Data Deletion
Summary (TL;DR)
- You can request deletion of all data Nimble holds about you at any time.
- Two paths: uninstall the Nimble Shopify app (automatic), or email security@nimblevc.com.
- SLA: deletion within 30 days. Encrypted backups purge on a 30-day rolling cycle.
- Every piece of data Nimble holds is private to your store, encrypted at rest, and never shared outside the service providers we use to operate the app (see Privacy Policy § 6).
1. What this page covers
This page describes how to request deletion of data Nimble holds about you. Today, that data is tied to your Shopify store via the Nimble Shopify app. The same principles apply to any future integrations Nimble adds: every piece of data stays private to your store, secure, and deletable on request.
2. What gets deleted when you uninstall the app
When you uninstall the Nimble Shopify app from your Shopify admin:
- Shopify sends Nimble an
app/uninstalledwebhook within minutes - We mark your brand as inactive immediately, and OAuth tokens are invalidated
- Shopify also sends a
shop/redactwebhook within 48 hours per Shopify's GDPR webhook spec - On
shop/redact, we delete your stored credentials, brand context, and all derived data within 30 days - Encrypted backups containing deleted data purge on a 30-day rolling cycle
For the full list of Shopify-tied data we collect, see Privacy Policy § 3.
3. Email deletion request
If you want manual confirmation of deletion, or if you want to delete data without uninstalling the app, email security@nimblevc.com with the subject line "Data deletion request" and include:
- Your Shopify store domain (e.g.,
brandname.myshopify.com) - The specific data you want deleted, or "all data Nimble holds about me"
We respond within 7 days and complete deletion within 30 days. If we cannot verify your identity (e.g., the request comes from an email not associated with the Shopify store), we will ask for additional verification before proceeding.
4. What gets deleted vs. what we retain
| Data | Deleted? | Notes |
|---|---|---|
| Shopify access token | Yes (immediately on uninstall) | Invalidated within minutes of app/uninstalled webhook |
| Shopify product, page, blog, theme, and file data | Yes (within 30 days) | On shop/redact webhook |
| Brand context you provided | Yes (within 30 days) | Includes target audiences, claims, and language rules |
| Generated content drafts (in Nimble's database) | Yes (within 30 days) | Drafts already published to your Shopify blog stay in your Shopify store; Nimble's local copy is deleted |
| Encrypted backups | Purge on 30-day rolling cycle | Maximum 30-day retention post-deletion |
| Aggregate non-identifying metrics | Retained | Counts of content generated and error rates; cannot be linked back to you or your store |
| Operational logs (request logs) | 30-day rolling deletion | Shop domain, endpoint, status, timestamp; no body content |
5. Confirming deletion
Once deletion completes (within 30 days), we send a confirmation email to the address that initiated the request. If you used the self-service uninstall path (§ 2), you can verify deletion by:
- Re-installing the Nimble Shopify app: your prior brand context will not appear, and you'll start fresh
- Emailing security@nimblevc.com for a deletion-completion attestation
6. Limits on deletion
We may retain limited information after a deletion request when required by law or for legitimate operational reasons:
- Tax and accounting records (subscription billing history), retained per applicable tax law
- Records related to legal proceedings, subpoenas, or court orders
- Anonymized aggregate metrics (cannot be linked back to you), used for service improvement
If we are legally required to retain data and cannot delete it on request, we will notify you of the legal basis and the expected retention period.
7. Future integrations
If Nimble adds new third-party integrations (advertising platforms, email service providers, analytics tools, and so on), the same data-deletion principles apply: every piece of data is private to your store, encrypted at rest, and deletable within 30 days of your request. We will update this page with specific deletion paths for each integration when it launches.
8. Questions
For data deletion questions or to escalate a deletion request:
- Privacy contact: help@nimblevc.com
- Security contact: security@nimblevc.com
For broader context on data we collect, see Privacy Policy. For the terms governing your use of Nimble, see Terms of Use.