Privacy Policy

1. Who this policy covers

• Website visitors who browse our public marketing pages.
• Merchants (including staff who access the app in Shopify Admin) who install or configure EarnEasy.
• Shoppers / customers of a store whose information we process only to provide loyalty, referral, and related functionality to the merchant that installed EarnEasy, and as described in this policy.

If you interact with a merchant's store, that merchant is typically responsible for providing you its own privacy notice. Our processing is performed on the merchant's behalf and under their instructions, subject to our agreement with them and this policy.

2. Information we collect

2.1 Marketing website

When you load our marketing site, our hosting provider and infrastructure may automatically receive technical data such as your IP address, browser type, approximate region inferred from network data, request timestamps, and similar network and device signals. We use web fonts via Next.js (self-hosted through the framework); we do not load tracking cookies from third-party ad networks on this marketing site based on our current implementation. If we introduce analytics or marketing tags in the future, we will update this policy and, where required, your consent flows.

2.2 Merchants and the Shopify app

When you install EarnEasy, we receive information from Shopify and connect your store to our services. This can include store identifiers, OAuth session details, staff user identifiers and profile information Shopify makes available to installed apps, billing and plan status synced through Shopify, and configuration you save in the app (such as loyalty rules and program settings).

2.3 Store customers (loyalty)

To operate loyalty, referrals, VIP tiers, rewards, and redemptions, we process data that may include Shopify customer identifiers, loyalty balances and tier state associated with a customer, referral codes and referral events, order identifiers and limited order-related attributes needed to calculate earn or validate usage, redemption and discount-code records, optional email addresses when surfaced by Shopify or supplied for referrals, and append-only ledger and analytics records derived from the above. Exact fields depend on features you enable and Shopify's APIs.

We may emit structured operational and audit logs for security and troubleshooting; we design these to minimize unnecessary personal detail.

3. How we use information

We use personal information to:

• Provide, operate, secure, and improve EarnEasy and the marketing site.
• Authenticate merchants, maintain sessions, and enforce plan limits and feature availability.
• Calculate points, tiers, referrals, rewards, and discounts in line with merchant configuration and Shopify platform mechanics.
• Send or surface transactional and service-related messages where applicable (for example, support responses you request).
• Meet legal obligations, respond to lawful requests, and protect our rights and the security of users.

We do not sell your personal information for money. We do not use shopper loyalty data to run cross-context behavioral advertising for unrelated third-party marketing. Merchants may integrate external tools (for example, automation platforms); those integrations are configured by the merchant and governed by their policies as well.

4. Legal bases (EEA, UK, and similar regions)

Where GDPR or similar laws apply, we rely on one or more of the following: performance of a contract with merchants who use EarnEasy; our legitimate interests in operating a secure loyalty platform and the marketing site (balanced against your rights); compliance with legal obligations; and, where required, consent for specific optional activities. Shoppers' data is typically processed as a processor on behalf of the merchant, who determines the lawful basis toward their customers.

5. How we share information

We share personal information with service providers who help us run the product and website, including:

• Shopify — hosting the app within Shopify Admin, platform APIs, checkout and customer surfaces, billing, and mandatory compliance webhooks.
• Vercel (or successor hosting) — application and HTTP edge hosting, logs, and related infrastructure for our application backend and services.
• Supabase / PostgreSQL hosting — database storage for application data (for example session storage, loyalty accounting tables, and operational records described in our data model).

We may also disclose information if required by law, to respond to valid legal process, to protect the safety of any person, or in connection with a merger, acquisition, or asset sale (with appropriate notices where required).

6. International transfers

We may process and store information in the United States and other countries where we or our subprocessors operate. Where transfers from the EEA, UK, or Switzerland are involved, we use appropriate safeguards such as Standard Contractual Clauses or other mechanisms recognized by applicable law, together with technical and organizational measures.

7. Retention

We retain personal information only as long as necessary for the purposes above, including to provide the service, meet legal obligations, resolve disputes, and enforce agreements. For example, merchant session data is kept until you uninstall or we terminate access; loyalty-related records are kept as needed to operate features and are pruned or removed when a store or customer is deleted in line with Shopify compliance notifications and our retention practices. Logs may be kept for shorter rolling periods for security and diagnostics.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal information, including transport encryption (HTTPS), access controls, and least-privilege patterns within our application. No method of transmission or storage is completely secure; we work to continually improve safeguards.

9. Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or export certain personal information, or to object to certain processing. You may also have the right not to be discriminated against for exercising privacy rights (U.S. state laws). If we process personal information on behalf of a merchant about that merchant's customer, we will often need to route requests through the merchant or Shopify's processes—merchants can submit customer requests through Shopify's compliance tools, and we honor applicable mandatory webhooks and contractual obligations.

To exercise rights directly with us regarding information we hold as a business about you as a website visitor or merchant user, contact us using the details below. We may need to verify your request and may extend response timelines as permitted by law.

10. Children

EarnEasy is not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps.

11. Changes

We may update this policy from time to time. We will post the updated version on this page and, where required, provide additional notice (for example, in the app or by email). Continued use after the effective date constitutes acceptance of the updated policy, to the extent permitted by law.

12. Contact

For questions about this Privacy Policy or our privacy practices:

• Use the support contact shown on the EarnEasy listing in the Shopify App Store, or the in-app help or support channel we provide from time to time.