Privacy Policy

Last Updated: December 2024

Introduction

Memberful Sync ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify app that synchronizes Memberful membership data with your Shopify store.

Information We Collect

1. Store Information

• Shopify Store Domain: Your store's domain name (e.g., yourstore.myshopify.com)
• Shopify Access Tokens: Encrypted authentication tokens required to access your Shopify store's data
• App Configuration: Your preferences for tag names, webhook settings, and subscription mappings

2. Customer Data

• Email Addresses: Customer email addresses to match Memberful members with Shopify customers
• Customer IDs: Shopify customer IDs and Memberful member IDs for synchronization purposes
• Customer Tags: Membership status tags (e.g., "mf:active", "mf:inactive") applied to customers in Shopify
• Subscription Information: Memberful subscription plan details and status (active/inactive)

3. Memberful Integration Data

• Memberful API Key: Encrypted API credentials to access your Memberful account
• Memberful Webhook Secret: Encrypted webhook secret for secure webhook verification
• Memberful Site Domain: Your Memberful site domain for API access
• Webhook Event Data: Temporary storage of webhook payloads for processing and error handling

4. Usage Data

• Sync Status: Information about bulk sync operations (progress, status, timestamps)
• Webhook Events: Logs of processed webhook events for debugging and audit purposes
• Error Messages: Error information when sync operations fail (for troubleshooting)

5. Session Data

• Authentication Sessions: Shopify session data required for app authentication
• User Information: Basic user information (name, email) from Shopify for app access

How We Use Your Information

We use the collected information for the following purposes:

1. Synchronization Services: To sync Memberful membership data with your Shopify store, including:

   • Matching Memberful members with Shopify customers by email
   • Applying or removing customer tags based on subscription status
   • Creating Shopify customers when they don't exist (if approved for customer data access)

2. Real-time Updates: To process webhook events from Memberful and update customer tags in real-time when membership status changes

3. Bulk Operations: To perform bulk synchronization of your entire member database when requested

4. App Functionality: To maintain app configuration, store preferences, and provide you with sync status and logs

5. Error Handling: To log and troubleshoot errors that occur during synchronization operations

Data Storage and Security

Storage Location

• Data is stored in secure databases hosted on our infrastructure
• We use industry-standard encryption for sensitive data such as API keys and access tokens

Data Retention

• Customer Mappings: Retained as long as your store uses the app
• Webhook Events: Retained for debugging and audit purposes, typically for 90 days
• Configuration Data: Retained until you uninstall the app or delete your account
• Session Data: Automatically deleted when sessions expire

Security Measures

• All API keys and secrets are encrypted at rest
• Access tokens are stored securely and never exposed in logs
• We use secure HTTPS connections for all data transmission
• Regular security audits and updates

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

1. Shopify: We share customer data with Shopify through their Admin API to perform synchronization operations (as authorized by you when installing the app)

2. Memberful: We access your Memberful data through their API using credentials you provide (as authorized by you when configuring the app)

3. Service Providers: We may use third-party service providers (such as hosting providers) who are contractually obligated to protect your data

4. Legal Requirements: We may disclose information if required by law or to protect our rights and safety

Your Rights and Choices

You have the following rights regarding your data:

1. Access: You can view your stored configuration data through the app interface
2. Modification: You can update your configuration settings at any time
3. Deletion: You can uninstall the app, which will delete your configuration data (customer mappings may persist in Shopify)
4. Data Portability: You can export your configuration settings through the app interface

Third-Party Services

Our app integrates with the following third-party services:

• Shopify: We use Shopify's Admin API to read and update customer data. Shopify's privacy policy applies to data processed through their platform.
• Memberful: We use Memberful's API to access membership data. Memberful's privacy policy applies to data processed through their platform.
• Vercel: Our app is hosted on Vercel. Please refer to Vercel's privacy policy for information about their data practices.

Children's Privacy

Our app is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

International Data Transfers

Your data may be processed and stored in servers located outside your country of residence. By using our app, you consent to the transfer of your data to these locations.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: gaz@skybase.it Website: https://www.memberfulsync.com

Compliance

This app complies with:

• GDPR (General Data Protection Regulation) for users in the European Union
• CCPA (California Consumer Privacy Act) for users in California
• Shopify's App Store Requirements for data handling and privacy

Data Processing Legal Basis

We process your data based on:

• Contractual Necessity: To provide the synchronization services you requested
• Legitimate Interest: To improve our services and troubleshoot issues
• Consent: When you provide API keys and configure the app, you consent to data processing

Data Minimization

We only collect and process the minimum amount of data necessary to provide our synchronization services. We do not collect unnecessary personal information.

Your Responsibilities

As a merchant using this app, you are responsible for:

• Ensuring you have proper consent from your customers to process their data
• Complying with applicable privacy laws in your jurisdiction
• Securing your Memberful API keys and webhook secrets
• Informing your customers about how their data is processed through this integration