's infrastructure.

7. Your Rights (Art. 15-22 GDPR)

As the App processes no personal data, data subject rights (access, rectification, erasure, restriction, portability, objection) are not applicable to the App's functionality. If you have concerns about the blog data displayed, you can manage it directly through your Shopify admin — edit or delete articles, configure the App's visibility settings, or uninstall the App.

8. Security Measures (Art. 32 GDPR)

The App uses Shopify's authenticated API surface (Admin API) and requires authentication for the embedded admin area. The theme extension runs on the storefront and reads only public blog data that is already visible on your blog pages. Custom CSS and custom content fields are sanitized before rendering.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in the App or legal requirements. Merchants will be notified via the Shopify App Store listing and the App's admin page.

10. Contact

If you want more information about us, have questions, or wish to submit a claim, you can contact us at somos@pangostudio.com

PangoStudio

Email: somos@pangostudio.com

Calle Tomás Borrás, 14 1º A 28045, Madrid Madrid – Spain