Privacy Policy
General
This privacy policy sets out how Product Love uses and protects any information that you provide when you use this website/app. Product Love is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this App, then you can be assured that it will only be used in accordance with this privacy policy. Product Love may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. We reserve the right to update this Privacy Policy at any time and such modifications shall be effective immediately, unless otherwise stated.
Collection of Personal Information through the App
We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. When you install the App, we are automatically able to access certain types of information from your Shopify account:
Shop APIs: general settings and information about your store
Product APIs: your store’s products and collections
Theme APIs: view and modify your store’s theme files
Order APIs: view and modify your store’s orders
ScriptTag APIs: let’s us add functionality to your store without modifying your theme templates
Additionally, we collect the following types of personal information from you and/or your customers once you have installed the App:
Personal information about you and others who may access the App on behalf of your store, such as your name, address, email address, phone number.
Information about individuals who visit your store, such as their IP address, web browser details, time zone, and information about the cookies installed on the particular device.
Use and Share of Information:
Internal record keeping
We may use the information to improve our services. We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email or phone. We may use the information to customise the website according to your interests.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
The Company takes appropriate security measures to protect against unauthorized access, alteration, disclosure or destruction of Personal Information. These include, but are not limited to, internal reviews of: (a) the Company’s data collection; (b) storage and processing practices; (c) electronic security measures; and (d) physical security measures to guard against unauthorized access to systems where the Company stores Personal Information.
Unfortunately, no data transmission over the Internet can be guaranteed to be secure. As a result, while we are committed to protecting your Personal Information, we cannot ensure or warrant the security of any information you provide to us.
All Company employees, contractors and agents who access Personal Information are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution or unauthorized use or disclosure of Personal Information.
Some or all of the Personal Information we collect may be stored or processed on servers located outside your jurisdiction of residence, whose data protection laws may differ from the jurisdiction in which you live. As a result, this information may be subject to access requests from governments, courts or law enforcement in those jurisdictions according to laws in those jurisdictions.
How we use cookies
We collect personal information directly from the relevant individual, through your Shopify account, or using the following technologies: “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the site.
Use Of Services By Minors
Protecting the safety of children when they use the Internet is very important to us. The Product Love.io Properties should only be accessed by individuals of Minimum Age. “Minimum Age” may mean different ages in different countries, depending on where the individual accesses the services. For reference, “Minimum Age” shall mean (a) 14 years old for the United States, Canada, Germany, Spain, Australia, and South Korea; and (b) 13 years old for all other countries. However, if applicable law requires that you must be older than such ages in order for the Company to lawfully provide the Product Love.io Properties to you (including the collection, storage, and use of your information in accordance with this Privacy Policy), and then the Minimum Age would be such older age. The Product Love.io Properties are not designed nor intended for use by children or anyone else under the age of 13.
Law
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
Your rights to your information
You can delete your application data by uninstalling the application. Uninstalling the application will also automatically cancel your subscription and recurring charge.
EUROPEAN ECONOMIC AREA (EEA) NOTICE
If you are located in a country in the European Union (EU) and utilize our Services which are offered to EU residents, or if we collect, track, use or process in some other way your Personal Information collected from you or through your use of our Website, or we transfer that personal information, we will do so in accordance with this Privacy Policy, the applicable Website Terms of Use, and in compliance with applicable requirements of the General Data Protection Regulation (EU 2016/679) (GDPR).
Transfers of Personal Information:
The company is a data controller and responsible for your Personal Information, which we may process and store in the United States of America. The European Commission has decided that the United States ensures an adequate level of protection of individuals’ Personal Information. The company may use the following safeguards when transferring your personal information to a country, that is not within the EEA:
(a) Only transfer your Personal Information to countries that have been deemed by the European Commission to provide an adequate level of protection for personal information;
(b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Information the same protection it has in the EU.
Opt-in:
If you are an EU resident, we may only collect your data using cookies and similar devices, and then track and use your personal information where you have first consented to that. We will not automatically collect personal information from you as described above unless you have consented to us doing so. If you consent to our use of cookies and similar devices, you may at a later date disable them (please see above).
Your Legal Rights:
Under certain circumstances, you may have rights under the data protection laws in relation to your personal information, including the right to:
Request access to your personal information.
Request correction of your personal information.
Request erasure of your personal information.
Object to processing of your personal information.
Request restriction of processing your personal information.
Request transfer of your personal information.
Right to withdraw (revoke) consent.
If you wish to exercise any of these rights, please contact our Privacy Officer at the coordinates provided in the section below.
No Fee Usually Required:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we my charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You:
We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time Limit to Respond:
We try to respond to all legitimate requests within [one] month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Privacy/Data FAQs
-Is it possible to specify used protocols for Data encryption ( at rest and in transit) ?
- Data going from the store’s product pages to Product Loves servers will be over HTTPS.
All requests are automatically redirected from HTTP to HTTPS by our server partner (www.render.com).
- All database backups are encrypted.
- Product Love does not store or interact with any customer credit card or billing data. We capture and store customer names, email addresses and pre-order details (i.e. X quantity of product A). Billing/credit card data is processed through Shopify, not Product Love.
-For how long do you store personal data collected from our website ?
- Product Love has a ‘soft delete’ policy, meaning by default, actions that are taken from within the app, do not destroy data records. Unless requested, we store customer data indefinitely. That said, if you would ever like to have data removed permanently from our databases, we are more than happy to do so.
-How do you secure access to Personal Data and is this access logged ?
Personal data is accessed via https requests to the Product Love web application. All requests with responses containing customer email addresses are behind Shopify’s wall of security. Meaning only the authorised store owner can see it.
Direct access to the database is secured through our server partner (www.render.com) with two-factor authentication implemented.
We can request access logs from this server partner at any time.
-Is our Data Separated from other clients Data ?
One client’s data is not combined with another’s. Data can be isolated at the store, product listing or individual customer level. It can be retrieved and destroyed easily and quickly.
-Have you conducted a recent intrusion test on the solution ?
No we haven’t. However, the Product Love application uses the latest stable version of the web application framework; Ruby on Rails. Amongst others, the large internet companies; Shopify, Github and AirBnB all use Ruby on Rails. This means that Product Love benefits from all of the security updates which are constantly being released for Ruby on Rails and its dependencies.
-Are there regular vulnerability scans performed?
The software repository company that Product Love’s code is hosted on (Github), scans Product Love’s dependencies for vulnerabilities and issues automatic recommended updates.
-Is there a security Incident procedure in case of a security attack ?
Yes. Part of this procedure will be complying to the GDPR obligations as a ‘data processor’ of notifying the relevant controllers (your company in this case) without any delay.
CONTACT US
If you have any questions or concerns about our privacy policy or privacy practices, you may contact us directly as follows:
Email us: hello@Product Love.io