SpamNest: Contact Form Blocker
Last updated: Jul, 2026
SpamNest: Contact Form Blocker (“SpamNest”, “the App”, “we”, “us”, “our”) is developed and operated by Ecommerce Storez. This Privacy Policy explains what information the App processes when installed on a Shopify store, how that information is used, and the choices available to merchants and their store visitors.
By installing or using SpamNest, you agree to the processing of information as described in this policy.
1. What SpamNest Does
SpamNest analyzes contact form submissions on your storefront to detect and block spam. When a visitor submits your contact form, the submission is checked against spam signals (hidden honeypot fields, submission speed, links, and text patterns). Legitimate messages proceed to you normally through Shopify. Detected spam is blocked and logged in your App dashboard.
SpamNest requests no Shopify API access scopes. It does not read your products, orders, customers, or any other store data.
2. Information We Process
a) Store & Merchant Information
- Store name and myshopify.com domain (required to operate the App and associate your settings and logs with your store)
- Basic session information created by Shopify when you install and open the App
b) Contact Form Submission Data
When a visitor submits a contact form on your storefront, the App processes:
- The email address entered in the form
- The message text entered in the form
- Technical signals used only for spam scoring: whether a hidden honeypot field was filled, and the time elapsed between page load and submission
What we store: Only submissions identified as spam are stored, limited to the submitter’s email address, the first 200 characters of the message, the spam score, and the reasons for the decision. This log exists so you can review what was blocked.
What we do not store: Legitimate (non-spam) submissions are not stored by SpamNest – they pass through to you via Shopify’s normal contact form delivery. We keep only anonymous daily counters (number of messages allowed and blocked).
What we never collect: payment information, passwords, browsing history, or any data from pages other than contact form submissions.
c) Settings You Configure
Your chosen sensitivity level, timing threshold, custom keywords, and allowlist entries are stored to operate the App.
3. How We Use the Information
We use the processed information solely to:
- Score contact form submissions and block spam on your storefront
- Show you statistics and a log of blocked submissions in your dashboard
- Enforce plan limits (e.g., monthly block quota on the free plan)
- Maintain the security and reliability of the App
We do not sell, rent, or trade any data. We do not use submission data for advertising, profiling, or training third-party AI systems. Spam analysis is performed entirely on our own servers with our own rules engine – no submission content is sent to third-party AI or analytics services.
4. Third-Party Services
SpamNest uses a minimal set of providers to operate:
- Shopify – the App runs on Shopify’s platform; plan selection and billing are handled entirely by Shopify. We never see your payment details.
- Cloud hosting infrastructure – the App and its database are hosted on secure servers we operate.
No other third parties receive submission data.
5. Data Retention
- Blocked submission logs and statistics: retained while the App is installed so you can review them. On the free plan, the dashboard displays the most recent 7 days of blocked submissions.
- Settings: retained while the App is installed.
- After uninstall: when you uninstall SpamNest, your store’s data (settings, blocked submission logs, statistics) is deleted from our systems within 30 days, except where a longer period is required by law.
6. GDPR, CCPA & Shopify Mandatory Data Requests
We comply with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Shopify’s mandatory privacy webhooks:
- customers/data_request – if a customer requests their data, we provide the merchant with any blocked-submission records matching that customer.
- customers/redact – if a customer’s data must be deleted, we delete any blocked-submission records containing that customer’s email address.
- shop/redact – when a store uninstalls the App, we delete all of that store’s data as described in Section 5.
Depending on your location, you and your store’s visitors may have rights to access, correct, delete, or restrict processing of personal data. To exercise these rights, contact us at the email below.
7. Data Security
We protect processed data with encryption in transit (HTTPS/TLS), access controls, and secure server infrastructure. Blocked-submission requests between your storefront and our servers are routed and cryptographically signed through Shopify’s app proxy, so requests cannot be forged by third parties. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
8. Merchant Responsibilities
As the merchant, you are the data controller for your store visitors’ personal data. You are responsible for ensuring your own store’s privacy policy discloses the use of third-party tools such as SpamNest where required in your jurisdiction.
9. Children’s Privacy
SpamNest is a business tool intended for merchants. It is not directed at children, and we do not knowingly collect personal information from anyone under 16.
10. International Data Transfers
Our infrastructure may process data in countries other than your own. Where required, we rely on appropriate safeguards for such transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. The “Last updated” date reflects the most recent revision. Material changes will be communicated through the App. Continued use of the App after changes take effect constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or how data is handled, contact us:
Email: easterstracy@gmail.com
