Privacy Policy

1. Personal Information the App Collects

Information from Your Shopify Account

When you install the App, we are automatically able to access certain types of information from your Shopify account:

• Store Information: Store name, domain, email address, currency, timezone, and plan details
• Product Data: Product titles, descriptions, variants, SKUs, inventory levels, prices, costs (COGS), images, and tags
• Order Information: Order details including line items, prices, quantities, order status, fulfillment status, shipping information, and payment status
• Customer Data: Customer names, email addresses, order history, and purchase behavior (required for analytics and synchronization)
• Inventory: Stock levels, locations, and inventory movements
• Financial Data: Transaction details, refunds, and sales totals (aggregated)
• Store Metafields: Custom configurations and settings saved for app functionality

Information We Collect Independently

Additionally, we collect the following types of personal information from you once you have installed the App:

• Account Information: Information about you and others who may access the App on behalf of your store, such as your name, email address, and authentication tokens
• Usage Data: Information about how you use the App, including features accessed, settings configured, reports generated, and interaction logs
• Technical Information: IP address, browser type and version, device information, operating system, and error logs for debugging purposes
• Connected Services: If you connect third-party services (Meta Ads, Google Analytics), we collect authentication tokens and access permissions to retrieve marketing data
• Marketing Data: Ad spend, campaign performance metrics, ROAS, and conversion data from connected advertising platforms

Tracking Technologies

We collect personal information using the following technologies:

• Cookies: Session cookies for authentication via Shopify OAuth and preference cookies to save user settings and app configurations
• Log Files: Track actions occurring in the App, collecting data including your IP address, browser type, timestamps, and API calls for security and debugging
• Local Storage: Browser local storage to maintain session state and user preferences

2. How We Use Your Personal Information

We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Specifically, we use your information to:

• Provide Core Functionality: Deliver detailed analytics, dashboards, and reports about your store's performance
• Calculate Business Metrics: Compute margins, COGS, ROI, CAC, LTV, and other key performance indicators
• Data Synchronization: Synchronize and maintain up-to-date order, product, and customer data from your Shopify store
• Marketing Integration: Connect with and retrieve data from marketing platforms (Meta Ads, Google Analytics) to provide unified analytics
• Generate Reports: Create customized reports, charts, and visualizations based on your business data
• Communicate with You: Send important updates, technical notifications, feature announcements, and respond to support requests
• Improve the App: Analyze usage patterns to optimize performance, add new features, and enhance user experience
• Security: Monitor for unauthorized access, prevent fraud, and maintain the security and integrity of the App
• Technical Support: Diagnose and resolve technical issues, bugs, and errors
• Legal Compliance: Meet our legal and regulatory obligations, including data retention requirements

3. Shopify Integration

Shift accesses your store data through Shopify's official API. We only request the permissions necessary for the application to function:

• Read products and inventory
• Read orders and sales history
• Read customer data (for analytics)
• Access metafields to store custom configurations

We comply with all Shopify privacy and security policies.

4. Sharing Your Personal Information

We do not sell, rent, or trade your business data with third parties for their marketing purposes. We may share your personal information only in the following limited circumstances:

Service Providers

• Firebase/Google Cloud: Secure cloud hosting and database services for storing your application data
• Shopify Platform: Data accessed through and stored via Shopify's official API infrastructure

Connected Third-Party Services

• Marketing Platforms: When you explicitly connect your Meta Ads or Google Analytics accounts, we retrieve data from these platforms on your behalf. We do not share your Shopify data with these platforms
• Authentication Services: Shopify OAuth for secure authentication and authorization

Legal Requirements

We may share your personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights, including:

• Compliance with legal obligations and regulatory requirements
• Enforcement of our terms of service and other agreements
• Protection against fraud, security issues, or technical problems
• Protection of the rights, property, or safety of Shift, our users, or the public

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the App of any such change in ownership or control of your personal information.

5. Data Security

We implement robust security measures to protect your store data:

• SSL/TLS encryption for all communications
• Secure storage in Firebase/Firestore with strict access rules
• OAuth2 authentication via Shopify
• Continuous security monitoring and access logs
• Automated and redundant backups
• Compliance with Shopify security standards

6. Your Rights

European Residents (GDPR)

If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. Specifically, you have the following rights:

• Right of Access: Request a complete copy of your stored personal data
• Right to Rectification: Correct incorrect, incomplete, or outdated information
• Right to Erasure: Request permanent deletion of your personal data (upon app uninstall or by request)
• Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format
• Right to Object: Object to the processing of your personal data under certain circumstances
• Right to Restriction: Request restriction of processing in certain situations
• Right to Withdraw Consent: Withdraw your consent at any time where we rely on consent to process your data

If you would like to exercise any of these rights, please contact us at geral@aristech.pt. We will respond to your request within 30 days.

Legal Basis for Processing (GDPR)

We process your information under the following legal bases:

• Contractual Necessity: To fulfill our contract with you when you install and use the App
• Legitimate Interests: To operate, improve, and secure the App, provided these interests are not overridden by your rights
• Consent: For certain data processing activities, we will ask for your explicit consent
• Legal Obligations: To comply with applicable laws and regulations

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information held by us
• Right to opt-out of the sale of personal information (note: we do not sell personal information)
• Right to non-discrimination for exercising your CCPA rights

7. Data Retention

We retain your store data only while the application is installed and active. When you uninstall Shift:

• All data is automatically deleted within 30 days
• You can request immediate deletion by contacting support
• Backups are permanently erased after 90 days
• Access logs are retained for a maximum of 6 months for security purposes

8. Cookies and Similar Technologies

Shift uses essential cookies for application functionality:

• Session cookies for Shopify authentication
• Preference cookies to save user settings
• We do not use advertising or third-party tracking cookies

9. Children's Privacy

The Shift application is intended for commercial users and store owners. We do not intentionally collect personal information from individuals under 16 years of age. If we identify data from minors, we will immediately delete such information.

10. International Data Transfers

Your data may be stored and processed on servers located in the European Union and United States (Google Cloud/Firebase). If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that your information will be transferred outside of these regions.

We ensure all international transfers comply with GDPR and other applicable data protection laws through:

• Standard Contractual Clauses: We use Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without adequacy decisions
• Service Provider Certifications: Our infrastructure providers (Google Cloud/Firebase) maintain robust security certifications including ISO 27001, SOC 2, and comply with applicable privacy frameworks
• Technical Safeguards: Data encryption in transit and at rest, access controls, and regular security audits
• EU-U.S. Data Privacy Framework: Where applicable, we rely on providers participating in recognized data transfer mechanisms

By using the App, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules than your country.

11. Changes to This Policy

We may update this Privacy Policy from time to time in order to reflect changes to our practices, for operational, legal, or regulatory reasons, or to accommodate new features and services.

When we make changes to this Privacy Policy:

• We will update the "Last updated" date at the top of this policy
• For significant changes, we will notify you through the Shopify App with at least 14 days' advance notice
• We may also send you an email notification to the email address associated with your Shopify account
• Your continued use of the App after changes become effective constitutes acceptance of the revised policy

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information.

12. Do Not Track

Please note that we do not alter our App's data collection and use practices when we see a Do Not Track signal from your browser. However, the App does not track users across third-party websites and therefore does not respond to Do Not Track signals.

13. Contact Us and Data Protection Officer