Privacy Policy

Last Updated: January 2, 2025

At Gemify ("we," "us," or "our"), we take your privacy seriously. This Privacy Policy explains how our Shopify applications, including Bulk Delete Orders (collectively, "our Apps"), collect, use, store, and protect your information when you use our services.

1. Information We Collect

1.1 Information Collected Through Shopify APIs

When you install and use our Apps, we access the following information through Shopify's APIs:

• Store Information: Store name, store domain, store owner email, and store timezone
• Order Data: Order details including order numbers, dates, statuses, financial status, and fulfillment status (for Bulk Delete Orders app)
• API Access Tokens: Tokens necessary to authenticate and communicate with your Shopify store

1.2 Information Collected Directly From Merchants

We may collect the following information directly from you:

• Contact Information: Email address, name (if provided through support requests or forms)
• Usage Data: Information about how you interact with our Apps, including features used and settings configured
• Support Communications: Messages, feedback, and other communications you send to us

1.3 Information Collected From Merchants' Customers

Our Apps are designed to minimize the collection of end-customer data. For the Bulk Delete Orders app:

• We do not directly access or store customer personal information (such as names, addresses, or payment details)
• Order data accessed through Shopify's APIs may contain references to customers, but we do not separately store or process customer personal data
• We do not use cookies or tracking technologies on customer-facing storefronts

1.4 Automatically Collected Information

We automatically collect certain technical information when you use our Apps:

• Log Data: IP addresses, browser type, operating system, access times, and error logs
• Device Information: Device type and unique identifiers
• App Performance Data: Information about app performance, errors, and crashes

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Maintain Our Services

• To operate our Apps and provide the features you request
• To process order deletions and other operations (for Bulk Delete Orders app)
• To authenticate your store and maintain secure access
• To monitor and improve app performance and reliability

2.2 To Communicate With You

• To respond to your support requests and inquiries
• To send important notifications about our Apps (e.g., security updates, service changes)
• To provide updates about new features or improvements (only if you've opted in)

2.3 To Improve Our Services

• To analyze usage patterns and identify areas for improvement
• To troubleshoot issues and fix bugs
• To develop new features based on user needs

2.4 To Ensure Security and Compliance

• To detect and prevent fraud, abuse, and security incidents
• To comply with legal obligations and enforce our Terms of Service
• To respond to data subject requests as required by privacy laws

We do not use your information for:

• Marketing or advertising campaigns (unless you explicitly opt in)
• Selling or sharing your data with third parties for their marketing purposes
• Automated decision-making that has legal or significant effects on merchants or customers

3. Data Retention

We retain your data only for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

• Active Stores: While you have our Apps installed and actively use our services, we retain the data necessary to operate the Apps
• After App Uninstallation: When you uninstall our Apps, we retain minimal data (store ID and access tokens) for 30 days to facilitate potential reinstallation. After 30 days, all data except aggregate usage statistics is permanently deleted
• Support Communications: Support emails and communications are retained for 2 years to help resolve ongoing issues and improve our services
• Log Data: Server logs and error logs are retained for 90 days for security and debugging purposes
• Compliance Data: We retain data as required by law or regulation (e.g., financial records for tax purposes)

4. Data Storage and Security

4.1 Where We Store Your Data

Gemify is established in [Your Location - e.g., "the United States"]. Your data is stored on secure servers provided by trusted cloud infrastructure providers located in:

• United States (primary data storage)
• [Add other regions if applicable]

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, please note that your data may be transferred to and processed in countries outside your jurisdiction. We ensure such transfers comply with applicable laws through appropriate safeguards, including:

• Standard Contractual Clauses approved by the European Commission
• Adherence to the EU-U.S. Data Privacy Framework (if applicable)
• Implementation of additional security measures and contractual protections

4.2 How We Protect Your Data

We implement industry-standard security measures to protect your information:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access Controls: Strict access controls ensure only authorized personnel can access your data
• Authentication: We use secure authentication methods including OAuth 2.0 for Shopify API access
• Regular Security Audits: We conduct regular security assessments and vulnerability scans
• Monitoring: We continuously monitor our systems for suspicious activity and security threats
• Secure Development: We follow secure coding practices and conduct code reviews

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. If you have concerns about the security of your data, please contact us at sean.gemify@gmail.com.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

5.1 Service Providers

We may share data with trusted third-party service providers who help us operate our Apps, such as:

• Cloud hosting providers (e.g., AWS, Google Cloud)
• Error tracking and analytics services
• Customer support tools

These service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities, including:

• To comply with legal obligations (e.g., court orders, subpoenas)
• To protect our rights, property, or safety, or that of our users or the public
• To detect, prevent, or address fraud, security, or technical issues

5.3 Business Transfers

If Gemify is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

6.1 Access and Portability

You have the right to request a copy of the personal data we hold about you. You can also request that we provide your data in a portable format.

6.2 Correction

You have the right to request that we correct any inaccurate or incomplete personal data.

6.3 Deletion

You have the right to request deletion of your personal data. You can delete your data by:

• Uninstalling our Apps from your Shopify store (data will be automatically deleted within 30 days)
• Contacting us at sean.gemify@gmail.com to request immediate deletion

6.4 Restriction and Objection

You have the right to restrict or object to certain processing of your personal data.

6.5 Opt-Out of Marketing

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or contacting us.

6.6 Withdraw Consent

Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

6.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at sean.gemify@gmail.com. We will respond to your request within 30 days.

7. Compliance with Privacy Laws

7.1 GDPR (European Economic Area)

If you are in the EEA, we process your data in accordance with the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

• Contractual Necessity: To provide our Apps and fulfill our contract with you
• Legitimate Interests: To improve our services, ensure security, and provide support
• Consent: Where you have explicitly consented to specific processing activities
• Legal Obligations: To comply with applicable laws

7.2 CPRA (California)

If you are a California resident, you have additional rights under the California Privacy Rights Act (CPRA), including:

• Right to know what personal information we collect and how it's used
• Right to delete your personal information
• Right to opt-out of the sale or sharing of your personal information (note: we do not sell or share personal information)
• Right to correct inaccurate personal information
• Right to limit the use of sensitive personal information
• Right to non-discrimination for exercising your privacy rights

7.3 Other Jurisdictions

We comply with privacy laws in other jurisdictions where we operate, including the UK GDPR, Colorado Privacy Act, Virginia Consumer Data Protection Act, and other applicable laws.

8. Shopify Mandatory Webhooks

As a Shopify app developer, we subscribe to mandatory compliance webhooks to handle data subject requests:

8.1 Customer Data Request

When a customer requests their data from a merchant, we will provide any data we have collected about that customer (if any).

8.2 Customer Data Deletion

When a customer requests deletion of their data, we will permanently delete any personal data we have collected about that customer within 30 days.

8.3 Shop Data Deletion

When a merchant uninstalls our Apps or closes their Shopify store, we will delete all associated data within 30 days (as outlined in Section 3).

9. Marketing and Advertising

We do not currently run marketing or advertising campaigns using customer data. If we introduce marketing features in the future:

• We will provide clear opt-in mechanisms and obtain explicit consent
• We will respect customer consent preferences and marketing opt-out requests
• We will comply with applicable marketing laws, including CAN-SPAM, CASL, and GDPR

10. Children's Privacy

Our Apps are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

11. International Data Transfers

We operate globally and may transfer your data to countries outside your jurisdiction. When we do so, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by relevant authorities
• Adequacy decisions by the European Commission or other regulatory bodies
• Additional technical and organizational security measures

12. Third-Party Links

Our Apps or website may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email (if you've provided your email address)
• Display a prominent notice within our Apps

Your continued use of our Apps after the changes take effect constitutes your acceptance of the revised Privacy Policy.

14. Data Protection Officer

If you have questions about how we handle your personal data or wish to exercise your privacy rights, you can contact our Data Protection Officer at:

• Email: sean.gemify@gmail.com
• Subject Line: "Privacy Inquiry" or "Data Protection Request"

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Complaints and Regulatory Authorities

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with your local data protection authority. For EEA residents, a list of data protection authorities is available at https://edpb.europa.eu.

---

This Privacy Policy was last updated on January 2, 2025. By using our Apps, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.