Privacy Policy

1. Information We Collect

1.1 Information from Shopify

When you install our app, we receive the following information from Shopify:

• Shop domain and store information
• Store owner email address
• Product, collection, and pricing data (as necessary for discount functionality)
• Customer data (only when explicitly used for customer segmentation features)
• Order information (for analytics and discount tracking)

1.2 Information You Provide

• Discount configurations and rules you create
• App settings and preferences
• Support communications and feedback

1.3 Automatically Collected Information

• Usage analytics (discount performance, feature usage)
• Technical information (browser type, IP address, device information)
• Log data (access times, errors, system events)

2. How We Use Your Information

We process your personal data for the following purposes:

• Service Provision: To operate and provide the discount functionality you've requested
• Analytics: To provide discount performance insights and optimize app functionality
• Customer Support: To respond to your inquiries and provide technical assistance
• Billing: To process subscription payments through Shopify's billing system
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

3. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services as per our Terms of Service
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: To comply with legal requirements and respond to lawful requests

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Shopify: As required for app functionality and billing
• Service Providers: Trusted third-party services that help us operate our app (hosting, analytics, customer support)
• Legal Requirements: When required by law, court order, or to protect our rights

All third-party service providers are contractually obligated to maintain data security and confidentiality.

5. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, please contact us at privacy@nolimitsolutions.co.uk

6. GDPR Compliance Webhooks

We have implemented mandatory GDPR compliance webhooks:

• customers/data_request: We will provide customer data within 30 days of request
• customers/redact: We will delete customer data within 30 days of request
• shop/redact: We automatically delete all shop data 48 hours after app uninstallation

7. Data Retention

We retain your data only as long as necessary:

• Active Users: While you have an active subscription
• Post-Uninstall: Up to 48 hours after app uninstallation (for shop data)
• Legal Requirements: As required by law or to resolve disputes
• Anonymized Analytics: Aggregated, anonymized data may be retained indefinitely for research and improvement purposes

8. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest for sensitive data
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure data centers with physical and network security
• HMAC verification for all webhook communications

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

10. Cookies and Tracking

Our app uses minimal cookies and tracking technologies:

• Essential Cookies: Required for app functionality and authentication
• Analytics Cookies: To understand how you use our app (with your consent)

You can control cookie preferences through your browser settings.

11. Children's Privacy

Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through the app. Continued use of the app after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, concerns, or to exercise your rights:

14. Supervisory Authority

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• EU: Your national data protection authority