We Take Your Privacy Seriously ❤️

At Shopiment.io (the developer of Gratify), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you install and use Gratify - the loyalty and rewards app on the Shopify App Store.

Gratify helps Shopify merchants run loyalty programs, VIP tiers, points, and rewards. Because these features involve shoppers who earn and redeem points, this policy covers both merchants (Shopify store owners who install Gratify) and end customers (shoppers who participate in a merchant's loyalty program).

By installing Gratify or participating in a loyalty program powered by Gratify, you agree to the practices described in this policy. If you do not agree, please do not install or use the app.

We only collect the minimum data necessary for Gratify to function. This includes:

Merchant & Store Information (provided via Shopify API when you install the app):

• Store owner name, email address, phone number, and physical address
• Store name, store URL, and currency
• Shop ID and basic account details

Store Content Data:

• Products, collections, and discount codes (to power earning rules, rewards, and redemption)
• Online Store theme information (to display the loyalty widget, launcher, and rewards page correctly)

End-Customer Data (shoppers on the merchant's store):

To run a loyalty program, Gratify processes limited personal data about your customers on your behalf. This may include:

• Name and email address
• Customer ID and Shopify account details
• Birthday (only if the merchant enables birthday rewards and the customer provides it)
• Order history and purchase totals (to award points on purchases)
• Points balance, points earned, points redeemed, and redemption history
• VIP tier status and tier progression
• Referral activity (referrer and referred customer, where applicable)
• Earning events such as account creation, social shares, reviews, or birthdays (as configured by the merchant)

Gratify acts as a data processor for this customer data. The merchant remains the data controller and is responsible for obtaining the lawful basis (consent where required) to share customer data with Gratify.

Program Configuration Data:

• Loyalty program settings, earning rules, redemption rules, VIP tier thresholds, and reward types
• Widget customization (colors, launcher position, copy, translations)
• Plan usage metrics (monthly orders processed, active tiers, active rewards)
• Performance data such as points issued, points redeemed, widget impressions, and conversion events (aggregated and anonymized where possible)

Technical & Usage Data:

• IP address, browser type, device information, and access logs when you use the Gratify merchant dashboard or the customer-facing widget
• Analytics on how merchants interact with the dashboard (to improve features and fix bugs)

We do not collect payment card numbers, passwords, or sensitive categories of personal data (such as government IDs, health information, or biometric data). All billing is handled through Shopify's own billing system.

We use the collected information to:

• Provide, operate, and maintain Gratify (including points issuance, redemption, VIP tier assignment, referrals, and the on-store loyalty widget)
• Calculate and update customer points balances, tier status, and available rewards
• Generate the merchant dashboard analytics (total members, points issued, points redeemed, VIP counts, recent activity)
• Send transactional notifications on behalf of the merchant (e.g., points earned, reward unlocked, tier upgrade) where the merchant has configured these
• Analyze app usage to improve performance, add new features, and troubleshoot issues
• Communicate with merchants about support, updates, or important notices
• Comply with legal obligations and prevent fraud or abuse of the loyalty program
• Generate aggregated, anonymized insights to improve our services (no individual merchant or customer data is sold)

We never sell or rent your personal information. We may share data only in these limited cases:

• With Shopify: As required for the app to work on the Shopify platform, including reading orders, customers, and products and creating discount codes (governed by Shopify's own privacy policy).
• With the Merchant: If you are a shopper, your name, email, points balance, tier, and loyalty activity are shared with the merchant whose store you participate in. The merchant's own privacy policy governs how they use this data.
• Service Providers: Trusted third-party vendors (e.g., cloud hosting, email delivery for loyalty notifications, analytics, error monitoring, and support platforms) who process data only on our behalf and under strict confidentiality agreements.
• Integrations You Enable: If a merchant connects Gratify to a third-party tool (for example, an email marketing platform), relevant loyalty data will be shared with that tool at the merchant's direction. The merchant is responsible for reviewing that tool's privacy policy.
• Legal Requirements: When required by law, court order, or to protect our rights, safety, or property.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate notice.

We use industry-standard security measures (encryption in transit and at rest, access controls, secure cloud infrastructure, and regular monitoring) to protect your data. However, no system is 100% secure. We retain your data only as long as needed to provide the service or meet legal requirements. When a merchant uninstalls Gratify, we delete the associated merchant and customer loyalty data within a reasonable time (typically within 30 days), except where Shopify or applicable law requires longer retention.

Gratify uses cookies and similar technologies in the merchant dashboard and the customer-facing loyalty widget to remember preferences, keep sessions active, identify returning customers to display their points balance, and analyze usage. These help us deliver a better experience. Customers can manage cookies through their browser settings; disabling them may affect widget functionality such as automatic recognition of a returning loyalty member.

Depending on your location (e.g., GDPR in Europe and the UK, CCPA/CPRA in California, PIPEDA in Canada, or similar laws elsewhere), you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to or restrict certain processing
• Receive your data in a portable format
• Withdraw consent where processing is based on consent

If you are a shopper participating in a loyalty program, please direct requests to the merchant whose store you shop with - they control your data and can forward the request to us if needed.

If you are a merchant, email us at support@shopiment.io. We will respond within 30 days (or as required by law). If you uninstall the app from Shopify, we will automatically delete your associated data within 30 days.

Gratify also honors Shopify's mandatory GDPR webhooks (customers/data_request, customers/redact, and shop/redact) so that data requests submitted through Shopify are fulfilled automatically.

Shopiment.io is based in Singapore. Your data may be transferred to and processed in Singapore, the United States, the European Union, or other countries where our service providers operate. We use appropriate safeguards (such as Standard Contractual Clauses) to protect your data during these transfers.

Gratify is not intended for children under 13 (or the applicable age in your country). We do not knowingly collect data from children. Merchants are responsible for ensuring their loyalty program is not marketed to or used by children in violation of applicable law. If you believe a child has provided personal information through a Gratify-powered program, please contact us and we will delete it.

We may update this policy from time to time. We will notify merchants of material changes via email or through the Gratify dashboard. The "Last Updated" date at the top shows when changes were made. Continued use of the app after a change takes effect constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us: