UpRevApps Shopify Apps Privacy Policy

Effective Date: April 9, 2026

1. Introduction

This Privacy Policy explains how UpRevApps ("UpRevApps", "we", or "us") collects, uses, shares, and protects personal information when merchants install or use UpRevApps Shopify applications (each an "App" and collectively the "Apps") in connection with their Shopify-powered stores. Merchants that use Shopify are generally required by Shopify and by applicable privacy laws to maintain clear, accessible privacy notices explaining how personal data is processed, including when using third-party apps such as the Apps.

Data Controller:
UpRevApps
Svitrigailos g. 11K-109
Vilnius, Lithuania
Email: help@uprevapps.com

2. Scope and Roles

This Privacy Policy applies to personal information processed through any Shopify application published by UpRevApps (the "Apps"), including but not limited to:

• UpRevApps Progress Bar & Gifts

As UpRevApps releases additional Shopify apps, they will also be covered by this Privacy Policy unless stated otherwise in a separate or app-specific privacy notice.

This Privacy Policy applies to personal information processed through the Apps about the following categories of individuals:

• Merchants and their authorized users (for example, store owners, staff, and collaborators) who install or use the Apps.
• End customers of merchants' online stores, to the extent that the Apps process customer data on behalf of merchants.

For most processing of end-customer data, the merchant is the "data controller" (or equivalent term under applicable law), and UpRevApps acts as a "data processor" or "service provider" that processes personal information on the merchant's documented instructions through the Apps.

3. Information We Collect

The specific information the Apps collect depends on which App you use and how your store is configured. In general, the Apps may process the categories of information listed below, in line with common Shopify privacy and compliance requirements.

3.1 Information from Your Shopify Account (Merchant Data)

When you install an App, Shopify automatically provides UpRevApps with certain information related to your store so the App can function properly. This typically includes:

• Store name and Shopify store URL.
• Store owner name and contact email address.
• Store configuration details such as installed themes, app installation status, and plan type, to the extent required for the App's features.
• Technical information needed to authenticate and maintain the connection between the Apps and your Shopify store (for example, access tokens or app-specific identifiers generated by Shopify).

3.2 Information You Provide Directly

You may provide additional information directly to UpRevApps when you:

• Create or manage an account or configuration within an App.
• Contact support (for example, name, email address, phone number, and any information included in your message or shared screenshots).
• Respond to surveys, beta invitations, or feedback requests.

The exact data collected depends on the form or interaction and will be limited to what is necessary to respond to your request or provide the relevant feature.

3.3 Information About Your Store and End Customers

To provide the functionality of the Apps, UpRevApps may process certain information about your store's activity and, in some cases, your customers, as enabled by Shopify's APIs and by your configuration. Depending on the App and your settings, this may include:

• Order information (for example, order ID, products purchased, order value, currency, timestamps).
• Limited customer information as exposed through Shopify's APIs (for example, customer ID, country, language, and other fields strictly required for the App's features).
• Store performance or marketing events (for example, impressions, clicks, conversions, or other behavior events tracked by the App within your store).

The Apps are designed to follow Shopify's data minimization and protected customer data guidelines and only process the minimum personal data needed to deliver the App's functionality.

3.4 Automatically Collected Information (Cookies, Logs, and Device Data)

When you or your customers interact with a store using an App, certain technical information may be collected automatically:

• Log data such as IP address, browser type, device type, operating system, referring URL, and timestamps.
• Usage information about how merchants and customers interact with App interfaces or widgets embedded in the store (for example, which elements are viewed or clicked).
• Cookies or similar tracking technologies strictly necessary for the Apps to function (for example, for remembering preferences or ensuring App features work correctly), and, where applicable, analytics cookies if you have enabled them.

Merchants are responsible for ensuring that their own store cookie banners and privacy notices cover the use of cookies and similar technologies related to the Apps on their storefronts, as required by laws such as GDPR and ePrivacy rules.

4. How We Use Personal Information

UpRevApps uses personal information processed through the Apps for the following purposes:

• To provide, operate, and maintain the Apps and related services.
• To authenticate merchants, secure access, and maintain technical integrations with Shopify.
• To configure and customize App features based on your store's settings and data.
• To provide customer support, respond to requests, and resolve technical issues.
• To monitor App performance, analyze usage trends, and improve or optimize features (for example, by understanding which App features are used most often).
• To send important operational communications related to the Apps, such as changes, outages, or security notices.
• To meet legal or regulatory obligations and to establish, exercise, or defend legal claims.

Where permitted by law, UpRevApps may also use merchant contact details to send information about updates, new features, or related services, subject to applicable marketing and anti-spam rules.

5. Legal Bases for Processing (EEA, UK, and Similar Jurisdictions)

Where the General Data Protection Regulation (GDPR), the UK GDPR, or similar laws apply, UpRevApps relies on the following legal bases for processing personal data:

• Performance of a contract: to provide and operate the Apps under the agreement with the merchant.
• Legitimate interests: to maintain and improve the Apps, ensure security, prevent misuse, and communicate necessary information to merchants, provided these interests are not overridden by the rights and freedoms of data subjects.
• Compliance with legal obligations: to meet applicable legal, accounting, or regulatory requirements.
• Consent: where required for specific processing activities (for example, certain analytics or marketing communications), UpRevApps will rely on consent that you provide or that your customers provide via your store's consent mechanisms.

Merchants are responsible for ensuring they have an appropriate legal basis to share customer data with UpRevApps and to use the Apps in their own stores.

6. How We Share Personal Information

UpRevApps does not sell or rent personal information processed through the Apps. Personal information may be disclosed only in the following circumstances:

• Service providers and subprocessors: UpRevApps may share personal information with carefully selected third-party vendors who provide hosting, data storage, analytics, logging, customer support, or similar services, strictly for the purpose of operating and improving the Apps.
• Crisp (live chat, knowledge base, and chat analytics): UpRevApps uses Crisp, operated by Crisp IM SAS (France), to offer in-app and on-site live chat, a help knowledge base, and related support analytics to merchants. Crisp is embedded within the Apps' admin interface and may also be surfaced on UpRevApps websites. When a merchant or authorized user starts a chat, reads knowledge base articles, or interacts with Crisp widgets, Crisp may process information such as name, email address, message content, attachments, IP address, browser and device data, pages viewed, session activity, and cookies or similar identifiers. This data is used to route and respond to support requests, deliver self-service help content, and produce aggregated analytics about support performance and content usage. Crisp acts as a processor on UpRevApps's behalf under a Data Processing Agreement, stores data within the European Union, and supports international transfers through standard contractual clauses where required. Further details are available in Crisp's privacy policy at crisp.chat/en/privacy.
• Shopify: Because the Apps integrate with Shopify, certain data flows between Shopify and UpRevApps via Shopify's APIs, consistent with Shopify's platform rules and your store's configuration.
• Legal and compliance: Personal information may be disclosed where required to comply with applicable law, lawful requests, or legal processes, or to protect the rights, property, or safety of UpRevApps, merchants, customers, or others.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets involving UpRevApps, personal information relevant to the Apps may be transferred as part of the transaction, subject to appropriate safeguards and continued protection consistent with this Policy.

Any third party that processes personal information on UpRevApps's behalf will be bound by contractual obligations to protect that information and to process it only according to UpRevApps's documented instructions and applicable law.

7. International Data Transfers

Because Shopify and many cloud infrastructure providers operate globally, personal information processed through the Apps may be transferred to and stored in countries other than the one where the merchant or data subject is located, including Canada, the United States, and other jurisdictions. Where required, appropriate safeguards such as standard contractual clauses or equivalent transfer mechanisms will be used to protect personal information when it is transferred internationally.

Merchants remain responsible for ensuring their use of the Apps is compatible with any cross-border data transfer requirements that apply to their stores.

8. Data Retention

UpRevApps retains personal information for as long as necessary to provide the Apps, fulfil the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements. The specific retention period may vary depending on the type of information and the context in which it was collected, but it is guided by principles of data minimization and storage limitation.

When a merchant uninstalls an App, UpRevApps will remove or anonymize personal information associated with that store within a reasonable period, except where a longer retention period is required by law or necessary to protect UpRevApps's legitimate interests (for example, to address outstanding support issues, prevent fraud, or maintain necessary logs).

9. Security

UpRevApps uses appropriate technical and organizational measures designed to protect personal information processed through the Apps against unauthorized access, loss, misuse, alteration, or destruction. These measures may include access controls, encryption in transit and at rest where appropriate, monitoring, and regular review of systems and practices.

No method of transmission over the internet or method of electronic storage is completely secure, and UpRevApps cannot guarantee absolute security; merchants should also take steps to secure their Shopify stores, accounts, and devices.

10. AI and Automated Decision-Making

Shopify has introduced stricter requirements on how partners and apps can use merchant and customer data in connection with artificial intelligence and machine learning, including prohibitions on using such data for model training without explicit merchant consent. UpRevApps complies with these requirements and, where the Apps include AI-powered features, will:

• Use merchant and customer data only to provide the requested App functionality and not to train generalized models for unrelated products or services without explicit, informed consent from the merchant.
• Clearly disclose any AI-powered processing that may have legal or similarly significant effects on individuals and, where required, provide mechanisms for merchants or data subjects to request human review or to opt out of such processing.

Merchants should review their own obligations under Shopify's Partner and API terms and ensure that any AI-related use of data through their stores is disclosed in their store privacy policies and customer notices.

11. Merchant Responsibilities

Merchants remain responsible for their own privacy and data protection compliance when using the Apps. This includes:

• Providing all required notices and obtaining all necessary consents from customers for the collection, use, and sharing of personal information through their stores and the Apps.
• Configuring the Apps appropriately in light of applicable laws and the merchant's own privacy commitments.
• Handling customer requests to exercise privacy rights (for example, access, deletion, or objection) in relation to data controlled by the merchant and, where necessary, coordinating with UpRevApps so that UpRevApps can support the merchant in fulfilling those requests.

12. Your Privacy Rights

Depending on where you are located, you may have certain rights in relation to your personal information under laws such as the GDPR, UK GDPR, the California Consumer Privacy Act (as amended by the CPRA), and other regional privacy laws. These may include rights to:

• Access and receive a copy of your personal information.
• Correct or update inaccurate or incomplete personal information.
• Request deletion of personal information, in certain circumstances.
• Object to or restrict certain processing activities.
• Withdraw consent where processing is based on consent.
• Receive personal information in a portable format where technically feasible.

If you are a merchant or an App user and wish to exercise these rights in relation to data processed by UpRevApps, you can contact UpRevApps using the contact details below. For end customers of a merchant's store, requests should generally be directed to the merchant, which controls the customer data; UpRevApps will assist merchants in responding to such requests as required by law and by its agreements with merchants.

You also have the right to lodge a complaint with a supervisory authority. If you are located in Lithuania, the relevant authority is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija, vdai.lrv.lt). If you are located in another EEA member state or the UK, you may contact the supervisory authority in your country of residence.

13. Children's Privacy

The Apps are intended for use by merchants and are not directed to children under the age of 13 (or other age defined by local law for children's privacy). UpRevApps does not knowingly collect personal information directly from children through the Apps.

Merchants remain responsible for configuring and using the Apps in a manner that complies with children's privacy laws applicable to their stores and for avoiding the collection of children's data through the Apps unless they have established a lawful basis and appropriate safeguards.

14. Changes to This Privacy Policy

UpRevApps may update this Privacy Policy from time to time, for example to reflect changes to the Apps, to Shopify's platform rules, or to applicable privacy laws and guidance. When material changes are made, UpRevApps will update the "Effective date" at the top of this page and may provide additional notice as required by law or Shopify's requirements.

Merchants are encouraged to review this Privacy Policy periodically to stay informed about how personal information is processed through the Apps.

15. Contact Information

If you have questions, concerns, or complaints about this Privacy Policy or UpRevApps's data practices, or if you wish to exercise your privacy rights, you can contact UpRevApps at:

• UpRevApps
• Svitrigailos g. 11K-109, Vilnius, Lithuania
• Email: help@uprevapps.com

Merchants may also have additional contact details and terms directly in their agreements or invoices with UpRevApps, which should be read together with this Privacy Policy where applicable.

UpRevApps is not affiliated with, endorsed by, or sponsored by Shopify Inc. Shopify® is a registered trademark of Shopify Inc.