1. Who we are
Storebolt is a trading name of Ourfires LTD, a company registered in England and Wales (company number 10271109), with its registered office at 41 Devonshire Street, London W1G 7AJ, United Kingdom ("Storebolt", "we", "us", "our").
You can reach us at support@storebolt.co. This is the only support channel for matters covered by these Terms, alongside the Board provided to active subscribers.
These Terms govern your use of the website at storebolt.co and the Shopify development service we provide on subscription (the "Service").
Acceptance and formation. A binding contract on these Terms is formed when you subscribe to a Plan and we accept your subscription, whether by confirming it to you or by starting work on your first Card, whichever happens first. By subscribing you confirm that you have read and accept these Terms, and that you are entering into them in the course of your business (see clause 2A).
1A. Definitions
In these Terms, unless the context requires otherwise:
- "We", "us", "our", and "Storebolt" mean Ourfires LTD, a company registered in England and Wales with company number 10271109, whose registered office is at 41 Devonshire Street, London W1G 7AJ, trading as Storebolt.
- "You", "your", and "Customer" mean the business that subscribes to the Service.
- "Service" means the subscription-based Shopify design and development service we provide, as described in these Terms and at storebolt.co.
- "Subscription" means your current paid plan for the Service.
- "Plan" means the subscription tier you are on, being Basic or Double-velocity, as described at storebolt.co/pricing.
- "Card" means a single request for work that you submit through your Board.
- "Active Card" means a Card that is currently being worked on. The number of Active Cards you may have at any one time is limited by your Plan (one for Basic, two for Double-velocity).
- "Queue" means the Cards you have submitted that are waiting to be worked on.
- "Board" means the online task-management board we provide for your Subscription — currently provided using Trello — or any successor tool we designate with equivalent function.
- "Payment Processor" means the third-party payment provider we use to take payment and manage subscriptions, currently Stripe.
- "Revision" means a request to change a delivered Card that stays within the original scope of that Card as filed. A request that goes beyond that original scope is a new Card.
- "Deliverables" has the meaning given in clause 12.
- "Pre-Existing Materials" has the meaning given in clause 12.
- "Third-Party Materials" has the meaning given in clause 12.
- "Business Day" means a day other than a Saturday, Sunday, or public holiday in England and Wales.
- "Data Protection Laws", "controller", "processor", and "personal data" have the meanings given in Schedule 1.
2. What the Service is
Storebolt is a productized, async-only, subscription Shopify development service. When you subscribe, we create a private Board for your subscription. You file tasks as Cards on that Board; we triage and deliver them within the service levels set out in clause 7. There are no calls, meetings, screen-shares, or scheduled syncs of any kind. All work is conducted asynchronously through Card comments on the Board.
The Service is intended for ongoing Shopify development and maintenance, not emergencies. We do not offer urgent or time-critical turnaround.
2A. Business customers only
2A.1 The Service is offered and supplied only to customers acting in the course of a business, trade, craft, or profession. By subscribing, you confirm and warrant that you are entering into these Terms wholly or mainly for the purposes of your business and not as a consumer.
2A.2 You acknowledge that, on the basis of the confirmation in clause 2A.1, the statutory rights and protections that apply only to consumers, including the cancellation and cooling-off rights under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 and the consumer provisions of the Consumer Rights Act 2015, do not apply to these Terms.
2A.3 We rely on the confirmation in clause 2A.1 in agreeing to provide the Service and in setting our prices, service levels, and these Terms. If you cannot give that confirmation, you must not subscribe.
3. Scope of work
3.1 In scope
We handle work on your own Shopify store, including: theme work and customizations; feature builds at the Shopify theme or app-configuration layer; bug fixes where the root cause is in your theme code or app configuration; third-party Shopify app integration and migration; performance optimization; conversion-related development work; custom Liquid, JavaScript, CSS, and theme-extension work; webhook and Shopify API integration with external services you already use; checkout customization within Shopify Plus or Shopify Functions limits; Shopify-side email-template work; and routine maintenance.
3.2 Out of scope
The Service does not include: design work of any kind (logo, brand identity, visual direction, illustration, photo retouching); strategy or consulting; migrations off Shopify; custom standalone Shopify apps built for distribution on the public Shopify App Store; marketing, SEO, advertising, content writing, or copywriting; hosting and domain management beyond standard Shopify configuration; work on any property other than your own Shopify store; and calls, meetings, scheduled sync sessions, or screen-shares of any duration with any party.
3.3 Gray-area work
Certain work is handled by rule rather than case-by-case: large feature builds (over an estimated 15 hours) are broken into multiple sequential Cards in your Queue; migrations to Shopify are in scope only where bounded; investigation of third-party-app and payment-gateway issues is in scope, but coordination with third-party vendors or gateway providers is not; and email-platform integration is in scope on the Shopify side only. We document the applied rule in the relevant Card comment on the Board.
3.4 Scope is at our discretion
We decide at our sole discretion whether any request falls within scope, and we may decline, pause, re-prioritise, or archive any Card, including where a request is out of scope, unclear, unlawful, infringing, or beyond what the Service is intended to cover. Our decision is final and we are not liable for it.
3.5 Estimates
Any indication we give of the time, effort, or sequence for a task is an estimate given for guidance only. It is not binding and is not a commitment to a deadline.
4. Subscription, tiers, and pricing
The Service is offered on a monthly subscription in two tiers:
| Tier | Monthly price | Active Cards | First response | Typical delivery | Revisions |
|---|---|---|---|---|---|
| Basic | $1,990 | 1 at a time | within 1 Business Day | ~3 Business Days | Unlimited (in scope) |
| Double-velocity | $3,500 | 2 at a time | within 1 Business Day | ~2 Business Days | Unlimited (in scope) |
Subscriptions are billed monthly in advance through our Payment Processor. Payment is taken at checkout and on each subsequent billing date until cancelled.
4.1 All prices are stated exclusive of VAT and of any other tax, duty, levy, or withholding. Where VAT or any similar tax applies, we add it at the applicable rate and you must pay it in addition to the price. You are responsible for any tax, duty, or withholding imposed in your own jurisdiction, and all sums payable to us are paid free and clear of, and without deduction for, any such amount.
4.2 You must pay all amounts in full without set-off, counterclaim, deduction, or withholding, except as required by law.
4.3 If you are a business outside the United Kingdom, you must provide accurate business details and, where applicable, a valid VAT or equivalent registration number, so that we can determine the correct VAT treatment. Where the supply is outside the scope of UK VAT under the place-of-supply rules, you are responsible for accounting for any VAT due in your own jurisdiction under the reverse charge or equivalent mechanism.
5. Revisions and Queue
Each Card includes unlimited Revisions: we keep working on a delivered Card until you approve it. A Revision must stay within the original scope of the Card as filed (see the definition in clause 1A); a request that goes beyond that scope is a new Card in your Queue. While a Card is in Revision it remains your Active Card and the rest of your Queue waits — that is the structural trade of unlimited Revisions. Queue order is set by the priority you assign to each Card plus the order in which Cards are created; we do not reorder your Queue. On Basic, one Card is worked at a time; on Double-velocity, up to two.
If you do not review a Card we have marked for review within 5 Business Days, it is automatically treated as approved and moved to Done.
6. Your responsibilities
To use the Service you must: maintain an active Shopify store that you own and are authorized to grant access to; grant us the collaborator access to your Shopify admin needed to perform the work; file tasks through your Board with the required information (title, affected URL, expected outcome, current behavior, priority, and screenshots where the issue is visual); and respond to requests for missing information.
6.1 Backups. You are solely responsible for maintaining current, complete, and tested backups of your store, theme, content, data, and configuration. We are not liable for any loss of or damage to your store, theme, content, data, or configuration, however caused.
6.2 Reliance on you. We rely on the access, information, content, and instructions you provide. We are not responsible for any delay, defect, or loss arising from: (a) inaccurate, incomplete, or late information or instructions; (b) changes made by you or any third party; (c) the work of other developers or agencies; (d) defects or issues in your store that existed before we began work; or (e) any third-party app, theme, or service.
6.3 Access and approvals. You are responsible for granting and maintaining the access we need, and for promptly revoking it after off-boarding. A Card we have marked for review is treated as approved if you do not respond within 5 Business Days, as set out in clause 5 (the same trigger, not a separate one). The service-level clock does not start, and pauses, while a Card is incomplete or awaiting information or access from you.
7. Service levels
| Metric | Basic | Double-velocity |
|---|---|---|
| First response (triage of a new Card) | within 1 Business Day | within 1 Business Day |
| Average delivery (typical Card) | 3 Business Days | 2 Business Days |
| Maximum delivery | 5 Business Days | 3 Business Days |
References to times are to UK time (BST/GMT). Cards filed after 17:00 UK time count from the next Business Day. ("Business Day" is defined in clause 1A.)
7.1 Targets, not guarantees. All response and delivery times we state are targets we pursue on a reasonable-endeavours basis. They are not guarantees, conditions, or warranties, and time is not of the essence.
7.2 Sole remedy. If we miss a stated delivery target for a Card, your sole and exclusive remedy is a service credit, with all credits in a billing cycle capped, in aggregate, at 25% of that cycle's monthly fee, however many targets are missed.
7.3 Nature of credits. Service credits are account credits applied to future fees only. They are not cash, are non-refundable, cannot be exchanged for money, and expire on cancellation or termination.
7.4 Clock pauses. The service-level clock pauses while a Card is awaiting your response — for example, when a Card needs more information, is awaiting your review, or you have asked us to hold it. Paused time is not counted.
8. Pause
You may pause your subscription for one calendar month at a time through the Payment Processor's customer portal, and there is no limit on how many times you may pause. While paused, no new Cards are accepted; Cards already in progress are finished, and Cards not yet started wait. Billing pauses for the pause period and resumes automatically at the end of the pause month. Pauses take effect at the next billing cycle; there is no mid-cycle pro-rating.
Pausing affects your price. Pausing breaks the continuity that holds your price under clause 17.2. If you pause, our then-current pricing will apply when you resume, and that becomes your new held rate (see clause 17.3).
9. Cancellation
You may cancel at any time through the Payment Processor's customer portal. There is no notice period and no exit interview. Cancellation takes effect at the end of your current billing period.
9.1 No refunds on cancellation. Fees already paid are non-refundable and we do not provide pro-rata refunds for the unused portion of a billing period. On cancellation we will complete only the Card actively in progress at the date of cancellation. Cards in the Queue that have not been started are not guaranteed and will not be carried out.
10. Money-back guarantee
10.1 Notwithstanding clause 9.1, the guarantee in this clause 10 is offered voluntarily. As the Service is supplied to business customers (see clause 2A), you have no statutory cancellation or cooling-off right, and this guarantee is the only right of its kind that applies.
10.2 The guarantee window runs from the start of your first billing period until the earlier of (a) the end of the 7th calendar day, or (b) the moment you file your third Card — that is, it is available only while you are within your first 7 days and have filed no more than two Cards. If you request a refund within the guarantee window — by email to support@storebolt.co — we refund that period's fee in full; the refund is unconditional once the conditions in this clause 10.2 are met. The guarantee is your sole and entire remedy for dissatisfaction in that window. It applies once only and to the first billing period only. It does not apply to renewals, later periods, or any subscription after a cancellation and resubscription.
11. Off-boarding
We will use reasonable endeavours to provide, on request at the end of the Service, an export of the Deliverables and your Board that we hold. Any export is provided as-is, with no warranty. Work already delivered remains in your Shopify store, and we revoke our collaborator access to your Shopify admin. We will retain the archived Board and associated materials for 90 days after the Service ends, after which we may delete them — or earlier where you instruct deletion under Schedule 1, paragraph 11. You are responsible for taking your own copies within that period.
12. Intellectual property
12.1 Definitions. "Deliverables" means the code, configuration, and other work product we create specifically for you and deliver through the Service. "Pre-Existing Materials" means anything we own or license that exists independently of the Service or is developed outside it, including our tools, libraries, frameworks, snippets, templates, methods, know-how, and reusable components. "Third-Party Materials" means any third-party or open-source code, libraries, apps, fonts, or assets incorporated into or used to produce the Deliverables.
12.2 Ownership of Deliverables. Subject to full payment of all sums due to us, we assign to you on delivery the intellectual property rights in the Deliverables created specifically for you, excluding any Pre-Existing Materials and Third-Party Materials. Until all sums due have been paid in full, all rights in the Deliverables remain with us, you have no licence to use them, and we may require you to cease using and to remove them.
12.3 Pre-Existing Materials. We retain all rights in our Pre-Existing Materials. To the extent any Pre-Existing Materials are embedded in, or are necessary to use, the Deliverables, we grant you a non-exclusive, worldwide, non-transferable licence to use them solely as part of the Deliverables and solely to operate your own Shopify store. We may freely use and reuse our Pre-Existing Materials, and the general skills, techniques, methods, and know-how we develop or apply, for any purpose, including for other customers.
12.4 Third-Party Materials. Third-Party Materials are provided subject to their own licence terms, and your use of them is governed by those terms. We give no warranty or indemnity in respect of Third-Party Materials, and you are responsible for complying with, and for any fees payable under, their licences.
12.5 Your materials. You retain ownership of the materials, content, and data you provide. You grant us a non-exclusive licence to use them as needed to provide the Service. You warrant that you own or are licensed to use everything you provide to us, and that our use of it as instructed will not infringe any third party's rights.
12.6 No IP indemnity from us. We do not indemnify you against any claim that the Deliverables or their use infringe a third party's rights. Your remedy in respect of the Deliverables is limited as set out in clause 15.
13. Acceptable use
We may decline, suspend, or terminate any request, Card, or the Service at our sole discretion where a request is out of scope, unlawful, infringing, abusive, or contrary to these Terms. We are not liable for doing so and no refund is due. In particular, you may not use the Service to ask us to work on stores or properties you do not own or are not authorized to modify, or to carry out anything unlawful.
14. Communication
The only channels for the Service are your Board (Card comments) and email for billing, onboarding, and off-boarding. We do not provide support by phone, video, chat platforms, social media, or any other channel. A request to communicate through another channel does not create an obligation on us to do so.
15. Warranties and liability
15.1 Our warranty. We warrant that we will provide the Service with reasonable skill and care. We do not warrant that the Service or the Deliverables will be uninterrupted, error-free, secure, or fit for any particular purpose, and we do not warrant any specific result, performance improvement, conversion, revenue, traffic, or ranking outcome.
15.2 Exclusion of other terms. Except as expressly set out in these Terms, all terms, conditions, warranties, and representations, whether express or implied by statute, common law, or otherwise, are excluded to the fullest extent permitted by law.
15.3 Excluded loss. We are not liable, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any: (a) loss of profit, revenue, sales, or business; (b) loss of or damage to goodwill or reputation; (c) loss of anticipated savings; (d) loss of or corruption of data; (e) loss arising from store downtime, lost sales, or interrupted trading; or (f) indirect, consequential, or special loss. This applies even if the loss was foreseeable and even if we had been advised of its possibility.
15.4 Cap on liability. Subject to clause 15.6, our total aggregate liability arising out of or in connection with these Terms and the Service, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, is limited to the total fees paid by you to us in the 3 months immediately before the event giving rise to the claim.
15.5 Matters we are not responsible for. Without limiting clause 15.3, we are not liable for any loss or damage arising from: (a) your failure to maintain current backups of your store and theme; (b) inaccurate, incomplete, or late information or instructions from you; (c) changes made by you or by any third party to your store, theme, apps, or configuration; (d) defects or issues that existed before we began work; (e) the acts, omissions, downtime, changes, pricing, or account decisions of Shopify, the Board provider, the Payment Processor, or any third-party app or service; or (f) Third-Party Materials.
15.6 Liability we do not exclude. Nothing in these Terms excludes or limits our liability for: (a) death or personal injury caused by our negligence; (b) fraud or fraudulent misrepresentation; or (c) any other liability that cannot lawfully be excluded or limited. Where this clause 15.6 applies, the other limits in this clause 15 do not apply to that liability.
15.7 Time limit for claims. You must bring any claim arising out of or in connection with these Terms or the Service within 6 months of the date you became aware, or should reasonably have become aware, of the circumstances giving rise to it. After that period the claim is barred to the fullest extent permitted by law.
15.8 Allocation of risk. The limits and exclusions in this clause 15 reflect the subscription nature and price of the Service and the agreed allocation of risk between us, including your responsibility for backups and for your own store. They apply to the fullest extent permitted by law, and each is severable from the others.
16. Confidentiality and data
16.1 Roles. For any personal data contained in your store or provided to us, you are the controller and we act as your processor. You are solely responsible for the lawful basis, notices, and consents required for that personal data, and for its accuracy and lawfulness.
16.2 Our processing. We process personal data only to provide the Service and on your documented instructions, except where the law requires otherwise.
16.3 Sub-processors. You consent to our use of sub-processors to provide the Service, as listed in Annex 3 of Schedule 1, and to the processing of personal data by them.
16.4 Your compliance. You indemnify us against any claim, fine, or loss arising from your breach of data protection law, or from personal data you provide or instruct us to process. (This sits alongside, and is not limited by, your general indemnity in clause 19.)
16.5 Processor terms. The detailed processing terms required by Article 28 of the UK GDPR are set out in Schedule 1 (Data Processing Agreement), which forms part of these Terms. In the event of conflict between Schedule 1 and the rest of the Terms on a data-protection matter, Schedule 1 prevails, except that clause 15 (Warranties and liability) continues to apply to all claims, including those under Schedule 1.
We also handle your store data and credentials as confidential and use them only to provide the Service. Our broader handling of personal data is described in our Privacy Policy.
16A. Portfolio and publicity
We may identify you as a customer of Storebolt, and may show the Deliverables, screenshots of your store, and a general description of the work we did, in our portfolio, case studies, and marketing, including on our website and social channels. In doing so we will not disclose any information you have marked as confidential, or any personal data of your customers — before using any screenshot or Deliverable in marketing, we remove or mask any personal data of your customers visible in it (for example, names on order pages or in reviews). If you would prefer we did not do this, tell us in writing at support@storebolt.co and we will stop using your name and work in new marketing. This clause survives termination (see clause 18.4).
17. Pricing changes
17.1 General. We may change our prices at any time on at least 30 days' written notice, including by email or by notice on your Board. A price change applies to new subscriptions and to any customer whose continuity has broken under clause 17.3. It does not affect the held rate of a continuously subscribed customer under clause 17.2. This clause 17 governs price and prevails over the general variation right in the "Changes to these Terms" clause to the extent of any conflict about price.
17.2 Your held rate. The monthly fee for the Plan you are on is held at the rate you started on for as long as your subscription remains continuous. We will not increase that fee while your subscription is continuous.
17.3 What breaks continuity. Your subscription is continuous unless you cancel it, pause it under clause 8, it lapses for non-payment, or we terminate it. If your continuity breaks and you later resume or resubscribe, our then-current pricing applies and becomes your new held rate.
17.4 Scope of the hold. The held rate applies only to the Plan you are on. If you move to a different Plan, or add Cards or add-ons, the then-current price for that Plan or add-on applies, and that becomes your held rate for it while you remain continuous. The hold does not apply to VAT or other taxes, or to any third-party charges, which may change independently.
17.5 If a change affects you. Where a price change does apply to you under clause 17.1, your only remedy if you do not agree is to cancel before it takes effect, in accordance with clause 9. Continuing to use the Service after it takes effect is acceptance of the new price. (Because a price change cannot affect the held rate of a continuously subscribed customer, this clause bites only where your continuity has broken — for example on resuming or resubscribing under clause 17.3 — or where you move to a different Plan or add-on under clause 17.4.)
18. Suspension and termination by us
18.1 Termination for cause. We may suspend or terminate the Service and these Terms immediately, on written notice, if you: (a) fail to pay any sum when due (subject to clause 18.2, which governs suspension and termination for non-payment and failed charges); (b) breach these Terms and, where the breach can be remedied, fail to remedy it within a reasonable period after we ask you to; (c) use or attempt to use the Service in a way that is unlawful, abusive, or outside scope; (d) ask us to work on a store or property you do not own or are not authorised to modify; or (e) become insolvent, enter any insolvency or analogous process, or cease or threaten to cease trading.
18.2 Non-payment and failed charges. If a payment fails or is not made when due, the service-level clock pauses immediately, no new Cards are started, and we may suspend the Service immediately. We may terminate it if the overdue sum remains unpaid 10 days after suspension. You remain liable for all fees accrued up to termination. We may charge interest and recover reasonable recovery costs on overdue sums under the Late Payment of Commercial Debts (Interest) Act 1998.
18.3 Effect of termination by us. On termination under this clause, work stops immediately — including on any in-progress Card — and you are not entitled to any refund or credit, including any unused portion of the current billing period and any accrued service credits. Any licence granted to you in respect of unpaid Deliverables ends immediately.
18.4 Survival. Clauses on intellectual property, liability, your indemnity, confidentiality and data, portfolio and publicity (clause 16A), governing law, and any other clause intended to survive, continue in force after termination.
19. Your indemnity
19.1 You indemnify us, and keep us indemnified, on demand against all losses, liabilities, damages, costs, claims, demands, and expenses (including reasonable legal fees) that we incur or suffer arising out of or in connection with: (a) your instructions, content, materials, or data; (b) your use of the Deliverables; (c) any actual or alleged infringement of a third party's intellectual property or other rights by anything you provide or instruct; (d) your breach of these Terms; (e) your breach of any applicable law, including data protection law; or (f) any work we carry out on a store or property that you did not own or were not authorised to modify.
19.2 This indemnity is not subject to the cap or the exclusions in clause 15.
20. Third-party platforms
20.1 The Service depends on third-party platforms, including Shopify, the Board provider (currently Trello), and the Payment Processor (currently Stripe), and on third-party apps and themes. We do not control them and are not responsible for their availability, performance, changes, pricing, security, or any action they take on your account.
20.2 You are responsible for maintaining your own Shopify plan and any third-party app or service subscriptions the Deliverables require. We are not liable for any loss arising from your failure to do so, or from a third party's acts or omissions.
21. Force majeure
We are not liable for any delay or failure to perform caused by events outside our reasonable control, including failures of third-party platforms or infrastructure, illness, internet or power failures, and acts of government. While such an event continues, our obligations are suspended and the service-level clock pauses.
22. Entire agreement and non-reliance
These Terms, together with your order and any document expressly incorporated, are the entire agreement between us and supersede all prior discussions, proposals, and representations, including anything said in Board comments, email, or marketing. You confirm you have not relied on any statement, representation, or assurance that is not set out in these Terms. Nothing in this clause limits liability for fraud or fraudulent misrepresentation.
23. Severability
If any provision of these Terms is or becomes invalid or unenforceable, it is severed or modified to the minimum extent necessary, and the rest of the Terms remain in full force.
24. Waiver
A failure or delay in exercising any right under these Terms is not a waiver of it, and no single or partial exercise prevents any further exercise.
25. Assignment and subcontracting
We may assign, transfer, subcontract, or otherwise deal with any of our rights or obligations under these Terms, and we may subcontract any part of the Service. Where a subcontractor processes personal data on your behalf, it is a Sub-processor, and the sub-processor provisions of Schedule 1 (including the notice and objection mechanism in paragraph 6 and listing in Annex 3) apply to its engagement — this clause does not bypass them. You may not assign or transfer any of your rights or obligations without our prior written consent.
26. No third-party rights
These Terms do not give rise to any rights under the Contracts (Rights of Third Parties) Act 1999 to any person who is not a party to them.
27. Notices
Notices to us must be sent to support@storebolt.co. Notices to you may be sent to the email address on your account or posted in your Board. A notice is treated as received at the time of sending if sent during business hours (taken as 09:00 to 17:00 UK time) on a Business Day, and otherwise at the start of the next Business Day — provided, for notices sent by email, the sender does not receive a failed-delivery message. A notice posted in your Board is deemed received under the same business-hours rule. This applies in particular to notices with legal consequences, such as termination notices under clause 18 and change or price-change notices under clauses 17 and 28.
28. Changes to these Terms
We may update these Terms at any time. We will give you at least 30 days' notice of any change by email to the address on your account, and we may also post the updated version at storebolt.co/terms. The change takes effect when the notice period ends.
If you do not agree to a change, your only remedy is to cancel before it takes effect, in accordance with clause 9. Continuing to use the Service after it takes effect is acceptance of the updated Terms.
Price changes are governed by clause 17 and not by this clause. This clause does not allow us to change clause 17, or otherwise to reduce the price protection of a customer who is then continuously subscribed, to that customer's disadvantage.
29. Governing law and jurisdiction
These Terms, and any dispute or claim arising out of or in connection with them, their subject matter, or their formation (including non-contractual disputes or claims), are governed by and construed in accordance with the law of England and Wales. The courts of England and Wales have exclusive jurisdiction to settle any such dispute or claim.
30. Contact
Questions about these Terms: support@storebolt.co.
Ourfires LTD, 41 Devonshire Street, London W1G 7AJ, United Kingdom. Company number 10271109.
Schedule 1 — Data Processing Agreement
This Schedule forms part of the Terms and applies wherever we process personal data on your behalf in providing the Service. It is the processor agreement required by Article 28 of the UK GDPR. In the event of conflict between this Schedule and the rest of the Terms on a data-protection matter, this Schedule prevails, except that clause 15 (Warranties and liability) continues to apply to all claims, including those under this Schedule.
1. Definitions. "Controller", "processor", "personal data", "process", "data subject", "personal data breach", and "supervisory authority" have the meanings given in the UK GDPR. "Data Protection Laws" means the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003, each as amended or replaced. "UK GDPR" means the retained EU General Data Protection Regulation as it forms part of UK law. "Sub-processor" means any processor we engage to process personal data on your behalf.
2. Roles. You are the controller and we are the processor in respect of the personal data we process to provide the Service. Where you are yourself a processor acting for your own customers, you are the processor and we are your sub-processor, and you warrant that you have all necessary authority and instructions from the relevant controller to engage us on these terms. Each party complies with its own obligations under Data Protection Laws.
3. Our processing. We process personal data only: (a) to provide the Service and as described in Annex 1; (b) on your documented instructions, including in relation to transfers, unless required to do otherwise by law (in which case we will tell you before processing, unless the law prohibits this) — these Terms and your ordinary use of the Service are your initial documented instructions; and (c) we will inform you if, in our opinion, an instruction infringes Data Protection Laws, though we are under no obligation to give legal advice or to review the lawfulness of your instructions.
4. Confidentiality. We ensure that persons authorised to process the personal data are bound by an appropriate duty of confidentiality.
5. Security. We implement appropriate technical and organisational measures to protect personal data, as described in Annex 2, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and risk of the processing. You are responsible for assessing whether those measures are appropriate for your data, and for the security of anything within your control, including your account credentials and the access you grant us.
6. Sub-processors. (a) You give general authorisation for us to engage sub-processors. Our current sub-processors are listed in Annex 3. (b) We impose data-protection terms on each sub-processor that are materially no less protective than this Schedule, and we remain responsible for their performance of those obligations, subject to clause 15 of the Terms. (c) We will give you at least 14 days' notice of any intended addition or replacement of a sub-processor. You may object on reasonable data-protection grounds within that period. If we cannot resolve a reasonable objection, your sole remedy is to terminate the affected Service in accordance with clause 9, and no refund is due except as clause 9 provides.
7. Data subject requests. Taking into account the nature of the processing, we assist you by appropriate technical and organisational measures, so far as reasonably possible, to respond to requests by data subjects exercising their rights. If such a request comes to us directly, we forward it to you and do not respond except on your instructions. We may charge our reasonable costs for assistance beyond minimal effort.
8. Personal data breach. We notify you without undue delay after becoming aware of a personal data breach affecting personal data we process for you, and provide information reasonably available to us to help you meet your own obligations. Such notification is not an acknowledgement or admission of fault or liability.
9. Data protection impact assessments. Taking into account the nature of the processing and the information available to us, we provide reasonable assistance with data protection impact assessments and prior consultation under Articles 35 and 36 of the UK GDPR. We may charge our reasonable costs for this assistance.
10. International transfers. Where providing the Service involves transferring personal data outside the UK, including via sub-processors such as those in Annex 3, we ensure an appropriate transfer mechanism is in place, such as the UK Addendum to the EU Standard Contractual Clauses, the International Data Transfer Agreement, or reliance on UK adequacy regulations or a data bridge.
11. Deletion and return. On the end of the relevant Service, we delete or return the personal data at your choice, and delete existing copies, unless we are required to retain it by law. Absent an instruction from you, we retain the archived Board and associated materials for the 90-day period described in clause 11 of the Terms and then delete them. If you instruct earlier deletion or return, we will honour that instruction, subject only to personal data we are required by law to retain; you should export anything you need before deletion.
12. Audit and information. We make available to you information reasonably necessary to demonstrate compliance with this Schedule. You may audit no more than once in any 12-month period, on at least 30 days' written notice, during business hours, subject to confidentiality, and at your own cost. We may satisfy an audit request by providing existing documentation or relevant third-party certifications rather than by permitting an on-site inspection.
13. Liability. Our liability arising out of or in connection with this Schedule is subject to clause 15 (Warranties and liability) of the Terms, including the cap and the exclusions, save for the matters that cannot be limited by law.
14. Term. This Schedule applies for as long as we process personal data on your behalf.
Annex 1 — Details of the processing
- Subject matter: provision of the Service (Shopify store development, configuration, and related work).
- Duration: the term of the relevant Service, plus the retention periods set out in the Terms and this Schedule.
- Nature and purpose: accessing, configuring, and modifying your Shopify store and connected systems to deliver the Service, including any work described on your Board.
- Types of personal data: personal data contained in your Shopify store, such as your end-customers' names, contact details, addresses, and order information; and the contact details of your own staff or representatives (via the Board and email).
- Categories of data subjects: your customers (the end-customers of your store), your staff or representatives, and visitors to your store.
- Special-category data: none is expected or scoped for. You must not instruct us to process special-category personal data (UK GDPR Article 9) or criminal-offence data without our prior written agreement; the Annex 2 measures are not scoped for it.
Annex 2 — Technical and organisational measures
- Access to client stores and systems on a least-privilege basis, limited to what is needed to deliver the Service.
- Unique individual credentials, with multi-factor authentication enabled where the platform supports it.
- Encryption of personal data in transit.
- Admin access to client stores that is time-bound where practical and revoked promptly on off-boarding or when no longer needed.
- Use of reputable, access-controlled tools for work and storage.
- Due diligence on sub-processors before engaging them.
Annex 3 — Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Atlassian, Inc. (Trello) | Project and task management | USA |
| Stripe, Inc. | Payment processing and billing | USA / Ireland |
| Vercel Inc. | Website hosting (storebolt.co) | USA |
| Plus Five Five, Inc. (trading as Resend) | Transactional / notification email | USA |
| PostHog, Inc. | Website analytics on storebolt.co | EU (Frankfurt — PostHog EU Cloud) |
Shopify is deliberately not listed: it is your own platform — your processor, not ours. We access personal data inside your Shopify store as your processor under this Schedule, and your own agreement with Shopify governs Shopify's processing and where your store is hosted. Ahrefs is likewise not listed: it is used for SEO research against public web data only, does not process your or your customers' personal data, and no Ahrefs script runs on storebolt.co.