Privacy Policy
Plain-English summary: PromoGard stores your promotion configurations and usage analytics. It never collects your customers' personal data. Uninstall the app and everything gets deleted automatically.
1. Overview
PromoGard ("the App") is committed to protecting your privacy. This privacy policy explains what data the App collects, how it is used, stored, and protected.
The App is designed to help Shopify merchants manage promotions with automatic conflict detection. We collect only the data necessary to operate the App and explicitly do not collect any customer personal information.
2. Data Collection
What We Collect
The App collects the following merchant-specific data:
- Promotion records — promotion names, rules, dates, pricing tiers, and conditions
- Price backups — product prices before modifications, for rollback functionality
- Event logs — system events for debugging and audit trails
- Analytics events — aggregated usage metrics (no personal identifiers)
- OAuth tokens — Shopify API tokens for secure authentication
- App settings — merchant preferences and configuration
- Bundles — custom product bundle definitions created by the merchant
- Gift pools — gift card and incentive pool configurations
- Cart claims — promotion claim records (no customer PII)
- Incentives — loyalty or incentive program configurations
What We Do NOT Collect
The App explicitly does not collect:
- Customer personal information (names, emails, phone numbers, addresses)
- Order details or line items
- Customer payment information
- Browsing or purchase history
- Any other customer data
How Data Is Collected
Data is collected through:
- Shopify GraphQL API calls (for reading products and creating/modifying promotions)
- Browser localStorage (for session state and temporary configuration)
- Manual input (when merchants enter promotion rules or settings)
3. Data Usage
The App uses collected data only to:
- Create, manage, and execute promotions on your store
- Track promotion conflicts and prevent invalid stacking
- Generate analytics for promotion performance
- Back up and restore pricing during promotion changes
- Store your configuration between sessions
- Send webhooks to Shopify for required compliance operations
Data is NOT used for:
- Selling to third parties
- Marketing or profiling
- Sharing with external services (except Shopify APIs required for operation)
- Any purpose beyond operating the App
4. Data Storage
Storage Locations
- Netlify Blobs — All persistent merchant data (promotions, backups, settings, analytics)
- Browser localStorage — Temporary session data and UI state (deleted on browser clear)
Security Measures
- Encryption at rest — Data stored in Netlify Blobs is encrypted
- Encryption in transit — All data transferred via HTTPS/TLS
- Access control — Only the App can access your data; no manual access by staff
Data Retention
Data is retained indefinitely until:
- You manually delete promotions or backups through the App
- You uninstall the App from Shopify (triggers automatic deletion via
shop/redactwebhook) - Data associated with completed promotions is cleaned up automatically
5. Data Deletion
Automatic Deletion
When you uninstall the App from Shopify:
- The
shop/redactwebhook is triggered automatically - All merchant data (promotions, backups, settings, analytics) is deleted from Netlify Blobs
- No manual action is required
Manual Deletion
You can delete data at any time:
- Delete individual promotions or backups through the App UI
- Clear analytics and event logs (where applicable)
- Reset all settings and configurations
Backup Cleanup
Backup data created for price rollback is automatically cleaned up when:
- A promotion completes or is deleted
- 30 days have passed since the promotion ended
6. GDPR & CCPA Compliance
GDPR Compliance
The App complies with GDPR requirements:
- No customer personal data — We do not collect or store any personal data of your customers, so GDPR subject access requests for customer data are not applicable.
- Data processing — We process merchant data as a service provider under your instructions.
- Data deletion — You can request deletion of all your data by uninstalling the App. The
shop/redactwebhook triggers automatic deletion. - Data transfers — All data is processed and stored in the US via Netlify.
CCPA Compliance
The App complies with CCPA requirements:
- No sale of data — We do not sell any data to third parties.
- Consumer rights — Merchants can access, delete, and opt-out of data processing by uninstalling the App.
- No profiling — Data is not used for profiling or targeted advertising.
7. Data Breach Notification
In the unlikely event of a security breach affecting your data:
- You will be notified immediately via email
- We will provide details of affected data and remediation steps
- We will cooperate fully with Shopify and legal requirements
To report a security issue, contact: security@promogard.co
8. Third-Party Integrations
The App integrates with:
- Shopify Admin API — For reading products, modifying prices, creating discounts, and managing publications
- Netlify Blobs — For secure data storage
- Netlify Functions — For backend processing and webhooks
No other third-party integrations exist. Data is not shared with external services beyond Shopify APIs required to operate the App.
9. Contact & Support
For privacy questions, concerns, or to request data deletion:
Email: support@promogard.co
For additional information about Shopify's privacy practices, visit Shopify's Privacy Policy.
10. Policy Changes
We may update this policy as the App evolves. Material changes will be communicated via email. Your continued use of the App after changes means you accept the updated policy.
PromoGard — A Shopify application for deterministic conflict prevention in promotions. Built by Thornhill Craftworks.