App's Privacy Policy

Privacy Policy

Shared Sweeps — Shopify Application
Last updated: 16 June 2026

This Privacy Policy explains how Shared Sweeps ("the App", "we", "us", or "our") collects, uses, shares, and protects information when a merchant installs and uses the App on their Shopify store, and when that store's customers participate in giveaways and sweepstakes powered by the App.

By installing or using the App, you agree to the practices described in this policy. If you do not agree, please do not install or use the App.

1. Who we are

Shared Sweeps is a Shopify application that lets merchants run giveaways and sweepstakes in their store — awarding entries based on purchases, subscriptions, coupons, referrals, and other configurable rules. The App acts as a data processor on behalf of the merchant (the data controller) with respect to store and customer data, and as a data controller for the merchant account information we use to operate and support the App.

2. Information we collect

We collect only the information needed to provide the App's functionality.

Merchant & store account data

  • Store domain (myshopify.com domain) and shop identifier
  • Store owner / staff name, email address, and locale
  • Authentication tokens and session details required to access the Shopify Admin API on your behalf
  • Granted access scopes and account role (e.g. account owner, collaborator)

Customer & order data

  • Customer identifiers and email addresses
  • Order identifiers, order amounts, and purchase/subscription history
  • Customer tags, order tags, and sales channel information
  • Earned and accumulated giveaway entries and reward balances
  • Coupon and referral activity related to giveaways

The App does not collect or store full payment card numbers, bank details, or other complete financial-instrument data. Payments are handled entirely by Shopify and its payment providers.

Configuration & content data

Data you create while configuring the App, such as giveaway titles and descriptions, schedules, multipliers, eligibility profiles, product and collection settings, email templates, and uploaded images.

Technical, log & audit data

  • IP address, user agent, and request identifiers
  • Change-log and audit records (who changed a giveaway setting, when, and what changed)
  • Webhook payloads received from Shopify
  • Error reports and diagnostic/performance data
  • Cookies and similar technologies strictly necessary for the App to function

3. How we use information

  • Provide, operate, and maintain the App's core functionality
  • Calculate, award, recalculate, and reconcile giveaway entries
  • Run scheduled tasks, recover missing orders, and process webhooks
  • Send transactional and giveaway-related emails on the merchant's behalf
  • Provide merchant support and respond to inquiries
  • Maintain audit trails and detect tampering, fraud, or abuse
  • Monitor, debug, and improve the reliability, security, and performance of the App
  • Comply with our legal obligations

We do not sell personal information, and we do not use store customer data for our own advertising.

4. Legal bases for processing

Where the GDPR or similar laws apply, we rely on the following legal bases: performance of a contract (to provide the App), our legitimate interests (to secure, support, and improve the App), compliance with legal obligations, and consent where required. For store customer data, the merchant is responsible for establishing the appropriate legal basis and for collecting any necessary consents.

5. How we share information

  • Shopify — the platform on which the App and your store operate.
  • Service providers / sub-processors who host infrastructure, send email, store files, and provide error monitoring (see section 6).
  • Third-party integrations you enable, such as marketing platforms, to which you direct us to send data.
  • Legal & safety recipients, where disclosure is required by law or necessary to protect rights, property, or safety.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

6. Third-party services & sub-processors

The App relies on the following third-party services, each processing data only as needed to provide its service:

  • Shopify — store platform, authentication, and Admin API access
  • Cloud database & application hosting — storing and processing App data
  • Amazon Web Services (S3) — storage of uploaded images and files
  • Resend — delivery of transactional and giveaway emails
  • Klaviyo (optional, merchant-enabled) — marketing integration, where you enable and configure it
  • Sentry — error monitoring and performance diagnostics

The specific list of sub-processors may change as the App evolves; we will update this policy to reflect material changes.

7. Data retention

We retain personal information for as long as the App is installed and as needed to provide the service, comply with legal obligations, resolve disputes, and enforce our agreements. When a merchant uninstalls the App, we delete or de-identify the associated store and customer data within a reasonable period, except where retention is required by law. In line with Shopify's requirements, we honor mandatory data-erasure requests, including the shop/redact and customers/redact webhooks.

8. Data security

We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, scoped credentials, and audit logging. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work to protect your data and to address vulnerabilities promptly.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal information, and to object to certain processing. To exercise these rights, contact us using the details in section 14. We may need to verify your identity before acting on a request. You also have the right to lodge a complaint with your local data protection authority.

10. Information about store customers

Much of the data the App processes belongs to the customers of the merchant's store. For that data, the merchant is the controller and the App acts as a processor under the merchant's instructions. If you are a shopper and wish to exercise your privacy rights, please contact the store you interacted with; the merchant may direct such requests to us, and we will assist them in responding.

11. International data transfers

We and our service providers may process information in countries other than where you reside. Where required, we use appropriate safeguards (such as standard contractual clauses) for international transfers of personal information.

12. Children's privacy

The App is intended for use by merchants and is not directed to children. We do not knowingly collect personal information from children under the age of 13 (or the applicable age in your jurisdiction). If you believe a child has provided us with personal information, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will revise the "Last updated" date above and, where appropriate, provide additional notice. Your continued use of the App after changes take effect constitutes acceptance of the updated policy.

14. Contact us

If you have questions or requests regarding this Privacy Policy or your personal information, please contact us at:

© 2026 Shared Sweeps. This Privacy Policy is provided for general informational purposes and does not constitute legal advice. We recommend having it reviewed by qualified legal counsel before publication.