Privacy Policy

Introduction

Welcome to Discount & Checkout Customization ("we," "our," or "us"), operated by Artiple Web. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application (the "App").

By installing and using our App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not install or use our App.

Information we collect

Store information (via Shopify API)

When you install our App, we access and store certain information about your Shopify store through Shopify's authenticated Admin API. This includes:

• Store domain name (myshopify.com URL)
• Store name and contact email
• Store currency and locale settings
• Shopify plan information
• Installed app scopes and session tokens

API scopes requested: read_all_orders, read_customers, read_locales, read_locations, read_orders, read_purchase_options, read_shipping, write_delivery_customizations, write_discounts, write_payment_customizations, write_products.

Configuration data

To provide our services, we store the rule configurations you create:

• Discount rules (type, value, conditions, priority, scheduling)
• Shipping customization rules (action, target methods, conditions)
• Payment customization rules (action, target methods, conditions)
• App settings and feature preferences

Rule configurations are also stored as JSON metafields on Shopify resources so that Shopify Functions can read them at checkout.

Checkout data (processed in real-time, not stored by us)

During checkout, our Shopify Functions receive and process the following data to evaluate your rules. This processing occurs entirely on Shopify's infrastructure:

• Cart contents (product titles, types, vendors, tags, SKUs, quantities, prices)
• Cart totals and item counts
• Shipping destination (country, province, city, postal code)
• Customer tags and customer type (new or returning)
• Available shipping and payment methods
• Applied discount codes

This data is processed in real-time by Shopify's serverless Function infrastructure. Our App does not store, log, or transmit this checkout data to our servers.

Order and analytics data

When orders are placed, Shopify sends order data to our App via webhooks. We store limited, aggregated data for analytics:

• Order ID and which rules were applied
• Discount amounts applied per rule
• Customer email (for rule usage tracking only)
• Daily aggregate metrics (total orders, revenue, discount savings)

Support and feedback data

When you contact us through the in-app support page, we collect:

• Your name, email address, and store domain
• Support message content, category, and subject
• Feedback ratings and feature request submissions

Support requests are queued in our database for reliable delivery and sent to our team via email (SMTP).

Error and performance data

We use Sentry, a third-party error tracking service, to monitor application stability. When errors occur, the following may be collected:

• Error messages, stack traces, and request URLs
• Your store domain (used as a user identifier for error grouping)
• Browser and device metadata

Sentry is only active when configured. No checkout or customer personal data is sent to Sentry.

Session data

We store Shopify session tokens in our database to authenticate API requests. Sessions contain your store domain, access token, and granted scopes. Sessions are encrypted in transit and expire automatically.

How we use your information

We use the information we collect for the following purposes:

• Provide, operate, and maintain our App and its features
• Evaluate and apply your discount, shipping, and payment rules at checkout
• Display analytics dashboards showing rule performance and order metrics
• Enforce subscription plan limits and billing
• Process and respond to support requests, feedback, and feature requests
• Monitor application errors and performance to improve reliability
• Send important service-related communications
• Detect, prevent, and address technical issues or abuse

We do not use your data for advertising, profiling, or any purpose unrelated to providing the App's functionality.

Third-party services

We share data with the following categories of third-party service providers, solely to operate the App:

Shopify

Our App runs on and integrates with the Shopify platform. Rule configurations are stored as Shopify metafields. Checkout data is processed by Shopify's Function infrastructure. Billing is handled through Shopify's payment system.

Sentry (Functional Software, Inc.)

Used for error tracking and application monitoring. Receives error details and store domain identifiers. Sentry Privacy Policy.

Email / SMTP provider

Support emails, feedback, and feature requests are delivered via a configured SMTP service. Only the content you submit through the support form is transmitted.

Hosting infrastructure

Our App is hosted on secure cloud infrastructure. Your data is stored in an encrypted MySQL database.

We do not sell, trade, or rent your personal information to third parties. We do not share data with analytics, advertising, or marketing platforms.

Data security

We implement appropriate technical and organizational security measures to protect your information:

• All data in transit is encrypted using TLS/SSL
• Database access is restricted and requires authentication
• Shopify session tokens are stored securely and expire automatically
• API requests are authenticated via Shopify App Bridge session tokens
• In-app rate limiting prevents abuse (100 requests per 60 seconds per store)
• Checkout data is processed entirely on Shopify's infrastructure and never reaches our servers

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

Data retention

We retain your information only as long as necessary to provide the service. Specific retention periods:

• Rule configurations: Retained while your App is installed. Deleted upon uninstallation.
• Order/rule usage data: Retained for 90 days, then automatically purged.
• Daily analytics (aggregated): Retained for 365 days, then automatically purged.
• Session tokens: Expired sessions are purged after 30 days.
• Background job records: Completed job records are purged after 30 days.
• Store information: Deleted when you uninstall the App, subject to any legal retention requirements.

Automated cleanup runs periodically to enforce these retention periods. You may request immediate deletion of your data at any time by contacting us.

Shopify compliance webhooks

In compliance with Shopify's requirements and applicable privacy laws, our App responds to the following mandatory webhooks:

• Customer data request (customers/data_request) — We provide any stored data associated with the specified customer upon request.
• Customer data erasure (customers/redact) — We delete all stored data associated with the specified customer.
• Shop data erasure (shop/redact) — We delete all stored data associated with the shop after uninstallation.

Your rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request a copy of your data in a machine-readable format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at support@artipleweb.com. We will respond within 30 days.

GDPR compliance

For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). The legal bases for processing your information include:

• Contract: Processing necessary to perform our service agreement with you (providing the App's functionality)
• Legitimate interests: Processing necessary for our legitimate business interests, such as improving the App and preventing abuse
• Consent: Where you have given consent for specific processing (e.g., submitting feedback)
• Legal obligation: Processing necessary to comply with legal requirements

Data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place for such transfers.

California privacy rights (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know what personal information is collected, used, and disclosed
• Right to request deletion of personal information
• Right to opt-out of the sale or sharing of personal information
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information
• Right to limit use of sensitive personal information

We do not sell or share personal information as defined by the CCPA/CPRA. We do not use sensitive personal information for purposes beyond providing the App.

Children's privacy

Our App is a business tool intended for use by Shopify merchants. It is not directed at or intended for use by children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.

Cookies and tracking

Our App does not use cookies, pixels, or tracking technologies of its own. The App operates within Shopify's embedded app framework, which uses Shopify's own session management. We do not track your browsing activity, serve advertisements, or use any third-party analytics services within the App interface.

Changes to this privacy policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last Updated" date at the top of this policy
• Providing in-app notification for material changes

We encourage you to review this Privacy Policy periodically. Your continued use of the App after changes are posted constitutes acceptance of those changes.

Contact us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us: