Scope
This Addendum applies to personal information collected through:
- The Drop Hint 2.0 Shopify App
- Hint-sending forms
- Automated follow-up messages
- Analytics and tracking related to app functionality
This Addendum does not apply to:
- Personal information collected by merchants independently
- Customer data processed directly by Shopify outside the App
- Aggregated or anonymized information
Categories of Personal Information We Collect
Over the past 12 months, Drop Hint 2.0 has collected the following categories of personal information described in the CCPA/CPRA:
A. Identifiers
- Names (sender and recipient)
- Email addresses
- Phone numbers
- IP address
- Device/Browser identifiers
B. Customer Records
- Hint message and content details
- Product information attached to the hint
C. Commercial Information
- Products viewed
- Orders generated from hints
- Follow-up engagement activity
D. Internet/Network Activity
- Email/SMS opens
- Click-throughs
- Page views on Shopify store product pages
E. Geolocation
Region/country determined via IP address (approximate, not precise location)
F. Inferences
- Behavioral interactions related to automated follow-ups
- Conversion potential based on engagement
We do not collect:
- Government identifiers
- Sensitive personal information (as defined by CPRA)
- Biometric data
- Precise geolocation
- Financial information
Categories of Sources
We collect personal information from:
- The merchant's Shopify store (via Shopify API)
- Visitors who send hints
- Hint recipients interacting with messages
- Automated tracking events (opens, clicks, views)
- Merchant configuration and usage data
Business Purposes for Collecting Personal Information
We collect personal information for the following purposes:
- Delivering hint messages
- Sending automated behavioral follow-ups
- Processing and attributing conversions
- Providing analytics to merchants
- Billing usage-based charges
- Troubleshooting and improving system performance
- Ensuring compliance and preventing fraud
We do not use personal information for:
- Cross-context behavioral advertising
- Selling personal data
- Profiling in a way that produces legal or significant effects on the consumer
Personal Information We Disclose
We may share personal information with:
A. Service Providers
- Email delivery providers
- SMS/WhatsApp gateways
- Cloud hosting services
- Print/mail vendors (for postcard hints)
B. Shopify
As required to operate within the Shopify ecosystem.
These service providers are contractually restricted from:
- Retaining
- Using
- Selling
- Or disclosing personal information
except for the specific business purposes outlined above.
We do not sell or share personal information as defined under the CCPA/CPRA.
Consumer Rights Under CCPA/CPRA
California residents have the following rights:
6.1 Right to Know
Consumers may request disclosure of:
- Categories of personal information collected
- Specific pieces of personal information collected
- Sources of that information
- Business purpose for collection
- Categories of third parties with whom we share personal data
6.2 Right to Delete
Consumers may request deletion of their personal information, subject to exceptions (e.g., billing, fraud prevention, compliance).
6.3 Right to Correct
Consumers may request corrections to inaccurate personal information.
6.4 Right to Opt Out of "Sale" or "Sharing"
Drop Hint 2.0 does not sell or share personal information for advertising purposes.
Therefore, no opt-out option is required.
6.5 Right to Restrict Use of Sensitive Personal Information
Drop Hint 2.0 does not collect or process sensitive personal information.
6.6 Right to Non-Discrimination
We do not discriminate against consumers for exercising their CCPA/CPRA rights.
How Consumers Can Exercise Their Rights
Consumers may submit requests through:
Email: [email protected]
We may require verification before fulfilling a request:
- Sender or recipient email verification
- Match to existing data in our system
- Merchant confirmation (for customer data requests)
We respond to verified requests within 45 days, with one extension if reasonably necessary.
Merchants agree to assist AppSolute in fulfilling data rights requests related to their stores.
Data Retention Under CPRA
We retain personal information only for as long as necessary to:
- Provide the Service
- Support automated follow-up logic
- Maintain transaction and billing records
- Comply with legal obligations
Typical retention:
- Hint & follow-up data: up to 24 months
- Merchant account data: until app uninstall
- Billing records: 7 years
Data Security
We maintain industry-standard safeguards including:
- Encryption in transit
- Encrypted storage
- Access controls
- Monitoring and intrusion detection
These measures are designed to protect personal information from unauthorized access or disclosure.
Verification and Authorized Agents
California consumers may authorize an agent to submit a CCPA/CPRA request on their behalf.
Verification of identity and authority may be required.
Changes to This Addendum
We may update this Addendum from time to time.
The "Last Updated" date will reflect the latest revision.
Continued use of Drop Hint 2.0 constitutes acceptance of any changes.
Contact Information
If you have questions or wish to exercise your California privacy rights:
Email: [email protected]