Naxe

Privacy Policy

Effective Date: February 6, 2026

Introduction

Welcome to Naxe. We are committed to protecting your privacy and being transparent about how we handle data. This Privacy Policy explains what information we collect when you use our Shopify app, why we collect it, how we use it, and your rights regarding your data.

Naxe is a Shopify embedded app that helps merchants create on-site offers (Add-ons, Upsells, Cross-sells, and Frequently Bought Together recommendations), apply rule-based discounts using Shopify Functions, and track performance through analytics.

1. Who We Are

Naxe is a data processor acting on behalf of merchants (data controllers) who install our app. When you install Naxe on your Shopify store, you remain the controller of your store's data, and we process it according to your instructions and this Privacy Policy.

2. Information We Collect

2.1 Merchant Data

When you install and use Naxe, we collect and store the following merchant information:

  • Shop Information: Shop domain, shop ID, store name, contact email, currency, timezone
  • Installation Data: Installation timestamp, app version, authentication tokens (encrypted)
  • App Configuration: Your app settings, offer configurations (product selections, rules, display settings), discount rule configurations, theme integration settings, widget preferences
  • Subscription & Billing: Subscription plan level, billing status, payment history (handled through Shopify's billing API—we do not store payment card details)

2.2 Analytics & Usage Data

To help you measure the performance of your offers, we collect aggregated analytics data:

  • Event Data: Offer impressions (views), clicks, add-to-cart events, conversions
  • Metadata: Timestamps, offer IDs, product IDs, session identifiers (anonymized)
  • Aggregated Metrics: Conversion rates, revenue impact, performance trends

Note: All analytics data is tied to shop and offer identifiers, not individual customer identities.

2.3 Customer Personal Data

We do NOT intentionally collect or store customer personal information such as names, email addresses, phone numbers, or shipping addresses.

If any customer personal data inadvertently appears in our logs or systems (for example, through error reports), we take immediate steps to redact or delete it. We follow a strict data minimization principle.

2.4 Technical & Log Data

  • Server Logs: IP addresses, browser type, device information, referrer URLs (for security and debugging)
  • Error Monitoring: Error messages, stack traces (any personal data is redacted)
  • Security Logs: Authentication attempts, access logs (retained up to 90 days for security purposes)

3. How We Use Your Information

We use the collected data for the following purposes:

  • Service Delivery: To provide, operate, and maintain the Naxe app functionality (creating offers, applying discounts, displaying widgets on your storefront)
  • Analytics & Reporting: To generate performance reports and insights about your offers
  • Billing & Payments: To manage your subscription and process payments through Shopify
  • Communication: To send you service updates, feature announcements, and support responses
  • Improvement: To improve our app, fix bugs, and develop new features
  • Security: To detect, prevent, and address technical issues, fraud, and security threats
  • Legal Compliance: To comply with applicable laws, regulations, and Shopify's requirements

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or other regions with data protection laws, we process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the app services you've subscribed to
  • Legitimate Interests: Improving our services, ensuring security, and analyzing usage patterns (balanced against your privacy rights)
  • Legal Obligation: Complying with legal requirements, such as responding to lawful requests
  • Consent: Where required by law, we will obtain your explicit consent (e.g., for marketing communications)

5. Data Sharing & Third Parties

We do not sell your data. We only share data with trusted third parties as necessary to operate our service:

5.1 Service Providers

  • Hosting & Infrastructure: Cloud hosting providers (e.g., AWS, Google Cloud, or similar) to store and process data securely
  • Database Services: Secure database providers for storing app configuration and analytics
  • Monitoring & Logging: Error tracking and monitoring services (e.g., Sentry) to detect and resolve technical issues

All third-party providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Shopify

As a Shopify app, we integrate with Shopify's platform and use Shopify APIs to access your store data. Billing and payments are handled entirely through Shopify's billing system. Please review Shopify's Privacy Policy for details on how Shopify handles data.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if necessary to protect our rights, your safety, or the safety of others.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your home country, including the United States or other locations where our service providers operate.

When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), adequacy decisions, or other legally approved mechanisms to protect your data in compliance with GDPR and other applicable laws.

7. Data Retention

We retain your data only as long as necessary to provide our services and fulfill the purposes described in this policy:

  • While App is Installed: We retain your shop configuration, offer settings, and analytics data for the duration of your subscription
  • After Uninstallation: Within 30 days of app uninstallation or receipt of a shop redaction request, we delete or anonymize your shop data
  • Security Logs: Security and access logs are retained for up to 90 days for fraud prevention and security purposes
  • Legal Requirements: We may retain certain data longer if required by law or to resolve disputes

8. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

  • Encryption: All data transmission uses HTTPS/TLS encryption. Sensitive data is encrypted at rest
  • Access Controls: Strict access controls and authentication mechanisms limit who can access data
  • Least Privilege: Team members have access only to data necessary for their role
  • Audit Logs: We maintain audit trails of data access and modifications
  • Regular Security Reviews: We conduct regular security assessments and updates
  • Incident Response: We have procedures in place to detect, respond to, and notify you of any security breaches

While we strive to protect your data, no system is completely secure. You are responsible for maintaining the security of your Shopify account credentials.

9. Cookies & Tracking Technologies

Naxe may use cookies and similar tracking technologies in the following contexts:

9.1 Admin/App Interface

When you access the Naxe app within the Shopify admin, we may use session cookies and local storage to maintain your authenticated session and remember your preferences. These are essential for the app to function.

9.2 Storefront Widgets

Our storefront widgets (the offers displayed to your customers) may use cookies or local storage to track analytics events (impressions, clicks, conversions) and provide a consistent user experience. These are anonymized and do not collect personal customer information.

9.3 Managing Cookies

Most browsers allow you to control cookies through their settings. However, disabling cookies may affect the functionality of the app. As a merchant, you are responsible for ensuring your store's cookie policy complies with applicable laws and informs your customers about cookies used by third-party apps like Naxe.

10. Your Rights & Choices

Depending on your location, you may have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise your rights: Contact us at [email protected]

You also have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

11. Shopify GDPR Webhooks & Data Requests

Naxe fully supports Shopify's mandatory GDPR webhooks to ensure compliance with data protection regulations:

11.1 customers/data_request

If a customer requests their data from your store, Shopify will notify us. Since we do not intentionally store customer personal data, we will confirm that we hold no identifiable customer information and provide any relevant aggregated, anonymized data if applicable.

11.2 customers/redact

If a customer requests deletion of their data, we will redact or delete any data associated with that customer (if any exists in our systems) within 30 days.

11.3 shop/redact

If you uninstall the app or request deletion of your shop data, we will delete or anonymize all shop-related data within 30 days, except for data we are legally required to retain (e.g., financial records, security logs).

12. Children's Privacy

Naxe is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make significant changes, we will notify you by:

  • Posting the updated policy on this page with a new "Effective Date"
  • Sending you an email notification (if you have provided contact information)
  • Displaying a notice in the app

We encourage you to review this Privacy Policy periodically. Your continued use of Naxe after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]

App Support: [email protected]

Response Time: We aim to respond to all privacy inquiries within 48 hours

15. Additional Information for Specific Regions

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your information, and the right to opt-out of the sale of personal information. We do not sell personal information.

Canadian Residents (PIPEDA)

If you are in Canada, you have the right to access and correct your personal information, and to file a complaint with the Privacy Commissioner of Canada if you believe your privacy rights have been violated.

Australian Residents (Privacy Act)

If you are in Australia, you have rights under the Privacy Act 1988, including the right to access and correct your personal information, and to make a complaint to the Office of the Australian Information Commissioner (OAIC).

Thank you for trusting Naxe with your data.

We are committed to transparency, security, and respecting your privacy rights. If you have any questions or feedback about this policy, we're here to help.