Overview
Drop A Hint 2.0 is a Shopify application that enables website visitors to send gift hints to third parties and provides automated follow-up communication using email, SMS, WhatsApp, or postcard.
To provide these features, we process certain data from merchants, store visitors, and hint recipients.
We do not sell or share personal data with third parties for advertising or monetization.
Information We Collect
We collect information in three categories:
2.1 Merchant & Store Information (via Shopify API)
When you install Drop A Hint 2.0, Shopify automatically shares:
- Store name
- Store URL
- Store email
- Shopify store ID
- Primary admin contact
- Billing and plan selection
- Theme and script installation permissions
We collect this to enable the App to function.
2.2 Customer / Visitor Data
When a visitor sends a hint or interacts with hint-related content, we may collect:
- Sender's name and email/phone number
- Recipient's name and email/phone number (only as provided by the sender)
- Message content included in the hint
- Product information attached to the hint
- IP address (for security/logging)
- Country or approximate geolocation (based on IP)
- Engagement actions (opens, clicks, conversions)
This data is required to deliver the hint and follow-ups.
2.3 Behavioral & Interaction Data
To power automated follow-ups and improve performance, we log:
- Hint delivery status
- Email/SMS/WhatsApp open status
- Click-through events
- Viewed products
- Conversion events (orders attributed to a hint)
- Time and date of interactions
- Device/browser metadata
- Error logs for troubleshooting
We do not track visitors outside of hint-related interactions.
This policy is for Drop A Hint 2.0 do not copy How We Use the Data
We use collected data only for the following purposes:This policy is for Drop A Hint 2.0 do not copy
3.1 Delivering the Service
- Sending hint messages to recipients
- Sending automated follow-ups based on behavior
- Displaying reporting and analytics to merchants
- Billing usage-based charges
- Providing customer support
3.2 Improving App Performance
- Monitoring deliverability
- Optimizing automated follow-up logic
- Detecting errors and improving system stability
This policy is for Drop A Hint 2.0 do not copy3.3 Compliance & Security
- Preventing fraud or abuse
- Meeting legal requirements
- Ensuring compliance with Shopify's policies
This policy is for Drop A Hint 2.0 do not copyWe do not use data for:
- Third-party advertising
- Selling information
- Cross-site tracking
Legal Basis for Processing
Depending on your jurisdiction, we rely on:
- Contractual necessity – to provide the Service
- Legitimate interest – delivering expected app functionality
- Consent – for communications that require it (e.g., SMS in certain regions)
As the merchant, you are responsible for obtaining any required consent from store visitors and hint recipients when using the App.
Data Retention
5.1 Merchant & Store Data
Retained as long as the App remains installed.
Upon uninstall, we delete or anonymize store data within 60 days unless legally required to retain it.
5.2 Customer / Visitor / Recipient Data
Hint and follow-up data is retained for:
- 24 months for analytics and reporting
- Or until the merchant requests deletion
We can offer shorter retention windows upon request.
5.3 Billing & Transaction Records
Retained for 7 years, as required for accounting and tax obligations.
Data Sharing & Disclosure
We do not sell or share data for marketing.
We only share information with:
6.1 Service Providers
Trusted vendors who help us deliver the App, such as:
- Email service providers
- SMS/WhatsApp gateways
- Cloud hosting providers
- Print/mail partners (for postcards)
These providers operate under strict data processing agreements.
6.2 Shopify
Shopify may access data as part of the platform's standard operation.
6.3 Legal Requirements
We may disclose information if required to:
- Comply with law
- Respond to lawful requests
- Protect security or prevent fraud
Data Security
We take data protection seriously and use:
- Encrypted data storage
- Encrypted transmission (HTTPS/TLS)
- Access controls and authentication
- Monitoring and intrusion detection
- Regular vulnerability scanning
However, no system is 100% secure.
Merchants are responsible for securing their Shopify admin access and store environment.
Merchant Responsibilities
You agree to:
- Provide required consent disclosures to your customers and visitors
- Use hint and follow-up features in accordance with local laws (e.g., CAN-SPAM, GDPR, TCPA)
- Ensure your theme or custom code does not compromise app functionality or expose data
- Promptly uninstall the app if you no longer wish data to be processed
Data Subject Rights
Depending on jurisdiction, individuals may have rights to:
- Access their data
- Request correction
- Request deletion ("right to be forgotten")
- Object to processing
- Request data export
We assist merchants in fulfilling these requests.
To initiate a request, contact:
[email protected]We respond within 30 days.
Children's Data
Drop A Hint 2.0 is not intended for stores primarily targeting children under 13.
We do not knowingly collect or process children's personal information.
International Data Transfers
Data may be processed in:
- The United States
- The European Union
- Other regions where our service providers operate
We use standard contractual protections and industry safeguards to ensure compliance.
Uninstalling the App
Uninstalling Drop A Hint 2.0 triggers:
- Immediate cessation of new data collection
- Automatic revocation of Shopify API access
- Deletion or anonymization of merchant/store data within 60 days
Some billing records may remain for accounting compliance.
Changes to this Policy
We may update this policy from time to time.
Continued use of Drop A Hint 2.0 after updates indicates acceptance of the changes.