Privacy policy

Introduction

Welcome to Discount Composer (the "App"), developed by Qyalma ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Shopify application.

By installing and using Discount Composer, you agree to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

1. Information from Shopify

When you install our app, we receive the following information from your Shopify store:

  • Store Information: Store name, domain, owner email, store currency, timezone
  • Product Data: Product titles, descriptions, variants, pricing, collections, inventory
  • Customer Data: Customer names, email addresses, tags, segments (only for discount eligibility)
  • Order Data: Order details, totals, discount usage, line items (for analytics)
  • Discount Data: Existing discount codes and automatic discounts
  • Location Data: Store locations for retail eligibility settings
  • Market Data: International markets and currencies configured in your store

2. Information You Provide

When you use the app, you provide:

  • Discount Configurations: All settings, rules, and conditions you create
  • Cart Group Filters: Product selections, collection selections, filter criteria
  • Customer Eligibility Settings: Customer segments, tags, email domains
  • Support Communications: Messages, feedback, and support requests

3. Automatically Collected Information

  • Usage Data: How you interact with the app, features used, settings modified
  • Performance Data: App load times, error logs, function execution times
  • Device Information: Browser type, operating system, IP address (anonymized)
  • Analytics Data: Discount performance metrics, usage counts, revenue impact

How We Use Your Information

Core Functionality

  • Create and manage volume discounts, BXGY offers, amount-off discounts, and custom discounts
  • Apply discount rules based on cart contents, customer eligibility, and purchase conditions
  • Calculate discount values and generate discount codes
  • Display discount information on your storefront
  • Track discount usage and performance

Analytics and Insights

  • Provide discount performance analytics (usage counts, revenue impact)
  • Generate reports on discount effectiveness
  • Identify trends and optimization opportunities
  • Aggregate data for industry benchmarks (anonymized)

Service Improvement

  • Improve app functionality and user experience
  • Debug errors and fix technical issues
  • Develop new features based on usage patterns
  • Conduct A/B testing for interface improvements

Communication

  • Send important app updates and security notices
  • Provide customer support and respond to inquiries
  • Notify you of new features and improvements
  • Send billing and subscription information

Legal Compliance

  • Comply with applicable laws and regulations
  • Enforce our Terms of Service
  • Protect against fraud and security threats
  • Respond to legal requests and prevent harm

Data Storage and Security

Where We Store Data

  • Primary Storage: Shopify's metafields (encrypted at rest)
  • Analytics Data: Secure cloud servers (AWS, Google Cloud, or similar)
  • Logs: Temporarily stored for debugging (automatically deleted after 30 days)
  • Backups: Encrypted backups for disaster recovery

Security Measures

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Security assessments and penetration testing
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Compliance: SOC 2 Type II and ISO 27001 certified infrastructure

Data Retention

  • Active Subscription: Data retained for the duration of your subscription
  • After Cancellation: Data retained for 30 days to allow reactivation
  • After 30 Days: All discount configurations permanently deleted
  • Analytics Data: Anonymized and aggregated (retained for 2 years)
  • Legal Compliance: Some data retained longer if required by law

Data Sharing and Third Parties

We Share Data With:

Shopify

As a Shopify app, we operate within Shopify's ecosystem. All data is accessed through Shopify's API and subject to Shopify's Privacy Policy.

Cloud Service Providers

  • Hosting: AWS, Google Cloud, or similar (for infrastructure)
  • Database: Managed database services with encryption
  • CDN: Content delivery for faster performance

Analytics Providers

  • Error Tracking: Sentry (for debugging and error monitoring)
  • Usage Analytics: Internal analytics only (no third-party tracking)

Payment Processor

  • Shopify Billing: All payments processed through Shopify's secure billing system
  • We do not store or process payment card information

We DO NOT:

  • Sell your data to third parties
  • Share customer data with advertisers
  • Use your data for marketing purposes without consent
  • Share data with competitors
  • Use customer email addresses for our own marketing

Cookies and Tracking

Cookies We Use

  • Essential Cookies: Required for app authentication and session management
  • Preference Cookies: Remember your settings and preferences
  • Security Cookies: Detect fraud and protect your account

Shopify Cookies

Our app operates within Shopify's admin interface. Shopify sets its own cookies as described in Shopify's Cookie Policy.

Managing Cookies

You can control cookies through your browser settings, but disabling essential cookies may affect app functionality.

Your Privacy Rights

Access and Portability (GDPR Article 15, 20)

  • Request a copy of your data in a machine-readable format
  • View all discount configurations and analytics data
  • Export data at any time through the app interface

Rectification (GDPR Article 16)

  • Correct inaccurate or incomplete data
  • Update discount configurations and settings

Erasure / "Right to be Forgotten" (GDPR Article 17)

  • Request deletion of your data at any time
  • Uninstall the app to trigger automatic data deletion (within 30 days)

Restriction and Objection (GDPR Articles 18, 21)

  • Restrict processing of your data
  • Object to data processing for specific purposes

Data Portability (CCPA)

  • California residents can request data disclosure
  • Request categories of data collected and shared
  • Exercise opt-out rights for data selling (we don't sell data)

How to Exercise Your Rights

Contact us at [email protected] with your request. We will respond within:

  • GDPR: 30 days (may extend to 60 days for complex requests)
  • CCPA: 45 days (may extend to 90 days)

Children's Privacy

Our app is not intended for use by individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Privacy Shield: Compliance with applicable frameworks

Data Breach Notification

In the event of a data breach that may affect your rights and freedoms:

  • We will notify you within 72 hours (GDPR requirement)
  • Notification will include nature of breach, affected data, and mitigation steps
  • We will report to relevant supervisory authorities as required

Your Responsibilities

As a merchant using our app, you are responsible for:

  • Maintaining the security of your Shopify admin credentials
  • Ensuring your use of customer data complies with applicable privacy laws
  • Providing privacy notices to your customers about discount tracking
  • Obtaining necessary consents for data processing
  • Not using the app for illegal purposes

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New features or functionality
  • Legal or regulatory requirements
  • Feedback from users

How We Notify You:

  • Updated "Last Updated" date at the top of this policy
  • Email notification for material changes (30 days advance notice)
  • In-app notification upon login after significant changes

Continued use of the app after changes constitutes acceptance of the updated Privacy Policy.

Legal Basis for Processing (GDPR)

We process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the app service
  • Legitimate Interest: Improving our service, security, and fraud prevention
  • Consent: Marketing communications (opt-in required)
  • Legal Obligation: Compliance with laws and regulations

Supervisory Authority

If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection authority.

EU Data Protection Authorities: Find your authority

Contact Us

For privacy-related questions, requests, or concerns:

Data Protection Officer (DPO):
If required by law, our DPO can be reached at [email protected]

Mailing Address:
Qyalma
[Your Business Address]
[City, State/Province, Postal Code]
[Country]

Compliance Certifications

We are committed to maintaining the highest privacy and security standards:

  • GDPR Compliant: EU General Data Protection Regulation
  • CCPA Compliant: California Consumer Privacy Act
  • Shopify App Store Requirements: Full compliance
  • SOC 2 Type II: Infrastructure security certification
  • ISO 27001: Information security management

Discount Composer by Qyalma
Website: www.qyalma.com
Privacy: [email protected]
Support: [email protected]

This Privacy Policy is effective as of January 2025 and applies to all users of Discount Composer.