Privacy Policy

1. Shopify API Scopes

To provide its functionality, the App requests the following Shopify API scopes:

• write_themes
• read_publications
• read_orders
• read_all_orders
• write_products
• write_customers
• write_discounts
• write_gift_cards
• unauthenticated_read_product_listings
• customer_read_customers

2. Information We Collect

We may collect and process the following data obtained via Shopify APIs and through the use of the App.

Store Data

• Store details: store name, domain(s), timezone, currency, money format, country, contact email, contact phone number, shop owner name, store plan display name.
• Customers
• Orders
• Discount codes and automatic discounts
• Sales channels

Customer Data

Depending on your configuration of the App, we may process:

• Customer details: id, name, email, email_verified, birthday (YYYY-MM-DD), order_count, total_spent, tags, created_at.
• Customer order details: id, customer_id, order name (e.g. #1234), total_amount, refunded_amount, payment_status, fulfillment_status, created_at.
• Customer loyalty data: points, VIP tiers, rewards, etc.

Technical Data

• Server logs: IP address, browser/device info, accessed URL. Retained for a few days (log rotation by file size, typically up to one week).
• Application logs: merchant activity within the App (create/edit/delete actions), retained for 60 days.
• Webhook logs: incoming data from Shopify (including order and customer details, line_items, discount_applications), retained for 7 days.

3. How We Use the Information

We use the collected data solely to:

• Provide and operate the App’s functionality.
• Enable loyalty features, rewards, and discounts.
• Respond to support requests.
• Maintain and improve the App’s performance.

We do not use collected data for advertising or marketing purposes.

4. Sharing of Information

We do not sell or rent personal data. We may share limited data with:

• Hetzner (Germany) — hosting provider for application servers.
• Cloudflare — CDN for serving frontend widget scripts (the widget code does not contain personal data).
• Sentry — error tracking service (we send technical details and identifiers; names and emails are not transmitted).
• SparkPost — email delivery service (recipient’s name and email, subject, and message may be sent when emails are dispatched).
• Amplitude — analytics service (internal app events; no personal data).
• Shopify Inc., as required for the App to operate.
• Legal authorities, if required by law.

5. Data Retention

Merchant and customer data are retained as long as the merchant uses the App.

Upon uninstallation of the App, we delete or anonymize personal data in accordance with Shopify’s data protection requirements.

6. Data Security

• Access control and authentication are handled by Shopify.
• All data transfers are encrypted using SSL/TLS (HTTPS).

7. Your Rights

Merchants and their customers may exercise the following rights (subject to applicable laws such as GDPR and CCPA):

• Access, correct, or update their personal information.
• Request deletion of their data.

To exercise these rights, you may:

• Uninstall the App from your Shopify store, which triggers automatic data deletion; or
• Contact us directly at contact@alphalogic.io.

We also respond automatically to Shopify’s compliance webhooks to support GDPR/CCPA customer data requests.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons.