Privacy Policy

2.1Information Collected from Merchants

2.2Information Collected from App Users

2.3Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and platform dashboard. These include:

• Essential cookies: Necessary for authentication, session management, and security.
• Functional cookies: Used to remember user preferences and platform settings.
• Analytics cookies: Used to understand how users navigate our website and dashboard.
• Marketing cookies: Used on our website to track campaign performance (not deployed within Merchant Apps without explicit configuration).

For detailed information regarding cookie types and durations, please refer to our Cookie Policy.

3.1To Provide and Maintain the Service

• Authenticating Merchant accounts and managing platform access
• Synchronising Shopify store data to render and update Merchant Apps in real time
• Processing subscription payments and generating invoices
• Providing customer support and responding to technical queries
• Deploying, hosting, and maintaining Merchant Apps on iOS and Android platforms

3.2To Operate Merchant Apps for App Users

• Displaying product catalogues, collections, and store content
• Processing in-app orders and relaying order data to the Merchant's Shopify instance
• Enabling user account creation, login, and profile management
• Delivering push notifications authorised by the Merchant and consented to by App Users
• Providing order tracking and status updates to App Users

3.3Analytics and Platform Improvement

• Generating Merchant-facing analytics dashboards displaying app performance, engagement, and conversion metrics
• Conducting internal analysis to improve platform features, performance, and reliability
• Identifying and resolving technical errors and bugs
• Conducting aggregated, anonymised analysis to understand usage patterns

3.4Communications and Marketing

• Sending transactional emails (account confirmations, invoices, service notices)
• Sending product updates, new feature announcements, and educational content to Merchants who have opted in
• Responding to support requests and enquiries

3.5Legal Compliance and Security

• Complying with applicable laws, regulatory requirements, and legal proceedings
• Enforcing our Terms of Service and other agreements
• Detecting, investigating, and preventing fraudulent transactions, abuse, or security incidents

4.1Shopify API Usage

Our platform accesses the Merchant's Shopify store exclusively through the Shopify Admin API using OAuth 2.0 for authorisation. We request only the API scopes necessary to deliver the contracted services:

• read_products / write_products — to sync product data to the Merchant App
• read_orders / write_orders — to relay and display order information
• read_customers — to support account-based features within the Merchant App
• read_inventory — to display live inventory status
• read_collections / read_content — to reflect store structure in app navigation

Merchants may revoke our API access at any time through their Shopify admin panel. Upon revocation or subscription termination, we cease API calls and initiate the data deletion process as described in Section 7.

4.2Responsibility for Merchant Customer Data

Merchants are solely responsible for their legal basis for collecting and processing their customers' personal data via Shopify and the Merchant App. Dzine Your App does not independently determine the purposes or means of processing App User data belonging to Merchants' customers. Merchants must maintain their own privacy notices, obtain necessary consents, and comply with all applicable data protection legislation in their respective jurisdictions.

4.3Data Processing Agreement

Merchants who are subject to GDPR or other data protection frameworks may execute a Data Processing Agreement (DPA) with Dzine Your App, which governs our processing of personal data on their behalf. Please contact support@dzineyourapp.com to request a DPA.

5.1Push Notifications to App Users

Dzine Your App provides a push notification delivery infrastructure that allows Merchants to send notifications to their App Users. The following principles govern this functionality:

• Consent: Push notifications are sent only to App Users who have expressly consented to receive them on their mobile device. This consent is solicited at the operating system level (iOS and Android permission prompts) and is managed by the Merchant within their campaign configuration.
• Merchant Control: The content, frequency, targeting, and timing of push notifications are determined by the Merchant. Dzine Your App provides the technical delivery mechanism only.
• Opt-Out: App Users may withdraw consent to push notifications at any time by adjusting their device notification settings or through any opt-out mechanism provided within the Merchant App.
• No Unsolicited Communications: Dzine Your App does not send push notifications to App Users independently or for its own promotional purposes.

5.2Marketing Communications to Merchants

We may send Merchants promotional and informational communications regarding our services. These communications are sent only to Merchants who have provided consent at account registration or through explicit opt-in.

Merchants may unsubscribe at any time by:

• Clicking the "Unsubscribe" link included in every marketing email
• Adjusting notification preferences within the Merchant dashboard
• Contacting us at support@dzineyourapp.com

6.1Service Providers and Sub-Processors

We engage vetted third-party service providers who process data on our behalf to support the delivery of our services. These include:

• Cloud infrastructure providers (for hosting and data storage)
• Payment processors (for subscription billing)
• Analytics platforms (for platform and app performance monitoring)
• Push notification delivery services
• Customer support software providers
• Email service providers (for transactional and marketing communications)

All sub-processors are bound by data processing agreements. A list of our current sub-processors is available upon written request to support@dzineyourapp.com.

6.2Merchants

App User data (such as order history, account information, and usage metrics) is shared with the relevant Merchant whose application the App User is using. This sharing is necessary to fulfil the core purpose of the service.

6.3Legal Requirements

We may disclose personal data where required by:

• Applicable law, regulation, or court order
• Requests from governmental or regulatory authorities with competent jurisdiction
• Enforcement of our Terms of Service or protection of our legal rights
• Prevention of fraud, imminent harm, or criminal activity

6.4Business Transfers

In the event of a merger, acquisition, asset sale, or similar corporate transaction, personal data may be transferred to the acquiring entity. We will provide notice to affected parties prior to any transfer and before personal data becomes subject to a materially different privacy policy.

6.5Aggregated and Anonymised Data

We may share aggregated and anonymised data — data from which individual identities cannot reasonably be determined — with partners, in public reporting, or for research purposes. Such data does not constitute personal data and is not subject to the restrictions in this Policy.

7.1Merchant Data

• Active account data is retained for the duration of the Merchant's subscription.
• Following account termination or subscription cancellation, we retain Merchant account data (including billing records) for a period of six (6) years for legal and tax compliance purposes, unless a shorter period is required.
• Shopify store data (products, orders, customer records accessed via API) is deleted or anonymised within ninety (90) days of subscription termination, unless the Merchant requests earlier deletion or we are required to retain it by applicable law.

7.2App User Data

• App User data is retained for as long as the Merchant's application remains active and the user's account has not been deleted.
• App User accounts and associated data may be deleted upon the App User's request, subject to the Merchant's applicable policies.
• Following the deletion of a Merchant's account or application, associated App User data is deleted or anonymised within ninety (90) days.

7.3Analytics and Log Data

• Aggregated analytics data may be retained for longer periods in anonymised form for platform improvement purposes.
• Server and system logs are retained for a maximum of twelve (12) months for security and diagnostic purposes.

8.1Encryption

• Data in Transit: All data transmitted between the platform, Merchant dashboards, Merchant Apps, and third-party services is encrypted using TLS 1.2 or higher.
• Data at Rest: Personal data stored in our databases and cloud infrastructure is encrypted at rest using AES-256 encryption.
• API Credentials: Shopify API tokens and OAuth credentials are stored in encrypted form using dedicated secrets management systems.

8.2Access Controls

• Role-based access control (RBAC) is enforced across all internal systems.
• Multi-factor authentication (MFA) is mandatory for all internal administrative access.
• Merchant dashboard access is protected by secure authentication mechanisms and session management controls.
• Access logs are maintained and reviewed for anomalous activity.

8.3Infrastructure Security

• Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 Type II and ISO 27001 certifications (or equivalent).
• We maintain firewall protections, network segmentation, and intrusion detection systems.
• Regular automated vulnerability scanning and periodic penetration testing are conducted.
• Database access is restricted to authorised application services and does not permit direct external access.

8.4Incident Response

In the event of a personal data breach, we maintain a documented incident response procedure. We will notify affected Merchants and, where required by applicable law, the relevant supervisory authority within the timeframes mandated by applicable legislation (e.g., 72 hours under GDPR Article 33).

8.5Limitations

While we implement commercially reasonable security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of personal data. Merchants are responsible for maintaining the security of their own Shopify store credentials and access controls.

9.1Rights Under GDPR (EEA & UK)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

• Right of Access: Request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data in certain circumstances.
• Right to Restriction: Request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability: Receive your personal data in a structured, machine-readable format where applicable.
• Right to Object: Object to processing based on legitimate interests or direct marketing purposes.
• Automated Decision-Making: Right not to be subject to decisions based solely on automated processing producing significant legal effects.

To exercise these rights, contact us at support@dzineyourapp.com. We will respond to verified requests within thirty (30) days, subject to applicable exemptions.

9.2Rights Under CCPA (California Residents)

If you are a California resident, the CCPA/CPRA provides you with the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information collected, sources, business purposes, and third-party sharing.
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out: We do not sell personal information or share it for cross-context behavioural advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

9.3Opt-Out of Marketing Communications

Any person who has received marketing communications from us may opt out at any time by:

• Using the "Unsubscribe" link in any marketing email
• Updating notification preferences in the platform dashboard
• Contacting us at support@dzineyourapp.com

9.4App User Rights

App Users seeking to exercise data rights in respect of data processed by a Merchant's application should contact that Merchant directly, as the Merchant is the data controller for App User data. Dzine Your App will assist Merchants in responding to such requests where technically feasible and required by law.

10.1What Are Cookies?

Cookies are small text files placed on your device by a website or application to store information about your session and preferences. We also use similar technologies such as web beacons, pixel tags, and local storage.

10.2How We Use Cookies

• Strictly Necessary Cookies: Required for platform authentication, security, and core functionality. Cannot be disabled without impairing service.
• Performance and Analytics Cookies: Collect anonymised data on how Merchants and visitors use our website and dashboard.
• Functional Cookies: Remember your preferences and settings to personalise your experience.
• Marketing Cookies: Used on our website to measure campaign effectiveness. Not deployed within Merchant Apps without explicit Merchant configuration.

10.3Your Cookie Choices

You may manage cookie preferences via the cookie banner displayed on first visit to our website, or through your browser's privacy settings. Please note that opting out of strictly necessary cookies will affect platform functionality. For further detail, please consult our full Cookie Policy.

11.1Analytics Providers

We use analytics tools to monitor platform performance, track in-app engagement events, and generate Merchant-facing dashboards. These tools may include Firebase Analytics (Google), Mixpanel, Amplitude, or comparable services. Analytics data is processed in accordance with each provider's terms and, where applicable, is subject to data processing agreements.

11.2Cloud Hosting and Infrastructure

Our platform is hosted on enterprise cloud infrastructure such as Amazon Web Services (AWS), Google Cloud Platform (GCP), or equivalent providers. These providers maintain independent security certifications and data centre controls. Data may be hosted in multiple regions; refer to Section 13 for information on international data transfers.

11.3Payment Processors

Subscription billing is handled by third-party payment gateways such as Stripe or comparable providers. Dzine Your App does not store, transmit, or process raw payment card data. Payment processors are PCI-DSS compliant and operate under their own privacy and security policies.

11.4Push Notification Services

Push notification delivery is facilitated by services such as Firebase Cloud Messaging (FCM) for Android and Apple Push Notification Service (APNs) for iOS. These services receive device tokens and notification payloads solely for the purpose of delivering authorised notifications to App Users.

11.5Email Service Providers

Transactional and marketing emails are delivered through third-party email service providers. These providers process Merchant email addresses in accordance with applicable data protection laws and our data processing instructions.

11.6Shopify

As a Shopify Partner, we operate within the Shopify ecosystem under Shopify's API Terms of Service and Partner Program Agreement. Our access to Shopify store data is subject to Shopify's own Privacy Policy, available at shopify.com/legal/privacy.

13.1Transfers from the EEA and UK

Where we transfer personal data from the EEA or UK to countries not recognised as providing an adequate level of data protection, we rely on one or more of the following safeguards:

• Standard Contractual Clauses (SCCs): We incorporate the European Commission-approved SCCs (2021/914/EU) into our data processing agreements with sub-processors in third countries.
• UK International Data Transfer Agreements (IDTAs): For transfers subject to UK GDPR, we use the UK IDTA or the Addendum to the EU SCCs as applicable.
• Adequacy Decisions: Where an adequacy decision has been issued in respect of the destination country, we rely on such determination.

13.2General

By using our services, Merchants acknowledge and consent to the international transfer of their data in accordance with this Policy and applicable legal mechanisms. Merchants may request information about the safeguards applicable to specific data transfers by contacting support@dzineyourapp.com.