Privacy Policy for GNP – Subscribe & Save

Effective Date: 7/8/25
Last Updated: 7/8/25

1. Introduction

This Privacy Policy describes how GNP – Subscribe & Save (“we,” “our,” or “us”) collects, uses, and protects your information when you use our Shopify application. We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Information We Collect

2.1 Information from Shopify

When you install our app, we collect the following information through Shopify’s API:

• Store Information: Store name, domain, contact details, and configuration settings
• Product Information: Product details, pricing, inventory, and variants for subscription setup
• Customer Information: Customer names, email addresses, billing and shipping addresses
• Order Information: Order details, payment status, and transaction history
• Subscription Data: Subscription plans, billing cycles, and subscription status

2.2 Information You Provide

• App Configuration: Subscription settings, pricing tiers, and customization preferences
• Customer Portal Access: Email addresses and order numbers for customer authentication
• Support Communications: Information provided when contacting our support team

2.3 Automatically Collected Information

• Usage Data: How you interact with our app, features used, and performance metrics
• Technical Data: IP addresses, browser type, device information, and access logs
• Cookies: Session cookies for authentication and app functionality (7-day expiration)

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core App Functionality

• Subscription Management: Creating, managing, and processing subscription orders
• Customer Portal: Enabling customers to manage their subscriptions
• Billing Processing: Handling recurring payments and billing cycles
• Analytics: Providing subscription performance metrics and insights

3.2 App Improvement

• Performance Optimization: Monitoring app performance and fixing issues
• Feature Development: Understanding usage patterns to improve functionality
• Customer Support: Providing technical assistance and troubleshooting

3.3 Legal Compliance

• GDPR Compliance: Responding to data requests and deletion requirements
• Shopify Requirements: Meeting Shopify App Store policies and guidelines
• Audit Trails: Maintaining logs for compliance and security purposes

4. Data Storage and Security

4.1 Data Storage

• Database: We use Supabase (PostgreSQL) for secure data storage
• Location: Data is stored in secure data centers in the United States
• Encryption: All data is encrypted in transit and at rest

4.2 Security Measures

• Authentication: Shopify OAuth for secure app access
• Session Management: Secure session handling with HTTP-only cookies
• Access Controls: Role-based access to protect sensitive information
• Regular Monitoring: Continuous monitoring for security threats

5. Data Sharing and Third Parties

5.1 Service Providers

We may share data with trusted third-party service providers:

• Supabase: Database hosting and management
• Heroku: Application hosting and deployment
• Shopify: Core platform integration and API access

5.2 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats

5.3 Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred as part of the business assets.

6. Your Rights and Choices

6.1 Access and Control

• Data Access: Request a copy of your personal data
• Data Correction: Update or correct inaccurate information
• Data Deletion: Request deletion of your personal data
• Data Portability: Receive your data in a structured format

6.2 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

• Right to object to processing
• Right to restrict processing
• Right to withdraw consent
• Right to lodge a complaint with supervisory authorities

6.3 How to Exercise Your Rights

To exercise your rights, contact us at [your-email@domain.com] or through your Shopify store owner.

7. Data Retention

7.1 Retention Periods

• Active Subscriptions: Data retained while subscriptions are active
• Cancelled Subscriptions: Data retained for 12 months for support and analytics
• App Uninstallation: All data deleted within 48 hours of app removal

7.2 Legal Requirements

Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce agreements.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data during international transfers.

9. Children’s Privacy

Our app is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by:

• Posting the updated policy on our website
• Sending notifications through the app
• Email notifications for material changes

11. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: nick@websitebutlers.com
Website: websitebutlers.com

For GDPR-related inquiries, please contact our Data Protection Officer at support@websitebutlers.com.

12. Compliance and Certifications

• GDPR Compliant: Full compliance with European data protection regulations
• Shopify Partner: Certified Shopify app partner with verified security practices
• SOC 2 Type II: Our hosting providers maintain SOC 2 Type II compliance

---

This privacy policy is designed to be transparent and comprehensive. If you have any questions or concerns about how we handle your data, please don’t hesitate to contact us.