Privacy Policy

When you install DualPerks through the Shopify App Store, we access the following data via the Shopify API:

• Store information (shop domain, name, email, timezone, currency)
• Customer data (name, email address, order history relevant to loyalty calculations)
• Order data (order IDs, amounts, timestamps, fulfilment status) needed to calculate and award loyalty points
• App configuration and merchant settings stored in our database

We do not collect payment card data. All payment processing is handled exclusively by Shopify.

We use the data we collect to:

• Calculate and award loyalty points for qualifying purchases
• Track referral codes and process referral rewards
• Manage affiliate partner relationships and calculate commission payouts
• Send automated email notifications to your customers on your behalf (e.g. points earned, reward redeemed)
• Provide analytics and reporting within the DualPerks dashboard
• Comply with legal obligations, including GDPR data access and erasure requests

We do not sell your data or your customers' data to third parties. We do not use your data for advertising purposes.

DualPerks sends transactional emails to your store's customers on your behalf. These emails are triggered by loyalty events (points earned, referrals completed, etc.) and use templates you configure within the app.

Email delivery is handled via Plunk (useplunk.com). Your customers' email addresses are transmitted to Plunk solely for the purpose of delivering these notifications. Plunk does not use this data for marketing or any other purpose.

Your data is stored in a PostgreSQL database hosted on infrastructure in the European Union. We use industry-standard encryption in transit (TLS) and at rest. Access to production systems is restricted to authorised team members only.

We retain merchant and customer data for as long as your store has DualPerks installed. On uninstall, we retain data for 30 days to allow for reinstallation, after which it is permanently deleted.

If your store operates within the European Economic Area (EEA), DualPerks supports the following GDPR customer rights:

• Right to access: Customers can request a copy of the personal data DualPerks holds about them. We will provide this within 30 days of a valid request.
• Right to erasure: Customers can request deletion of their data. We will redact all personally identifiable information while retaining anonymised transaction records for audit purposes.
• Right to portability: Data can be exported in a machine-readable format upon request.

GDPR requests from Shopify are automatically processed by DualPerks via the mandatory Shopify GDPR webhooks.

DualPerks integrates with the following third-party services:

• Shopify: hosting, billing, and API access. Governed by Shopify's Privacy Policy.
• Plunk: transactional email delivery.

DualPerks is a server-rendered web application embedded within the Shopify admin. We use session cookies strictly necessary for authentication. We do not use tracking cookies or advertising pixels.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the store owner's address on file. Continued use of DualPerks after changes are posted constitutes acceptance of the updated policy.

Questions or concerns about this Privacy Policy? Contact us at privacy@dualperks.eu or use the contact form.