Privacy Policy
Effective Date: December 13, 2024
Welcome
Welcome to Giftwell! Giftwell Inc. ("Giftwell," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. As a corporate gifting solution for merchants using Shopify, we help merchants create personalized gifting experiences for their customers. This Privacy Policy explains how we collect, use, disclose, and protect your personal data. By using our app, you agree to the terms outlined in this policy.
1. Information We Collect
a. Information Provided by Merchants
During the app installation process, we collect business contact information, including the merchant’s name, email address, and Shopify store details. This information is used for account management, customer support, and to facilitate communication regarding the app's functionality.
Merchant Information. During the app installation process, we collect business contact information, including the merchant’s name, email address, and Shopify store details. This information is used for account management, customer support, and to facilitate communication regarding the app's functionality.
Recipient Information. Merchants upload recipient details, including names, shipping addresses, and contact information, to fulfill gifting orders. This information is processed to ensure that gifts are delivered accurately and on time.
b. Information Collected Automatically
To enhance the functionality of the Giftwell app, we automatically collect certain technical data from users:
Device Information. We collect data about the device used to access our app, including browser type, operating system, and IP addresses. This helps us optimize the app experience and troubleshoot any technical issues.
Cookies and Usage Data. We use cookies to improve the functionality of our app, remember preferences, and analyze usage patterns. Cookies help us gather data about how users interact with our app, which allows us to enhance user experience and performance.
c. Information from Shopify
Giftwell integrates with the Shopify platform and collects the following data from Shopify’s API:
Customer Orders. Customer orders, including names, email addresses, and shipping addresses.
Product Information. We access product details to enable merchants to set up gifting workflows, personalize the gifting experience, and ensure product availability.
Payment Information. We do not store any sensitive payment information such as credit card details. Shopify processes payments on behalf of merchants.
2. How We Use Information
We only use the information we collect for the specific purposes described in this policy, including:
Facilitating Corporate Gifting. We process orders, personalize recipient experiences, and ensure that all gifts are fulfilled according to merchant specifications.
Order Fulfillment and Delivery. We use recipient data to coordinate with delivery partners and ensure gifts are sent to the correct address.
Improving App Functionality. We continuously monitor usage patterns to improve the app’s performance, address bugs, and optimize user experience.
OpenAI API Usage. We process recipient addresses using OpenAI’s API to format and validate the information, ensuring accuracy before gifts are shipped.
Legal Compliance. We may use your data to comply with legal obligations, respond to government requests, or defend our legal rights.
3. OpenAI API Usage
As part of the functionality of the Giftwell app, we use OpenAI’s API to process and validate recipient data for formatting purposes.
Data Minimization. Only the recipient’s name, address, and contact details are processed by OpenAI for formatting and validation.
Security and Encryption. All data sent to OpenAI is encrypted during transmission to ensure confidentiality and integrity. OpenAI does not store or retain any personal data beyond the duration of processing.
Compliance with Data Protection Laws. Our use of OpenAI’s API aligns with both Shopify’s guidelines and OpenAI’s Privacy Policy to ensure that recipient data is handled securely and in compliance with applicable laws.
4. Sharing Information
Giftwell does not sell personal data. We only share personal information under the following circumstances:
Service Providers. We may share data with trusted third-party service providers necessary to fulfill gifting orders. This includes shipping partners, payment processors, and customer support providers. These service providers are bound by contracts to maintain the confidentiality and security of your data.
Legal Requirements. We may disclose personal data if required to do so by law or in response to lawful requests from public authorities, including to meet national security or law enforcement requirements.
Shopify Ecosystem. As part of the app’s functionality, data is processed within Shopify's ecosystem, which includes Shopify’s servers, storage systems, and APIs.
5. Data Security
Giftwell takes your privacy and data security seriously. We implement a range of technical and organizational measures to protect your personal information:
Shopify’s Security Standards. All data processed within the Giftwell app is stored and handled using Shopify’s security infrastructure, including encryption and secure storage practices.
Encryption. We encrypt all sensitive data both in transit and at rest using industry-standard encryption protocols.
Access Control. Internal access to personal data is restricted to authorized personnel only, based on the principle of least privilege.
Merchant Responsibility. Merchants are responsible for ensuring the security of their Shopify accounts and passwords. We recommend merchants use strong, unique passwords and enable two-factor authentication to safeguard their accounts.
6. Your Data Rights
Giftwell respects the privacy rights of individuals and complies with relevant data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Depending on your jurisdiction, you may have the following rights:
a. Rights under GDPR (for EU Residents):
Access. You may request a copy of your personal data and how it is being processed.
Correction. You can correct any inaccuracies in your personal data.
Erasure. You may request the deletion of your personal data under certain circumstances.
Portability. You have the right to request your data in a structured, machine-readable format for transfer to another provider.
b. Rights under CCPA (for California Residents):
Right to Know. You can request details about what personal data we collect, how it is used, and with whom it is shared.
Right to Delete. You can request the deletion of your personal data.
Right to Opt-Out. You can opt out of the sale of your personal information (we do not sell data).
To exercise your rights, please contact us at team@giftwell.ai. In some cases, we may need to direct you to the applicable Shopify merchant to fulfill your request, especially for recipient data.
7. Cookies and Tracking
Giftwell uses cookies to enhance the user experience and improve app performance. Cookies may be used for the following purposes:
Functionality. To remember user preferences, such as language settings and login details.
Analytics. To collect anonymized data on how users interact with the app, helping us improve features and performance.
Advertising. To track user interactions and deliver more relevant marketing messages.
Merchants and users can manage their cookie preferences through browser settings or app-specific settings.
8. Data Retention
Giftwell retains personal data for the following durations:
Recipient Data. We delete recipient information (including names, addresses, and contact details) 30 days after the completion of an order to protect user privacy.
Merchant Data. We retain merchant account data as long as the merchant actively uses the app. When the merchant uninstalls the app, we may retain some data for a limited period to comply with legal obligations.
We periodically review data retention policies to ensure compliance with applicable laws and best practices.
9. International Data Transfers
For users outside the United States, your personal data may be transferred to and processed in the United States or other countries where Shopify operates. We ensure that these transfers comply with applicable data protection laws, including using Standard Contractual Clauses (SCCs) to ensure an adequate level of protection for EU users.
By using our services, you consent to these transfers.
10. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or other circumstances. Any changes to this Privacy Policy will be posted on this page, and the “Effective Date” at the top of this policy will be updated. We encourage you to review this policy periodically for any updates.
11. Contact Us
If you have any questions about this Privacy Policy or need assistance, please contact us at:
Email. team@giftwell.ai
Address. 3833, 1007 N Orange St., 4th Floor, Wilmington, DE, New Castle, 19801