Privacy Policy
🔒 PayATH does not collect, store, or process any customer personal data. We only store the merchant configuration needed to display ATH Móvil payment instructions in your Shopify store.
1. What Data We Collect
PayATH stores only the merchant configuration required to display ATH Móvil payment instructions:
- Your ATH Móvil Business path (pATH identifier)
- A QR code image you upload (stored as a data URL)
- Customization settings: button text, colors, and checkout message
- Your Shopify store domain and OAuth access token (required to identify and authenticate your store)
We do not collect customer names, email addresses, phone numbers, payment card data, or order history. No customer personal data passes through or is stored by this app.
2. How We Use Your Data
The configuration data you provide is used exclusively to display the ATH Móvil QR code and payment instructions on your store's checkout thank-you page and cart page. It is not shared with any third parties and is never used for marketing purposes.
3. Data Storage
Merchant configuration is stored in a secured PostgreSQL database hosted by Supabase (supabase.com). All data is encrypted in transit via TLS and encrypted at rest. Access tokens and sensitive values are encrypted using AES-256 before being written to the database.
4. Data Retention
Your configuration data is retained for as long as the app is installed on your store. When you uninstall the app, your data is deactivated immediately and permanently deleted within 30 days, in compliance with Shopify's GDPR mandatory webhook requirements.
5. Your Rights
You may request access to, correction of, or deletion of your merchant data at any time by contacting us at support@payath.app. Uninstalling the app will automatically trigger deletion of all associated data.
6. GDPR Compliance
This app complies with Shopify's GDPR requirements and handles the following mandatory webhooks:
- customers/data_request — We store no customer personal data; there is nothing to report.
- customers/redact — We store no customer personal data; there is nothing to delete.
- shop/redact — All merchant settings are permanently deleted when a store uninstalls the app.
7. Third-Party Services
PayATH uses the following sub-processors to operate the service:
- Supabase (supabase.com) — Database hosting. Privacy Policy
- Vercel (vercel.com) — App hosting and CDN. Privacy Policy
- Shopify (shopify.com) — E-commerce platform. Privacy Policy
This app does not integrate with ATH Móvil's API. PayATH is a display-only tool that shows your QR code and payment instructions. The actual payment is processed directly between your customer and your ATH Móvil Business account.
8. Cookies
The PayATH Shopify app does not use tracking cookies or analytics cookies. The landing page at payath.app uses session-only behavior for the language toggle preference and does not set any persistent cookies.
9. Changes to This Policy
We may update this policy from time to time. Continued use of the app after changes are posted constitutes your acceptance of the revised policy. The "last updated" date at the top of this page reflects the most recent revision.
10. Contact
For privacy questions, data requests, or support, contact us at:
Email: support@payath.app
Developer: Musa Studios
PayATH is developed and maintained by Musa Studios. This app is not affiliated with or endorsed by ATH Móvil®, EVERTEC, Inc., or Popular, Inc.