Privacy Policy

Last Updated: September 11, 2025

  1. INTRODUCTION

This Privacy Policy explains how UpMerce (“we,” “us,” or “our”) collects, uses, processes, and protects your information when you install and use our applications (“Apps”), including EasyTick Upsell, on your Shopify store. This policy also covers our website and related services.

We are committed to protecting your privacy and ensuring transparency about our data practices.

  1. INFORMATION WE COLLECT
2.1 Information from Shopify

When you install our Apps, we automatically receive certain information from your Shopify account:

Store Information:

  • Store name, domain, and contact information
  • Store owner details (name, email)
  • Store configuration and settings
  • Installed themes and other apps

Product Data:

  • Product names, descriptions, prices, and images
  • Product variants and inventory levels
  • Product collections and categories

Order Information:

  • Order details, amounts, and status
  • Transaction data (non-sensitive payment information)
  • Shipping information

Customer Data:

  • Customer names and email addresses
  • Order history and purchase behavior
  • Customer preferences (as relevant to app functionality)
2.2 Information You Provide
  • App configuration settings and preferences
  • Support communications and feedback
  • Custom settings and rules you create within the Apps
2.3 Technical Information
  • IP addresses and device information
  • Browser type and version
  • App usage data and analytics
  • Error logs and performance metrics
2.4 Cookies and Tracking

We may use cookies and similar tracking technologies to improve app functionality and user experience.

  1. HOW WE USE YOUR INFORMATION

We use your information solely for the following purposes:

3.1 Service Provision
  • Operating and maintaining our Apps
  • Processing upsells and related e-commerce functions
  • Providing customer support
  • Ensuring app compatibility with your store
3.2 Service Improvement
  • Analyzing app performance and usage patterns
  • Developing new features and improvements
  • Debugging and fixing technical issues
  • Conducting security monitoring
3.3 Communication
  • Responding to your inquiries and support requests
  • Sending important service notifications
  • Providing app updates and maintenance notices
3.4 Legal Compliance
  • Complying with applicable laws and regulations
  • Responding to legal requests and court orders
  • Protecting against fraud and abuse
  1. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Economic Area, our legal bases for processing include:

  • Contractual necessity: To provide our Apps and services
  • Legitimate interests: To improve our services and ensure security
  • Legal compliance: To comply with applicable laws
  • Consent: Where explicitly provided for specific processing activities
  1. DATA SHARING AND DISCLOSURE
5.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5.2 Limited Sharing Scenarios

We may share your information only in the following circumstances:

Service Providers:

  • Cloud hosting providers (with appropriate data processing agreements)
  • Analytics and monitoring services
  • Customer support platforms

Legal Requirements:

  • When required by law, regulation, or court order
  • To protect our rights, property, or safety
  • To prevent fraud or abuse

Business Transfers:

  • In connection with a merger, acquisition, or sale of assets (with appropriate safeguards)
5.3 Shopify Integration

Our Apps operate within the Shopify ecosystem and share data with Shopify as necessary for app functionality, in accordance with Shopify’s terms and privacy policies.

  1. DATA SECURITY

We implement industry-standard security measures to protect your information:

  • Encryption: Data is encrypted in transit and at rest
  • Access Controls: Limited access to authorized personnel only
  • Regular Audits: Security assessments and vulnerability testing
  • Secure Infrastructure: Use of reputable cloud providers with robust security
  • Employee Training: Regular security awareness training for our team
  1. DATA RETENTION

We retain your information for as long as:

  • Your Shopify store has our Apps installed
  • Necessary to provide our services
  • Required by applicable laws and regulations
  • Needed for legitimate business purposes

When you uninstall our Apps, we will delete or anonymize your data within 30 days, except where retention is required by law.

  1. YOUR RIGHTS AND CHOICES
8.1 Access and Control

You can:

  • Access your data through your Shopify admin panel
  • Update your store information directly in Shopify
  • Configure app settings to control data processing
  • Uninstall our Apps at any time
8.2 GDPR Rights (EU Users)

Under the General Data Protection Regulation, you have the right to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a portable format
  • Restriction: Limit processing of your personal data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Where processing is based on consent
8.3 CCPA Rights (California Users)

Under the California Consumer Privacy Act, you have the right to:

  • Know what personal information we collect and how it’s used
  • Delete personal information we have about you
  • Opt-out of the sale of personal information (we don’t sell data)
  • Non-discrimination for exercising your privacy rights

To exercise your rights, contact us at support@upmerce.co.

  1. INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and processed in countries outside your location. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses for EU data transfers
  • Adequacy decisions by relevant authorities
  • Other legally recognized transfer mechanisms
  1. CHILDREN’S PRIVACY

Our Apps are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

  1. THIRD-PARTY LINKS AND SERVICES

Our Apps may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external sites or services. We encourage you to review their privacy policies.

  1. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the “Last Updated” date
  • For material changes, we will provide notice through email or app notifications
  • Your continued use of our Apps after changes constitutes acceptance
  1. DATA CONTROLLER INFORMATION

UpMerce acts as a data processor for most merchant data and as a data controller for certain operational data. For questions about data processing, please contact us.

  1. CONTACT INFORMATION

For privacy-related questions, concerns, or to exercise your rights, contact us at:

Email: support@upmerce.co
Address: Dai Mo, Ha Noi, Viet Nam, 100000

  1. COMPLIANCE CERTIFICATIONS

We maintain compliance with relevant privacy frameworks and may obtain certifications such as:

  • SOC 2 Type II (if applicable)
  • ISO 27001 (if applicable)
  • Privacy Shield (if applicable)
  1. INCIDENT RESPONSE

In the event of a data breach, we will:

  • Notify affected users within 72 hours where required by law
  • Report to relevant supervisory authorities as required
  • Take immediate steps to contain and investigate the incident
  • Implement measures to prevent future incidents

This Privacy Policy is designed to comply with major privacy regulations including GDPR, CCPA, and other applicable laws. By using our Apps, you acknowledge that you have read and understood this Privacy Policy.