Legal

Privacy policy

Last updated: 30 March 2026

Who we are

DealGift (“we”, “us” or “our”) operates the DealGift Shopify application and the website https://dealgift.app.

Our contact email is: hello@dealgift.app

What information we collect

We collect and process the following categories of data when you install and use DealGift on your Shopify store:

  • Merchant account data: Store name, contact email, Shopify domain, and billing identifiers that Shopify shares with us during app authorization.
  • Configuration data: Deals, rules, promotional copy, consent settings, and other customizations you create or save inside the app.
  • Cart and order metadata: Information needed to evaluate and apply promotions (for example, line items, cart contents, applied discounts, consent flags, and basic checkout-related data). We do not collect full customer personal details such as names, addresses, or payment information unless strictly necessary for the promotion logic and only as passed via Shopify’s APIs.
  • Usage and technical data: Logs of app interactions, error reports, and aggregated analytics to monitor performance and reliability.
  • Support communications: Messages, emails, or form submissions you send to us for customer support.

We do not collect data directly from your end customers beyond what is required to deliver the service through Shopify’s APIs, and we respect Shopify’s Customer Privacy API settings.

How we use your data

We use the collected data for the following purposes:

  • To provide, maintain, and improve the DealGift service (including applying gift/deal logic, rules, and checkout-aligned pricing).
  • To troubleshoot issues, ensure security, and monitor app performance.
  • To communicate with you about the service, updates, or support requests.
  • To comply with legal obligations and enforce our Terms of Service.
  • For internal analytics and product improvement (using aggregated or anonymized data where possible).

We do not sell any personal information.

Legal bases for processing (UK GDPR)

Where UK GDPR applies, we rely on the following lawful bases:

  • Performance of a contract: Processing necessary to provide DealGift to you under our Terms of Service.
  • Legitimate interests: For security, fraud prevention, service improvement, and aggregated analytics.
  • Legal obligation: Where we are required to process data to comply with applicable laws.
  • Consent: Where we ask for it (for example, for certain optional features), and you can withdraw consent at any time.

Subprocessors

We may use the following trusted third-party service providers (subprocessors) to help deliver the service. We ensure appropriate data processing agreements are in place with each:

  • Hosting and infrastructure providers (for example, cloud providers such as Amazon Web Services or similar) — for secure storage and processing of data.
  • Logging and monitoring tools — for error tracking and performance.
  • Email and communication services — for support and service notifications.

We will keep this list updated. If you would like the current detailed list, please contact us at hello@dealgift.app.

Data retention

We retain your merchant configuration data and necessary metadata for as long as your DealGift app remains installed and active.

After uninstallation, we will delete or anonymize your data within a reasonable period (typically 30–90 days), except where we are required to retain it for legal or regulatory reasons (for example, billing records or fraud prevention).

Specific retention periods are defined in our internal data retention policy.

Security

We implement appropriate technical, administrative, and organizational measures to protect your data against unauthorized access, loss, or misuse. These include encryption, access controls, regular security reviews, and secure coding practices. However, no system is completely secure, and we cannot guarantee absolute security.

Your rights

Under UK GDPR (and equivalent laws), you have rights regarding your personal data, including the right to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Request deletion or restriction of processing
  • Object to certain processing
  • Data portability (in some cases)
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local regulator

To exercise these rights, email us at hello@dealgift.app. We will respond within one month (or as required by law).

International data transfers

DealGift is operated from the United Kingdom. If any data is transferred outside the UK (for example, to cloud infrastructure providers in the EEA or other countries with adequacy decisions), we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA), UK Addendum to EU Standard Contractual Clauses, or other approved mechanisms, together with a Transfer Risk Assessment where required.

Children’s privacy

DealGift is not directed at children and is intended for use by businesses. We do not knowingly collect or process data from children under 18.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will be revised accordingly. We will notify you of material changes via the Shopify app, email, or on our website where required by law.

By continuing to use DealGift after changes are posted, you accept the updated policy.

Contact us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

hello@dealgift.app