Effective date: 12 July 2026
ID within Upload Field helps Shopify merchants collect customer file uploads on product pages and attach those file details to the cart and order.
Information we collect
When a merchant installs and uses the app, we store:
- The merchant's Shopify shop domain.
- Shopify app session records needed to keep the app installed and authenticated.
- Uploaded file metadata, including original filename, file type, file size, storage key, upload month, and upload time.
- The uploaded file itself, if a customer uploads a file through the storefront block.
We do not request customer, order, product, or theme Admin API access for the current app features.
How we use information
We use this information to:
- Upload and store files selected by customers.
- Show uploaded file names and links in cart, checkout, and order admin.
- Count monthly uploads for free plan and paid plan limits.
- Keep the app working for the merchant's store.
We do not sell uploaded files or merchant data.
File storage
Uploaded files are stored in Cloudflare R2. Files are served through the Shopify app proxy so the merchant and Shopify order admin can open the uploaded file from the order line item.
The app uses Shopify to provide the commerce platform and authentication, Render to host the application and database, and Cloudflare R2 to store uploaded files. These providers process data only as needed to operate the service and under their own security and privacy commitments.
Retention
Uploaded files are retained while the app is installed so merchants can access the file from the relevant order. When Shopify sends a `shop/redact` compliance webhook, the app deletes upload records and stored files for that shop.
Data requests and rights
Customers should normally contact the Shopify merchant that collected their file. Merchants and customers can also contact apps@idwithin.com to request access, correction, or deletion where applicable. We will verify and process requests in line with Shopify's privacy requirements and applicable law.
Security
We use access controls, encrypted HTTPS connections, restricted storage credentials, and data minimisation to protect app data. No internet service can guarantee absolute security.
Contact
For privacy or support questions, contact apps@idwithin.com.