Privacy Policy
Promo Firewall scans your active discounts for dangerous stacking combinations. This page explains what we collect, why we collect it, and your choices.
- Discount scanning. We built Promo Firewall to scan discount stacking risk, not customer behavior.
- Scan inputs. We read active discounts, combinability settings, and product/variant data needed to construct witness carts.
- No customer data needed. Scans do not require order history or customer personal data.
- No selling. We do not sell your data.
- Retention is limited. We retain scan results and related service data only as long as needed to operate the service, support merchants, meet legal obligations, and secure the app.
Privacy at a glance
| Category | What this means |
|---|---|
| Data used for scans | Discount configuration: active discounts, combinability flags, and product/variant data for witness cart construction. |
| Not required for scans | Not required: order history, customer profiles, payment card data, or full checkout contents. |
| Billing and plans | Shopify billing: plan and subscription state is handled via Shopify billing events. |
| Retention model | Purpose-limited retention: service data is kept only as long as needed for support, legal, billing, and security obligations. |
| Privacy requests | Email: privacy@promofirewall.com. |
On this page
- 1. Who this policy applies to
- 2. Information we collect
- 3. What we do not collect for scans
- 4. How we use information
- 5. Legal bases for processing
- 6. Data sharing
- 7. Data retention
- 8. Data security
- 9. International data transfers
- 10. Your rights and choices
- 11. Cookies and analytics
- 12. Children’s privacy
- 13. Changes to this policy
- 14. Contact us
1. Who this policy applies to
This policy applies to merchants who install and use the Promo Firewall Shopify app, and to visitors of our website pages such as support, help, contact, and marketing pages.
It does not govern Shopify’s own handling of your data. Shopify remains a separate controller/provider under its own privacy terms.
2. Information we collect
A. Information from your Shopify store (app functionality)
To scan for discount stacking risks, we may access and process:
- Store identifier and store domain
- Active discount configurations (codes, automatics, BXGY, free shipping)
- Discount combinability flags (combinesWithProduct, combinesWithOrder, combinesWithShipping)
- Product and variant data referenced by discounts (for witness cart construction)
- App scan metadata (scan time, finding counts, severity classifications)
We collect only what is reasonably necessary to provide the scanning service.
B. Account and subscription information
Depending on your plan and billing flow, we may process:
- Shopify shop/account identifiers
- Plan/tier status (Free, Pro Small, Pro Growth, Pro Large)
- Subscription status and billing events (via Shopify)
- Support communication details (email address and messages you send us)
C. Website and technical usage information
Pages viewed with timestamps and diagnostic/error logs, used to secure, maintain, and improve the service.
IP address or IP-based location data for analytics purposes.
Our infrastructure provider (Cloudflare) may process IP addresses and related network data to deliver and protect the service (for example, for security and abuse prevention).
If used, server-side analytics employ anonymization measures and do not run analytics scripts in the page.
3. What we do not collect for scans
Promo Firewall is designed to scan discount configurations. For core app functionality, we do not require access to:
- Customer order history
- Customer personal profiles
- Payment card data
- Full checkout contents of individual customers
If this changes for a future feature, we will update this policy and request any required permissions transparently.
4. How we use information
We use information to run scans, generate findings reports, classify severity, trigger re-scans for paid plans, show scan history and status, provide support, maintain security and reliability, prevent abuse, enforce our Terms, and comply with legal obligations.
We do not use your store data to build public datasets about your store.
5. Legal bases for processing (where applicable)
If GDPR or UK GDPR applies, our legal bases may include contract, legitimate interests, legal obligation, and consent where required.
7. Data retention
We retain data only as long as needed to provide the service, maintain scan history and monitoring features, resolve disputes, enforce agreements, and meet legal/accounting obligations.
Retention periods vary by data type. If you uninstall the app, we may delete or anonymize store-related data after a reasonable period unless retention is required for legal, billing, or security reasons.
8. Data security
We use reasonable technical and organizational measures to reduce unauthorized access, disclosure, alteration, and destruction. No system is fully risk-free, but we design Promo Firewall with reliability and least-necessary access for scans.
If you suspect a security issue, contact us immediately at security@promofirewall.com.
9. International data transfers
Your information may be processed in countries other than your own, depending on infrastructure and service providers. Where required, we use appropriate safeguards for international transfers, including contractual protections.
10. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, restrict, object, and request portability of personal data, and to withdraw consent where processing is based on consent.
To submit a request, email privacy@promofirewall.com. We may need to verify identity and authority (for example, if a request is made on behalf of a store).
12. Children’s privacy
Promo Firewall is intended for businesses and store operators. It is not directed to children.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and update the Last updated date. If changes are material, we may provide additional notice such as in-app messaging or email.
14. Contact us
Shopify is a separate service provider with its own privacy terms and data practices. This policy covers Promo Firewall only.