Privacy Policy

Last updated: February 2025

1. Introduction

Revifly ("we", "our", or "us") provides performance-based marketing tools for Shopify merchants, including voucher and discount management, affiliate attribution, and analytics. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our Shopify app and related services.

2. Data We Process

We process the minimum personal data required to provide value to merchants:

  • Shop and merchant data: Shopify shop domain, store name, access tokens (encrypted), and billing information necessary for app charges.
  • Order and voucher data: Order IDs, order names (e.g. #1001), Shopify order IDs, voucher codes, redemption timestamps, and discount amounts. We do not store customer names, emails, phone numbers, or addresses.
  • Offer and publisher data: Offer titles, voucher codes, publisher attribution for commission calculation, and usage statistics.

We receive order webhooks from Shopify that may contain customer data in the payload. We extract only the fields listed above and do not store customer PII.

3. Purposes for Processing

We use personal data only for:

  • App functionality: Matching voucher redemptions to orders, attributing sales to publishers, recording billing events, and deducting promotion credits.
  • Marketing attribution: Determining which marketing partners (publishers) drove which sales for commission payments.
  • Analytics: Providing merchants with offer performance metrics, redemption rates, and usage dashboards.

We do not use data for customer service, store management, personalization, or selling data to third parties.

4. Data Retention

We retain personal data only as long as needed:

  • Shop data: Deleted within 30 days of receiving the shop/redact webhook (48 hours after app uninstall).
  • Voucher and order data: Retained for the duration of the merchant's use of the app, plus up to 7 years for billing and tax compliance where required by law.
  • Customer data requests: We respond to customers/data_request and customers/redact webhooks within 30 days. We store minimal data and do not retain customer PII beyond what is necessary for voucher attribution.

See our Data Retention Policy for full details.

5. Data Security

  • Encryption in transit: All API and web traffic uses HTTPS/TLS.
  • Encryption at rest: Database and stored data are encrypted at rest where supported by our hosting infrastructure.
  • Access control: Access tokens and secrets are stored securely. We use prepared statements to prevent SQL injection and sanitize outputs to prevent XSS.

6. Your Rights and Requests

Merchants and their customers can request:

  • Data access: We respond to Shopify's customers/data_request webhook and provide stored data to the store owner.
  • Data deletion: We respond to customers/redact and shop/redact webhooks and delete or anonymize data within 30 days.
  • Contact: For privacy requests, email support@revifly.com.

7. Third Parties

We do not sell personal data. We share data only with:

  • Shopify: For app operation (OAuth, webhooks, API calls).
  • Hosting providers: For infrastructure (e.g. database, servers).

8. Changes

We may update this policy. We will notify merchants of material changes via the app or email. Continued use after changes constitutes acceptance.

9. Contact

Revifly
Email: support@revifly.com
Gurgaon, India

← Back to Home