Legal

Privacy Policy

Last updated: 27 June 2026

This Privacy Policy explains how LensPath handles personal data when it is installed on a Shopify store and used by that store’s shoppers. We’ve written it to match what the app actually does — nothing more, nothing less.

1. Who we are

LensPath is a Shopify application operated by Noor Al Kawthar Marketing Management LLC, trading as NKM Studio (“LensPath”, “we”, “us”). LensPath adds a prescription-lens configurator, an in-store eye-test booking flow, and a multi-tenant retailer admin panel to a merchant’s Shopify storefront.

For any privacy question, or to exercise the rights described below, contact us at support@lenspath.io.

Note: This Privacy Policy may be referenced by the LensPath listing on the Shopify App Store. It is publicly accessible without logging in.

2. Scope of this policy

This policy covers data processed by the LensPath app itself. It does not cover the merchant’s own Shopify store, Shopify’s platform, or any third-party service the merchant uses outside of LensPath. Merchants are independent data controllers for the personal data of their shoppers; LensPath acts as a processor on the merchant’s behalf for that data.

3. What we collect & why

Merchant / store data

When a merchant installs and configures LensPath, we process operational data needed to run the app, including: the store’s Shopify domain, the store’s locations, lens-pricing configuration, frame-eligibility rules, and app settings. We use this only to provide and operate the app’s features for that store.

Shopper booking data

We collect shopper personal data only when a shopper chooses to request an in-store eye-test booking. In that case we process the details the shopper submits, which may include:

  • their name;
  • their email address and/or phone number (both fields are optional, but at least one is needed so the store can confirm the appointment);
  • the requested appointment time and chosen branch/location; and
  • any notes the shopper adds to the request.

We use this data solely to create the booking, send a booking confirmation, and make the request available to the merchant in the admin panel so the store can fulfil the appointment. If a shopper does not request a booking, LensPath does not collect personal data about them.

4. Payment data

LensPath never collects or stores payment-card data. All subscription billing for the app is handled by Shopify through its standard app-billing system. We do not see, receive, or store card numbers or other payment-instrument details for merchants or shoppers.

5. Subprocessors

We use a small number of trusted service providers (“subprocessors”) to operate the app. Each processes data only as needed to provide its service to us:

SubprocessorPurpose
ShopifyThe commerce platform LensPath runs on; provides app installation, authentication, and billing.
RailwayApplication hosting and database — where LensPath runs and where store and booking data are stored.
ResendTransactional email delivery for booking confirmations.
SentryError and performance monitoring to keep the app reliable.

We do not sell personal data, and we do not share it with third parties for their own marketing.

6. Shopify privacy webhooks

As a Shopify app, LensPath implements the three mandatory privacy/compliance webhooks Shopify requires, and responds to them as follows:

  • customers/data_request — when a shopper asks a merchant for the data held about them, we make available the booking data (if any) associated with that shopper so the merchant can respond.
  • customers/redact — on a redaction request, we delete the booking records that match the shopper’s email address or phone number. Because both fields are optional, we match on whichever identifier(s) the shopper provided.
  • shop/redact — when a store uninstalls LensPath, we purge all data scoped to that shop within the window required by Shopify (currently 48 hours after the request).

7. Your rights & deletion

Depending on where you live, you may have rights to access, correct, or delete your personal data, or to object to or restrict its processing. Because LensPath processes shopper data on a merchant’s behalf, the most direct route is usually to contact the store you interacted with; the merchant can then trigger the Shopify privacy requests described above.

You can also contact us directly at support@lenspath.io. For a deletion request, we remove booking records matching the email address or phone number associated with the request. On app uninstall, all shop-scoped data is purged within the required window.

8. Data retention

We keep merchant configuration and booking data for as long as the merchant has LensPath installed and needs it to operate the app. When a store uninstalls the app, shop-scoped data — including bookings — is purged within the window required by Shopify. Individual booking records are deleted earlier on a valid redaction request as described above.

9. Security

We protect data with industry-standard measures, including encryption in transit (TLS/HTTPS) between shoppers, merchants, LensPath, and our subprocessors. We limit access to personal data to what is needed to operate and support the app, and we monitor for errors and abnormal behaviour. No method of transmission or storage is perfectly secure, but we work to protect your data and to address issues promptly.

10. International transfers

Our subprocessors may process data in countries other than the one where you live. Where data is transferred internationally, we rely on those providers’ contractual and technical safeguards to protect it.

11. Children’s privacy

LensPath is a business tool for eyewear retailers and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided data through a booking, contact us and we will delete it.

12. Changes to this policy

We may update this policy as the app evolves. When we do, we’ll revise the “Last updated” date above. We keep the policy’s promises consistent with how the app actually behaves; if the app’s data handling changes, this policy will be updated to match.

13. Contact us

Questions about this policy or your data? Email support@lenspath.io.

LensPath is operated by Noor Al Kawthar Marketing Management LLC (trading as NKM Studio), registered office: ملك أحمد سهيل بطي محمد العيال، مجمع دبي للاستثمار الثانية، مكتب FF31, Dubai, United Arab Emirates.