Privacy Policy

Last updated: August 22, 2025

SF Rewardbar helps merchants drive sales and reward customers effortlessly with Product Reward. It displays attractive banners and widgets that track items in the cart in real time. When a shopper meets a threshold set by the merchant, they automatically receive a selected reward product.

This policy explains what data the app processes, why, and how it’s protected.

Quick navigation

1. Who we are & how we fit into Shopify 2. Data we process 3. How we use data 4. Legal bases (GDPR/UK GDPR) 5. Sharing & sub-processors 6. Data retention 7. Security 8. International transfers 9. Your privacy rights 10. Merchant responsibilities 11. Children 12. Changes to this policy 13. Contact

1) Who we are & how we fit into Shopify

SF Rewardbar is a Shopify app made for Shopify merchants. When installed on a store, the merchant (store owner) is the data controller for shopper data, and SF Rewardbar acts as the merchant’s data processor. Shopify provides the ecommerce platform and is a separate, independent service provider. Please also review Shopify’s Privacy Policy.

2) Data we process

From the merchant/store (via Shopify APIs)

Store account & app settings: shop domain, store name, installed app scopes, configuration you set (e.g., thresholds, reward product, banner/widget design).
Products & collections: product/variant IDs, titles, images, prices as needed to display progress and attach the reward product.
carts: cart contents, quantities, line item subtotals, needed to determine when a threshold is met and whether a reward was issued.

From shoppers on your storefront

Cart state (no account required): product/variant IDs, quantities, cart totals, and session identifiers to calculate real-time progress toward the reward.

Diagnostics

Technical logs: timestamps, app errors, and performance metrics to keep the service reliable.

We do not sell personal information and we do not use shopper data for advertising.

3) How we use data

Provide the app: render banners/widgets, track progress in real time, add the reward product when the threshold is met.
Configure features: save your thresholds, chosen reward product, and design settings.
Support & troubleshooting: resolve tickets and detect/prevent abuse or errors.
Analytics (aggregate/de-identified): understand feature usage and improve app quality without identifying individuals.
Compliance: honor legal requests, enforce terms, and maintain security.

4) Legal bases (GDPR)

Performance of a contract: to deliver the app you installed and configured.
Legitimate interests: to secure and improve the service (balanced against your rights).
Legal obligations: to comply with applicable laws.

For shopper data, the merchant is the controller and determines the lawful basis. SF Rewardbar processes that data under the merchant’s instructions as a processor.

6) Data retention

Store configuration: kept while the app remains installed and for a short period after uninstall for restoration or dispute resolution.
Shopper/cart events: kept only as long as necessary to operate the reward logic and maintain accurate logs; then deleted or de-identified.
Support records & logs: retained for a commercially reasonable period to diagnose issues and meet legal obligations.

Upon uninstall, we cease processing new store data and begin scheduled deletion of remaining data that is no longer required.

7) Security

Encryption in transit (HTTPS) for data exchanged with our services.
Restricted access based on job role and need-to-know.
Hardened cloud infrastructure and regular patching.
Least-privilege Shopify API scopes limited to what the app needs.

No method of transmission or storage is 100% secure, but we work to protect data using industry-standard safeguards.

8) International transfers

We may process data on servers located outside your region. Where required, we rely on appropriate safeguards (such as standard contractual clauses) to protect personal data transferred internationally.

9) Your privacy rights

For merchants (store owners)

You can access, correct, export, or delete your store data by contacting us or via Shopify admin/uninstalling the app. Some actions may affect app functionality.

For shoppers

Please contact the store you shopped with to exercise your privacy rights (access, deletion, correction, objection, portability, or limitation). As a processor, we will support the merchant in responding to your request.

CCPA/CPRA notice (California)

We do not “sell” or “share” personal information for cross-context behavioral advertising.
We process personal information as a service provider to the merchant and for our limited business purposes described above.

10) Merchant responsibilities

Provide your shoppers with a privacy policy that describes your use of SF Rewardbar.
Obtain all necessary consents (where required) for tracking/progress displays on your storefront.
Configure thresholds and rewards in a manner compliant with applicable laws and platform policies.

11) Children

SF Rewardbar is not intended for children under 13 (or the minimum age required by your local law). We do not knowingly collect personal information from children.

12) Changes to this policy

We may update this policy to reflect operational or legal changes. The “Last updated” date shows the latest version. Material changes will be highlighted within the app interface.

13) Contact

If you have questions about this Privacy Policy or our data practices, please reach out via the “Get support” link on our Shopify App Store listing or the in-app support option. We will respond as soon as reasonably possible.