1) What Information Do We Collect?

A. Information from Shopify (Merchant / Store Data)

When you install the App, Shopify may provide us with information necessary to provide the Services, such as:

• Store name, store domain, and store identifier
• Merchant contact details (for example, email) and billing status (as provided by Shopify)
• Store settings relevant to the App (currency, locale, theme identifiers)
• Product, variant, collection information needed to display upsells or bundles
• Cart and order data necessary to calculate offers (for example, cart value, line items)

B. Customer and Order Data (Processed on Your Behalf)

Depending on the features you enable (upsells, bundles, add-to-unlock gift offers, targeting), we may process limited customer or order data only to operate the App, such as:

• Order IDs and cart contents (line items, quantities, prices)
• Discount or offer application results (for example, gift unlocked status)
• Delivery country or region (if used for targeting rules)
• Limited customer identifiers (for example, Shopify customer ID) when required for rules, reporting, or fraud prevention

We do not need or intend to collect sensitive personal data (for example, government IDs or health data). Please do not send such data to our support channels.

C. Automatically Collected Technical Data

When you use our Services, we automatically collect:

• IP address and approximate location (city or country level)
• Device and browser characteristics
• Operating system, language, referring URLs, pages or events visited
• Usage logs and performance metrics (for example, feature clicks, errors, load times)

This helps us maintain security, improve performance, and troubleshoot issues.

D. Support and Communications

If you contact support, we may collect:

• Your name, email, and store URL
• Message content and attachments you send
• Diagnostic data needed to resolve the issue (for example, logs)

2) How Do We Use Your Information?

We use information to:

• Provide and operate the App (create upsell offers, display cart drawer widgets, apply rules)
• Enable core features (bundles, add-to-unlock progress bar, targeting conditions)
• Analytics and performance (measure conversions, AOV impact, offer performance)
• Support and troubleshooting (debug issues, answer requests)
• Security and fraud prevention (prevent abuse, protect infrastructure)
• Billing and administration (manage plan limits, invoices or charges via Shopify, where applicable)
• Legal compliance (comply with applicable laws and enforce our terms)

Legal bases (where applicable, such as EEA or UK):

• Contract performance (to deliver the Services)
• Legitimate interests (security, improvements, analytics)
• Consent (where required for certain marketing or cookies)
• Legal obligations

3) Will Your Information Be Shared With Anyone?

We do not sell or rent personal information. We may share information only in these cases:

A. Service Providers (Processors)

We may use trusted vendors for:

• Hosting and infrastructure
• Error monitoring and analytics
• Customer support tools
• Email delivery (service communications)
• Payment or billing administration (primarily through Shopify)

These providers are authorized to process data only to perform services for us and must protect it.

B. Business Transfers

If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, consistent with this policy.

C. Legal Requirements

We may disclose information if required by law, court order, or valid governmental request, or to protect rights, safety, and security (for example, fraud or abuse).

4) International Data Transfers

Our Services may involve processing data in countries other than yours (including the United States). Where required, we use appropriate safeguards for international transfers (for example, contractual protections).

5) How Long Do We Keep Your Information?

We retain information only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. When data is no longer needed, we delete it or anonymize it.

Uninstall or deletion: You can uninstall the App anytime from your Shopify admin. After uninstall, we remove or anonymize store data within a reasonable period, except where retention is required for legal, security, or fraud-prevention reasons.

6) How Do We Keep Your Information Safe?

We use reasonable administrative, technical, and organizational safeguards (access controls, encryption in transit where applicable, monitoring, least-privilege access). However, no method of transmission or storage is 100 percent secure, so you use the Services at your own risk.

7) Do We Collect Information From Minors?

No. Our Services are intended for Shopify merchants and are not directed to children under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us and we will take appropriate steps to delete it.

8) What Are Your Privacy Rights?

Depending on your location, you may have rights to:

• Access your data
• Correct inaccurate data
• Request deletion
• Object to or restrict processing
• Data portability (where applicable)
• Withdraw consent (where processing is based on consent)

To exercise your rights, contact contact@webinnovate.dev. We may need to verify your identity and store ownership to protect your data.

Merchant control: As the merchant, you control what data is collected from your store via Shopify and which App features you enable.

9) Cookies and Tracking Technologies

We may use cookies or similar technologies on our websites or admin pages to:

• Keep you logged in
• Remember preferences
• Measure performance
• Improve reliability and security

You can control cookies through your browser settings. Disabling cookies may impact certain features.

Email communications: You can opt out of marketing emails (if any) via the unsubscribe link. Service emails (billing, security, product updates) are essential and cannot be fully opted out of.

10) Controls for Do-Not-Track Features

There is no consistent industry standard for responding to DNT signals. Therefore, we do not currently respond to Do-Not-Track browser settings. If a standard is adopted, we will update this policy.

11) Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The "Last Updated" date will indicate when revisions were made. For material changes, we may notify you through the Services or by email.

12) How Can You Contact Us?

If you have questions or requests regarding this Privacy Policy, contact:

• WebInnovate LLC
• Email: contact@webinnovate.dev
• Site: www.webinnovate.dev
• Location: Kentucky, USA