Privacy Policy

Who we are

Tocito is operated by Artsiom Kukharenka, Pulawska 24b, Warsaw, Poland. In this policy, "Tocito", "we", "us", and "our" refer to the operator of the Tocito Shopify app.

Effective date: May 30, 2026.

Information we collect

When you install or use Tocito, we collect the minimum information needed to provide and operate the app:

• Your Shopify shop domain.
• Your shop name.
• Your merchant email address and contact email address.
• Installation and uninstall timestamps.
• Shopify session and authentication information required to keep the app connected to your Shopify store.
• Tocito configuration settings, such as table of contents display, layout, styling, excluded blog posts, and custom CSS.
• Information you choose to provide when you contact us for support by email or chat.

Tocito stores app configuration in Shopify app installation metafields and stores app session and merchant contact records in a self-hosted database on a Hetzner server in the European Union.

Information we do not collect

Tocito does not request access to Shopify customer, order, product, or payment data. Tocito does not collect personal information from storefront visitors. The storefront script reads page headings in the visitor's browser to build a table of contents and does not use cookies, local storage, analytics, advertising tracking, or visitor event tracking.

How we use information

We use the information we collect to:

• Install, authenticate, operate, and secure Tocito.
• Load, save, and apply your Tocito settings.
• Show Tocito on your Shopify storefront when enabled.
• Provide support and respond to your requests.
• Send service-related messages about Tocito when necessary.
• Comply with legal obligations and protect our rights.

We do not sell personal information. We do not use merchant or visitor data for advertising, profiling, or automated decision-making.

Sharing and processors

We share information only with service providers that help us run Tocito:

• Shopify, for app installation, authentication, and app data.
• Hetzner, for hosting and database infrastructure.
• Resend, for service email delivery if service emails are sent.
• Crisp, for merchant support chat if you use chat support.

We may also disclose information if required by law, to protect Tocito and our users, or as part of a business transfer.

Data retention

We keep personal information only for as long as needed for the purposes described in this policy. Shopify session records are deleted when Tocito receives an app uninstall webhook from Shopify. Minimal shop and contact records may be retained as needed for support, security, legal compliance, dispute resolution, and business records, unless deletion is required or requested under applicable law.

International processing

Tocito is operated from Poland and hosted in the European Union. Some service providers, including Shopify, Resend, and Crisp, may process information in other countries. Where required, we rely on appropriate safeguards for international transfers.

Security

We use reasonable technical and organizational measures to protect the information processed by Tocito, including encrypted HTTPS connections. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

Your rights

Depending on where you are located, you may have rights to access, correct, delete, restrict, or object to the processing of your personal information. You can make a request by contacting us at [email protected].

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above and, when appropriate, provide additional notice.

Contact us

If you have questions about this Privacy Policy or want to make a privacy request, contact us at [email protected].

You can also use the chat inside Tocito.