This Privacy Policy explains what data the Bulk Product Editor app (the "App") for the BigCommerce App Marketplace accesses, stores, and shares. The App is operated by Clockwork Apps ("we", "us"). If you have questions, contact support@clockworkapps.com.
When you install the App on your BigCommerce store, BigCommerce grants the App permission to read and modify your product catalog through the official BigCommerce REST API. Specifically the App can:
The App does not access customer records, order data, payment information, or any part of your store outside the product catalog.
To support previews, scheduled jobs, undo / revert, and activity history, the App persists the following on its own infrastructure:
bcbpe2-undo/{store_hash}/{job_id}.json.gz. This is the
data source for the one-click revert feature.Data is stored in encrypted databases (MySQL) and object storage (Amazon S3), both hosted on AWS. All traffic is encrypted in transit via HTTPS.
The App includes an in-app support form. When you submit it, the optional reply-to email and the message text are delivered to our support inbox (support@clockworkapps.com) via Amazon Simple Email Service (SES). We retain support emails for as long as necessary to answer your question and for a reasonable period afterwards. To request deletion of a support email, reply to the thread.
We do not use analytics SDKs, tracking pixels, or advertising networks in the App.
When you uninstall the App from your BigCommerce admin, BigCommerce notifies us via the uninstall webhook. We mark your store as uninstalled and stop processing scheduled jobs for it. Your job rows, activity logs, OAuth token, and pre-edit snapshots in S3 are retained for up to 30 days after uninstall to support reinstallation, then deleted. The S3 lifecycle policy automatically purges snapshot files older than the retention window.
To request immediate deletion of all your data, email support@clockworkapps.com with your store hash and a brief request. We will delete your records within 30 days and confirm by email.
Under GDPR and CCPA, you may have the right to access, correct, or delete personal data we hold about you. Because the App's data is primarily about your store (an organizational entity) rather than individual personal data, the categories of personal data are narrow — your store-owner email address (when you submit the support form) and limited authentication metadata. To exercise any right, contact support@clockworkapps.com and we will respond within 30 days.
All traffic between your browser, the App, BigCommerce, and Stripe is encrypted in transit via HTTPS. OAuth access tokens and S3 snapshots are stored encrypted at rest. We follow standard security practices for managed databases, network ACLs, least-privilege IAM roles, and server-side encryption on S3. If you become aware of a security issue, please email support@clockworkapps.com.
The App is a business tool for BigCommerce store owners. It is not directed at children under 13 and we do not knowingly collect personal data from children.
We may update this policy. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated through the App Marketplace listing description.
Clockwork Apps
support@clockworkapps.com