MobiLoud Shopify App Privacy Policy

‍

Introduction

Through the MobiLoud Shopify App ("the App"), we, Fifty Pixels Ltd trading as "MobiLoud", provide Shopify merchants with tools to send push notifications and track orders from their mobile applications. This Privacy Policy explains how we process data from both merchants and their customers when using our App.

By installing and using the App, merchants agree to this privacy policy. If you are also a MobiLoud customer using our website (mobiloud.com) or other services, you additionally agree to our general Privacy Policy available at mobiloud.com/privacy. This App-specific privacy policy should be read in conjunction with our general Privacy Policy where applicable.

Roles and Responsibilities

In the context of data processing:

• MobiLoud (Fifty Pixels Ltd) acts as the Data Processor, processing data on behalf of the merchant
• The Shopify merchant acts as the Data Controller, determining the purposes and means of processing end-user data
• End-users are the Data Subjects to whom the Personal Data refers

Merchant Data Collection

When merchants install and use our App, we collect the following information:

Account Information

• Store owner's name and email address
• Store name and URL
• Phone number (if provided)
• Physical business address

Technical Information

• OneSignal API credentials
• App configuration settings
• Store's timezone and currency settings
• Technical logs related to App usage

Usage Information

• Features enabled/disabled
• Notification settings and configurations
• App installation and uninstallation events
• Support and communication history

We use this information to:

• Provide and maintain the App service
• Send important updates and notifications
• Provide technical support
• Process payments and manage your subscription
• Improve our service based on usage patterns

End-User Data Processing

When Processing Begins

We only process end-user data when a merchant has installed our Shopify App AND

1. The merchant has enabled order and customer tagging features
2. The merchant has configured OneSignal integration by providing valid API credentials and activating push notifications for orders updates.

What End-User Data We Process

When enabled, we process the following end-user data:

• Contact information (name, email address)
• Order information (excluding payment data)
• Device information (browser and operating system)
• Location data (IP address)

We specifically do not process or have access to:

• Payment or financial information
• Credit card details
• Detailed browsing history

How We Use End-User Data

We process end-user data solely for two specific purposes:

1. Push Notifications: To enable automated order status notifications through OneSignal
2. Order/User Tagging: To identify and tag orders and customers that come through the mobile app

Data Flow and Storage

Here's how we handle end-user data:

1. Data is collected through the Shopify platform based on the permissions granted during app installation
2. When a relevant event occurs (such as an order status change), the data is sent to our servers
3. Our servers process this data in real-time and forward it to OneSignal for push notification delivery
4. We do not store end-user data on our servers
5. Data is only processed and transmitted as needed for the immediate notification or tagging operation

Third-Party Services

We use the following third-party services for data processing and infrastructure:

Push Notification Service

• OneSignal: For delivering push notifications
  • Merchants must create and manage their own OneSignal account
  • Data shared with OneSignal is subject to their privacy policy: OneSignal Privacy Policy

Infrastructure and Hosting

• Digital Ocean: For hosting our application servers
  • Place of processing: US
  • Privacy Policy: https://www.digitalocean.com/legal/privacy-policy
• Cloudflare: For routing traffic and hosting configuration files
  • Cloudflare logs basic technical data (such as IP addresses and HTTP headers)
  • This data is used solely for operation and maintenance purposes
  • Place of processing: US
  • Privacy Policy: https://www.cloudflare.com/privacypolicy/

Data Security

We implement appropriate security measures to protect both merchant and end-user data during transmission, including:

• Encrypted data transmission using industry-standard protocols
• Secure API authentication
• Regular security audits and updates

Merchant Responsibilities

As the data controller, merchants using our App are responsible for:

• Obtaining appropriate consent from end-users for push notifications
• Providing notice to end-users about data processing through the App
• Managing their OneSignal account and related settings
• Ensuring their privacy policy adequately covers the use of our App, Onesignal and push notifications

Data Subject Rights

End-users should contact the merchant (Shopify store) directly to:

• Opt-out of push notifications
• Request information about their data processing
• Exercise any data subject rights

Merchants can contact us directly to:

• Access their account information
• Update their personal information
• Delete their account and associated data
• Export their data

Changes to This Policy

We may update this privacy policy from time to time. We will notify merchants of any significant changes through the Shopify admin panel.

Legal Information

This privacy policy has been prepared based on provisions of multiple legislations, including:

• Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation)
• California Consumer Privacy Act (CCPA)
• California Privacy Rights Act (CPRA)

This policy shall be governed by and construed in accordance with the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.

Contact Information

For questions about this privacy policy or our data practices, please contact:

Fifty Pixels Ltd

209 High Road

N2 8AN

London, UK

Email: privacy@mobiloud.com

‍