Privacy Policy

Aspen Consulting Limited ("we", "us", or "our") operates the Membership Access Shopify App (the "App"). This Privacy Policy describes how privacy is maintained and how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

1. Personal Information the App Collects

When you install the App, we are automatically able to access certain types of information from your Shopify account:

• Store Information: Your shop domain, store name, and plan details.
• Customer Information: When a customer purchases a membership product from your store, we collect their name, email address, and Shopify customer ID.
• Order Information: We access order details (such as order ID and line items) specifically to verify membership purchases and process cancellations or refunds.

We collect this information directly from the relevant Shopify APIs (such as the Admin GraphQL API and Webhooks) in order to provide the App's core functionality.

2. How Do We Use Your Personal Information?

We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Specifically, we use this information to:

• Create and maintain digital membership records for your customers.
• Generate unique QR codes and secure pass URLs for each member.
• Track venue occupancy and check-in history.
• Process subscription renewals, extensions, and cancellations.
• Communicate with you (the merchant) regarding app updates, billing, or technical support.

3. Sharing Your Personal Information

We do not sell, rent, or trade your personal information or your customers' personal information to third parties. We may share personal information only in the following limited circumstances:

• Service Providers: We use secure third-party infrastructure (such as MongoDB Atlas for database hosting and Railway for application hosting) to power the App. These providers are bound by strict data processing agreements.
• Compliance with Laws: We may share personal information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

4. Data Retention and Deletion

We retain your store and customer information only for as long as you have the App installed on your Shopify store.

In accordance with Shopify's GDPR requirements, we subscribe to mandatory privacy webhooks:

• Customer Data Request (customers/data_request): If a customer requests to view their data, we will provide you with a summary of the data we hold on them.
• Customer Redact (customers/redact): If a customer requests to be deleted, we will permanently delete their membership record and check-in history from our database.
• Shop Redact (shop/redact): If you uninstall the App, we will automatically delete all data associated with your store within 48 hours of receiving the redaction webhook from Shopify.

5. Your Rights (GDPR & UK GDPR)

If you are a resident of the United Kingdom or the European Economic Area (EEA), you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European or UK resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you install the App), or otherwise to pursue our legitimate business interests listed above.

6. Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

7. Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at:

contact@aspenconsulting.co.uk

Aspen Consulting Limited
United Kingdom