Privacy Policy
Last updated: June 2026
Overview
Zavio provides proposal, catalog, integration, and sales workflow software for merchants. This policy explains what we collect, why we collect it, how long we keep it, and how merchants and their customers can exercise privacy rights.
Data we collect
We collect account details, workspace membership, billing and subscription records, proposal content, uploaded media, customer or prospect details that merchants add to proposals, product catalog data, integration metadata, usage diagnostics, and support messages. When a merchant connects Shopify, Zavio requests product and inventory access only and stores the resulting access token so the merchant can sync catalog data.
How we use data
We use data to authenticate users, operate the product, sync merchant-authorized integrations, generate and host proposals, process billing, prevent abuse, improve reliability, provide support, and comply with legal obligations. We do not sell personal data.
Shopify data
For Shopify merchants, Zavio uses Shopify data only to provide the connected catalog and proposal features requested by the merchant. Current Shopify scopes are limited to read_products and read_inventory. Zavio does not request Shopify customer, order, payment, or checkout data for the Shopify catalog connector.
Sub-processors
We use service providers to host the application, store application data and media, send operational email, process payments, monitor reliability, and provide support. These providers process data only as needed to deliver Zavio and are expected to protect it under contractual confidentiality and security obligations.
Retention
We keep account, proposal, catalog, billing, and audit records while a workspace is active and for as long as needed for security, legal, tax, accounting, dispute, and backup purposes. Integration access tokens are removed when a merchant disconnects the integration or when an applicable uninstall/deletion request is processed.
Deletion and uninstall
Merchants can request export or deletion by contacting privacy@zavio.app. For Shopify, Zavio receives and verifies the mandatory privacy webhooks for customer data requests, customer redaction, and shop redaction. Because the Shopify connector does not collect Shopify customer data, customer privacy requests are acknowledged without exporting customer records. Shop redaction requests disconnect the store and remove stored Shopify credentials.
Security
Data is encrypted in transit using HTTPS. Production data access is restricted to authorized personnel and service providers with a business need. We use least-privilege access, operational logging, and application-level controls to reduce unauthorized access risk.
International privacy rights
Depending on location, users may have rights to access, correct, export, delete, restrict, or object to processing of personal data. We support merchant and end-customer privacy requests in line with applicable privacy laws including GDPR-style rights and South African POPIA principles.
Contact
For privacy questions, data requests, or security concerns, contact privacy@zavio.app. We may need to verify your identity or authority before acting on a request.