This policy describes how the App handles data and is not a substitute for the merchant’s own privacy notice or legal advice.

1. Who is responsible for your data

Under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the UK GDPR, the merchant is the “controller” of the customer personal data flowing through the App, and we are a “processor” acting solely on that merchant’s instructions.

If you are a shopper (an end customer of a store that uses the App) and you want to access, correct, or delete your data, please contact the merchant you bought from; they are the controller. We will assist the merchant in responding, and we honour Shopify’s data-erasure requests directly (see “Data retention and deletion”).

2. What personal data we process, and why

We practise data minimisation: we only process data that a specific App feature genuinely needs. In practice that is:

Customer name and email address

Sourced from the Shopify order or draft order the merchant creates. Used strictly to send transactional lay-by and balance communications on the merchant’s behalf: deposit receipts, balance-due reminders, ready-for-collection notices, and any final notice the merchant configures. These are not marketing emails.

Customer identifier

The Shopify customer ID (GID) associated with a lay-by, used to link the lay-by record to the correct order and to keep reminders and status in sync so that a customer who has paid is never chased again.

Order and lay-by details

A summary of the items, amounts, deposit taken, outstanding balance, due date, and status. Financial truth lives in Shopify; the App mirrors and extends it as the merchant’s system of record. Amounts are stored as integer minor units; no card or bank details are stored.

Shop domain and staff attribution

The merchant’s Shopify shop domain, and the name of the staff member and point-of-sale location associated with a lay-by taken in store, so the merchant can attribute deposits and manage collections.

Reminder delivery logs

For each reminder we log the recipient email, the reminder type, the send time, and the email-provider reference. This gives an auditable record, prevents duplicate sends, and is essential to the App’s core promise of never emailing a customer who has already paid.

Waitlist email (non-Plus stores)

Shopify’s native deposit primitive is currently limited to Shopify Plus stores. If a merchant on a non-Plus plan installs the App, we offer to record a single contact email so we can notify them when native deposits become available on their plan. This is provided voluntarily and used only for that notification.

Because we are a processor, the merchant (as controller) is responsible for establishing the legal basis for processing their customers’ data and for obtaining any consent required to send reminders. For our own limited processing we rely on:

4. Shopify Protected Customer Data

The App is granted access to Protected Customer Data (customer name and email) through Shopify’s Protected Customer Data program. We have declared the specific fields we use and their purpose, transactional payment reminders, to Shopify, and we adhere to Shopify’s Protected Customer Data requirements, including data minimisation, purpose limitation, encryption, access controls, and staff-access transparency. We do not use Protected Customer Data for any purpose other than delivering the App’s stated features to the merchant.

5. Sub-processors

We use a small number of carefully chosen sub-processors to run the App. Each is bound by data-protection terms and processes data only to provide their service to us:

Shopify

The source of order, draft-order, and customer data, and the platform that hosts the App and processes all deposits and balances. Shopify is also the merchant’s platform provider and, for the underlying store data, an independent controller/processor under its own terms.

Database host (Neon / managed PostgreSQL)

Hosts the App’s PostgreSQL database, where the lay-by records and logs described above are stored.

Resend

Delivers the App’s transactional emails (deposit receipts, reminders, collection and final notices). Resend receives the recipient email address and message content needed to deliver each message.

6. Data location and international transfers

Our sub-processors may store or process data in data centres located in the European Union, the United Kingdom, the United States, or other regions depending on their infrastructure and the merchant’s configuration. Where personal data is transferred outside the EEA or the UK, that transfer is covered by an appropriate safeguard recognised under the GDPR and UK GDPR, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum) or an applicable adequacy decision.

7. Data retention and deletion

We retain personal data only for as long as the merchant continues to use the App for the relevant lay-by, or as required to comply with legal obligations, and we honour Shopify’s mandatory data-erasure webhooks:

Customer redaction (customers/redact)

When Shopify sends a customer-redaction request, the App removes the identifying data for that customer: it nulls the customer name, email, and customer ID on the matching lay-by records, clears the cached pay link and any free-text notes, blanks the recipient email stored in the reminder logs, empties the metadata on the related event-log entries, and deletes any waitlist entry for that email. The now-anonymous financial and status rows may be retained for the merchant’s bookkeeping, as they no longer identify a person.

Shop redaction (shop/redact)

When a merchant uninstalls the App, Shopify sends a shop-redaction request (typically 48 hours after uninstall). On receiving it, the App deletes all data for that shop: the shop record and, by cascade, its deposit rules, lay-by records, installment plans, reminder logs, and event logs, along with any waitlist entries and stored sessions for that shop.

Data-access request (customers/data_request)

When Shopify forwards a customer data-access request, we acknowledge it and make the corresponding lay-by and reminder records available to the merchant so the merchant, as controller, can respond to the individual.

8. Your data-subject rights

If you are in the EU, the UK, or another region with comparable law, you have rights over your personal data, including the rights of access, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, and objection to processing. You may also lodge a complaint with your local data-protection authority.

Because the merchant is the controller, please exercise these rights through the merchant whose store you interacted with. The merchant can action them directly in the App or via Shopify’s data-request tools, and we will support the merchant in fulfilling any request. If you cannot reach the merchant, contact us at support@trycollected.com and we will help route your request.

9. California privacy rights (CCPA / CPRA)

For residents of California, the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”) provides rights to know, access, correct, and delete personal information, and to limit certain uses. We process personal information only as a service provider to the merchant. We do not sell or share personal information, and we do not use it for cross-context behavioural advertising. California residents should direct requests to the merchant (the business) they transacted with; we will assist as the service provider.

10. Security

We take reasonable and appropriate technical and organisational measures to protect personal data, including:

11. No payment data / no PCI scope

The App never processes, holds, or transmits card numbers, bank details, or other payment credentials. All deposits and balances are collected by Shopify through the merchant’s own payment gateway. As a result, the App handles no cardholder data and is outside the scope of the PCI DSS.

12. Children’s data

The App is a business-to-business tool for retailers and is not directed at children. We do not knowingly collect personal data from children. Any customer personal data we process is incidental to a purchase made through the merchant’s store; if a merchant believes data relating to a child has been processed in error, they should contact us to have it removed.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to the App, our sub-processors, or the law. When we make material changes we will update the “last updated” date above and, where appropriate, notify merchants through the App or by email. Continued use of the App after an update constitutes acceptance of the revised policy.

14. Contact

For any privacy question, or to exercise a data right where the merchant is unreachable, contact us at support@trycollected.com. The App is published by [COMPANY_LEGAL_NAME] and operated at trycollected.com.

This policy describes how the App handles data and is not a substitute for the merchant’s own privacy notice or legal advice.