Privacy Policy
# Privacy Policy for GrowthEngine
**Effective Date:** January 1, 2024
**Last Updated:** January 1, 2024
## 1. Introduction
GrowthEngine ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application ("App") and related services.
## 2. Information We Collect
### 2.1 Store Information
- Shop domain and basic shop information
- Shop owner contact information
- Plan and subscription details
- Shop settings and preferences
### 2.2 Customer Data
- Customer names, email addresses, and phone numbers
- Order history and transaction data
- Appointment booking information
- Loyalty program participation and points
- Marketing preferences and consent status
### 2.3 Product and Inventory Data
- Product information and descriptions
- Inventory levels and availability
- Service definitions and pricing
- Staff assignments and schedules
### 2.4 Usage and Analytics Data
- App usage patterns and feature utilization
- Performance metrics and error logs
- IP addresses and device information
- Session data and interaction patterns
### 2.5 Communication Data
- Email and SMS communication logs
- Marketing campaign data
- Review and feedback submissions
- Support ticket information
## 3. How We Use Your Information
### 3.1 Service Provision
- Provide and maintain the GrowthEngine application
- Process appointments and bookings
- Manage customer loyalty programs
- Send appointment reminders and confirmations
- Generate analytics and reporting
### 3.2 Marketing and Communication
- Send marketing emails and SMS (with consent)
- Provide customer support
- Send app updates and announcements
- Conduct surveys and collect feedback
### 3.3 Analytics and Improvement
- Analyze app usage to improve features
- Monitor performance and troubleshoot issues
- Conduct research and development
- Generate business insights and recommendations
## 4. Information Sharing and Disclosure
### 4.1 Third-Party Services
We may share your information with:
- **Shopify**: As required for app functionality
- **Email Service Providers**: For sending marketing communications
- **SMS Providers**: For appointment reminders and notifications
- **Analytics Services**: For usage analysis and improvement
- **Cloud Storage Providers**: For secure data storage
### 4.2 Legal Requirements
We may disclose your information when required by law or to:
- Comply with legal processes
- Protect our rights and property
- Prevent fraud or illegal activities
- Protect user safety
### 4.3 Business Transfers
In the event of a merger, acquisition, or asset sale, your information may be transferred as part of the business transaction.
## 5. Data Security
### 5.1 Security Measures
We implement industry-standard security measures including:
- Encryption of data in transit and at rest
- Regular security audits and assessments
- Access controls and authentication
- Secure coding practices
- Regular backup and disaster recovery procedures
### 5.2 Data Retention
We retain your information for as long as:
- Your Shopify store uses our application
- Required for legal or business purposes
- You have an active customer account
## 6. Your Rights and Choices
### 6.1 Access and Control
You have the right to:
- Access your personal information
- Correct inaccurate information
- Delete your personal information
- Export your data
- Opt-out of marketing communications
### 6.2 Customer Rights
Your customers have the right to:
- Access their personal information
- Request deletion of their data
- Opt-out of marketing communications
- Withdraw consent for data processing
### 6.3 Data Portability
You can export your data from GrowthEngine at any time through the app dashboard or by contacting our support team.
## 7. GDPR Compliance
### 7.1 Legal Basis for Processing
We process personal data under the following legal bases:
- **Consent**: For marketing communications
- **Contract**: For service provision
- **Legitimate Interest**: For analytics and improvement
- **Legal Obligation**: For compliance requirements
### 7.2 EU Rights
If you are located in the EU, you have additional rights including:
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
## 8. CCPA Compliance
### 8.1 California Residents
If you are a California resident, you have the right to:
- Know what personal information we collect
- Delete personal information
- Opt-out of the sale of personal information
- Non-discrimination for exercising privacy rights
### 8.2 Do Not Sell
We do not sell personal information to third parties.
## 9. Children's Privacy
Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it.
## 10. International Transfers
Your information may be transferred to and stored in countries outside your residence. We ensure appropriate safeguards are in place for such transfers.
## 11. Updates to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on our website
- Sending email notifications to store owners
- Displaying notifications in the app
## 12. Contact Information
### 12.1 Data Controller
GrowthEngine
Email: privacy@revenuapp.com
Website: https://revenuapp.com
### 12.2 Data Protection Officer
For privacy-related inquiries:
Email: dpo@revenuapp.com
### 12.3 Support
For general support:
Email: support@revenuapp.com
Documentation: https://docs.revenuapp.com
## 13. Shopify-Specific Provisions
### 13.1 Shopify Data
We access and process Shopify data in accordance with:
- Shopify's API Terms of Service
- Shopify Partner Program Agreement
- This Privacy Policy
### 13.2 Data Processing Agreement
We act as a data processor for customer data processed through Shopify, with Shopify merchants as data controllers.
### 13.3 Webhook Data
We process webhook data from Shopify to provide real-time functionality and maintain data synchronization.
## 14. Technical Safeguards
### 14.1 Encryption
- All data is encrypted in transit using TLS 1.3
- Data at rest is encrypted using AES-256
- Database connections use SSL encryption
### 14.2 Access Controls
- Role-based access controls
- Two-factor authentication for administrators
- Regular access reviews and revocation
### 14.3 Monitoring
- Continuous security monitoring
- Automated threat detection
- Regular vulnerability assessments
---
**This Privacy Policy governs your use of GrowthEngine and forms part of our Terms of Service. By using our app, you consent to the practices described in this policy.**