Legal

Privacy Policy

Last updated: January 17, 2026

Strike Media Co., Ltd., operating as GrowStack ("we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Shopify applications.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access our services.

1. Information We Collect

Information You Provide

We collect information you voluntarily provide when using our services, including:

  • Contact information (name, email address) when you contact us or submit forms
  • Shopify store information when you install our applications
  • Communication preferences and feedback you provide

Shopify Store Data

When you install our Shopify applications, we access certain data from your Shopify store through Shopify's API. The specific data we access depends on the application:

  • Products: Product titles, descriptions, prices, cost per item, variants, SKUs, and inventory levels
  • Orders: Order details, line items, payment status, shipping information, and fulfillment data
  • Customers: Customer names, email addresses, shipping addresses, and purchase history (accessed only when necessary for app functionality)

Information Collected Automatically

When you access our website or applications, we may automatically collect:

  • Device information (browser type, operating system, device identifiers)
  • Log data (IP address, access times, pages viewed)
  • Usage information (features used, actions taken within our apps)
  • Performance data to help us improve our services

2. Legal Basis for Processing

Under the Thailand Personal Data Protection Act (PDPA) and other applicable data protection laws, we process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing is necessary to provide our services and fulfill our contractual obligations to you, including operating our Shopify applications and providing customer support.
  • Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, preventing fraud, and ensuring security, provided these interests do not override your rights and freedoms.
  • Consent: Where required by law, we obtain your explicit consent before processing your personal data, particularly for marketing communications and optional features.
  • Legal Obligation: Processing is necessary to comply with legal and regulatory requirements applicable to our business.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our services
  • To process transactions and manage your account
  • To improve and personalize your experience
  • To communicate with you about updates, support, and marketing (with your consent)
  • To detect, prevent, and address technical issues or security threats
  • To comply with legal obligations and protect our rights
  • To analyze usage patterns and improve our applications

4. Shopify Compliance and Data Handling

As a Shopify app developer, we comply with Shopify's API Terms of Service and handle mandatory webhooks for data protection:

  • Customer Data Request (customers/data_request): When a merchant receives a data subject access request from their customer, we respond within 30 days with any customer data we have stored.
  • Customer Data Erasure (customers/redact): When a merchant requests deletion of customer data on behalf of their customer, we delete the relevant data within 30 days.
  • Shop Data Erasure (shop/redact): When a merchant uninstalls our application, we delete all shop data within 30 days of receiving the uninstall notification from Shopify.

In the event of a data breach affecting Shopify merchant data, we will notify Shopify within 24 hours as required by Shopify's Partner Agreement.

5. Data Sharing and Third-Party Services

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our services, including:

  • Shopify: Our applications are built on the Shopify platform and integrate with Shopify's services
  • Hosting providers: For website and application hosting
  • Analytics services: To understand usage patterns and improve our services
  • Communication tools: For customer support and email communications

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. These technologies help us:

  • Remember your preferences and settings
  • Understand how you interact with our website
  • Analyze traffic and usage patterns
  • Provide relevant content and improve our services

You can control cookies through your browser settings. Please note that disabling cookies may affect the functionality of certain features on our website.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Secure development practices

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. When you uninstall our Shopify applications, we will delete or anonymize your data within 30 days, unless we are required to retain it for legal purposes.

9. International Data Transfers

Your information may be transferred to and processed in countries other than Thailand, including the United States and other countries where our service providers operate. These countries may have data protection laws that differ from Thailand.

We take appropriate safeguards to protect your data, including:

  • Using service providers who comply with recognized data protection frameworks
  • Implementing Standard Contractual Clauses where applicable for transfers to third parties
  • Ensuring all data transfers comply with Thailand PDPA requirements

By using our services, you acknowledge and consent to the transfer of your data to countries outside Thailand for processing.

10. Your Rights Under Thailand PDPA

Under the Thailand Personal Data Protection Act (PDPA), you have the following rights regarding your personal information:

  • Right of Access: Request a copy of the personal information we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete information
  • Right to Erasure: Request deletion of your personal information in certain circumstances
  • Right to Data Portability: Request a copy of your data in a structured, commonly used format
  • Right to Object: Object to processing of your personal information for direct marketing or other purposes
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time by contacting us via our Contact Form or by email
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee (PDPC) of Thailand if you believe your data protection rights have been violated

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days as required by the PDPA.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in high risk to the rights and freedoms of individuals, we will:

  • Notify the Personal Data Protection Committee (PDPC) of Thailand within 72 hours of becoming aware of the breach, where feasible
  • Notify affected individuals without undue delay when the breach is likely to result in high risk to their rights and freedoms
  • Notify Shopify within 24 hours of any breach affecting merchant or customer data, as required by Shopify's Partner Agreement
  • Document the breach and remediation actions taken in our internal records

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can take appropriate action.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically for any changes.

14. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our privacy practices, please contact us:

  • Website: Contact Form
  • Company: Strike Media Co., Ltd. (operating as GrowStack)
  • Address: 33/447 M.Bangnavilla Bang-Trad Rd. Bangkaew, Bangplee, Samut Prakan, 10540, Thailand

We will make every effort to respond to your inquiries within 30 days.

← Back to HomeTerms of Service →