Promo Galore

1. Who We Are

Promo Galore ("we," "us," "our") is a Shopify app that allows merchants to create and display promotional overlays — modals, banners, and toasts — on their storefronts. We are a Shopify Partner app and operate under Shopify's Partner Program Agreement.

2. Information We Collect

From Merchants (Store Owners)

When you install Promo Galore, we collect and store:

• Shop domain — your .myshopify.com URL, used to identify your account
• OAuth access token — a Shopify-issued token that lets us read your store's pages for page targeting; stored securely in our database
• Promo content — the titles, messages, images, and settings you configure for your promotions
• Subscription status — your billing tier and Shopify subscription ID

From Your Storefront Visitors

When a visitor to your store sees a promotion, we record:

• Page path — the URL path where the promo was shown (e.g., /products/t-shirt), not the full URL
• Timestamp — when the impression, click, or conversion occurred
• Promo ID — which of your promos was displayed
• Order ID and value (conversions only) — Shopify order identifiers used for revenue attribution; no payment card data is ever handled by us

3. How We Use Information

• To display your promotions on your storefront
• To provide analytics (views, clicks, click-through rate, revenue attribution) in your dashboard
• To enforce your subscription tier limits
• To process billing through Shopify's native billing system
• To respond to support requests

We do not use your data for advertising, profiling, or any purpose beyond operating the app.

4. Data Storage and Security

All data is stored in a PostgreSQL database hosted on Railway (railway.app), a US-based cloud platform. Data is encrypted at rest and in transit (TLS). Access tokens are stored and never logged.

Our API endpoints that manage your promo settings require a valid Shopify session — unauthenticated requests are rejected.

5. Data Sharing

We do not sell, rent, or share your data with third parties, except:

• Shopify — as required to operate as a Shopify app (OAuth, billing, webhooks)
• Railway — our database and hosting provider, acting as a data processor
• Legal requirements — if required by law or to protect our rights

6. Data Retention and Deletion

When you uninstall Promo Galore, we begin deleting your store's data immediately upon receiving Shopify's app/uninstalled webhook. A full data purge (including all analytics history) is completed within 48 hours upon receipt of Shopify's shop/redact GDPR webhook.

You may request immediate deletion of your data by emailing us (see Section 9).

7. GDPR and Privacy Rights

If you or your customers are in the European Economic Area (EEA), you have the right to:

• Access the data we hold about your store
• Request correction of inaccurate data
• Request deletion of your data
• Object to processing

Because we do not store any personally identifiable information about your store's visitors (no emails, names, or IP addresses), there is typically no customer-level data to provide or delete in response to individual data subject requests.

To exercise any of these rights as a merchant, contact us using the details in Section 9.

8. Cookies and Local Storage

Promo Galore does not set any cookies on your visitors' browsers. We use the browser's localStorage API solely to track whether a visitor has already seen a specific promo (frequency limiting) and to assign A/B test variants. This data never leaves the visitor's browser.

9. Contact

For privacy-related questions or data requests, contact us at:

• Email: shoptilyoudrop@gmail.com

10. Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. Continued use of the app after changes constitutes acceptance of the revised policy.