Last updated: April 20, 2026
Privacy Policy
This Privacy Policy describes how Devicely ("we", "our", or "us") collects, uses, and protects information when you install and use the Devicely application (the "App") on your Shopify store.
1. Who We Are
Devicely is a Shopify application developed to help merchants display device-specific prices and apply automatic
discount rules based on the visitor's device category (e.g., top, middle, low-cost, obsolete). The App operates as
a Shopify partner application and is subject to Shopify's Partner Program terms.
For any privacy-related enquiries, please contact us at:
Email: support@devicely.app
2. Information We Collect
We collect only the data necessary to operate the App. This falls into two categories:
2.1 Merchant (Shop) Data
- Shop domain – used to identify and isolate your store's data.
- Shopify access token – used to make authorized API calls on your behalf (stored encrypted).
- Discount rules – the rules you configure inside the App (device category, discount type, value, etc.).
- Product exclusions – products you exclude from discount rules.
- Subscription plan – your current billing plan (Free, Standard, Premium).
- App support tickets – messages sent through the in-app support system.
- Theme configuration – selectors and settings from the Shopify Theme App Embed.
2.2 Aggregated Analytics Data
- Device category visits – daily counts of sessions grouped by device tier (no individual visitor tracking).
- Order conversion counts – number of orders per device category per day (aggregated, not tied to specific customers).
- Rule session statistics – how many sessions triggered each discount rule (no personal identifiers).
2.3 What We Do NOT Collect
- Individual customer names, email addresses, or personal details.
- Payment card or financial information.
- Browsing history or persistent tracking cookies on your storefront visitors.
3. How We Use Your Information
- To operate and provide the core features of the App (discount rules, price display, analytics).
- To authenticate your Shopify admin session and make authorized API requests.
- To calculate and display aggregate analytics in your dashboard.
- To manage your subscription and billing through Shopify's billing API.
- To respond to support requests you submit.
- To send transactional email notifications related to your account (if any).
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your data on the following legal bases:
- Contract – processing is necessary to provide the App services you have requested.
- Legitimate interest – aggregated analytics to improve the App's features and performance.
- Legal obligation – compliance with Shopify's mandatory GDPR compliance webhooks.
5. Data Sharing & Third Parties
We do not sell, rent, or trade your data. We share data only with the following trusted processors:
| Processor | Purpose | Privacy |
|---|---|---|
| Shopify Inc. | Platform infrastructure, billing, OAuth authentication | shopify.com/legal/privacy |
| Vercel Inc. | Application hosting and serverless compute | vercel.com/legal/privacy-policy |
| Prisma Data (Accelerate) | Database connection pooling and caching layer | prisma.io/privacy |
| Google LLC | AI assistant feature (Gemini API), optional | policies.google.com/privacy |
6. Data Retention
- Active stores – data is retained for as long as the App is installed on your Shopify store.
- After uninstall – we automatically delete all store data within 48
hours of receiving the
app/uninstalledwebhook from Shopify. - Analytics data – aggregated statistics are retained for up to 12 months then automatically purged.
- Support tickets – retained for 24 months to ensure continuity of support history.
7. GDPR Compliance Webhooks
In compliance with Shopify's mandatory data privacy requirements, we handle the following Shopify GDPR webhooks:
- customers/data_request – we acknowledge the request. As we do not store individually identifiable customer data, there is no personal data to export.
- customers/redact – we acknowledge the request. No individual customer records are stored or deleted because we only process aggregated, anonymized statistics.
- shop/redact – received 48 hours after app uninstall. We permanently delete all shop-level data from our database.
8. Data Security
We implement industry-standard security measures to protect your data:
- All data is transmitted over HTTPS/TLS.
- Shopify access tokens are stored encrypted in our database.
- All incoming Shopify webhooks are verified using HMAC-SHA256 signatures before processing.
- Access to our database and hosting environment is restricted to authorized personnel only.
- We regularly review our security practices and infrastructure.
9. Your Rights
Depending on your location, you may have the following rights regarding your data:
- Access – request a copy of the data we hold about your store.
- Rectification – request correction of inaccurate data.
- Erasure – request deletion of your store's data. Uninstalling the App triggers automatic deletion within 48 hours.
- Portability – request your data in a machine-readable format.
- Objection – object to processing based on legitimate interests.
To exercise any of these rights, please contact us at support@devicely.app.
10. Cookies
The App uses session cookies strictly necessary for authentication within the Shopify Admin interface. These cookies are set by Shopify's authentication flow and do not track visitors across other websites. No third-party marketing or analytics cookies are placed by Devicely on your storefront.
11. Children's Privacy
Devicely is a business application designed for Shopify merchants. It is not directed at individuals under the age of 16, and we do not knowingly collect personal data from minors.
12. International Data Transfers
Our infrastructure is hosted primarily within the United States (Vercel). If you are based in the EEA or the United Kingdom, your data may be transferred to and processed in countries that may not have the same data protection laws. In such cases, we rely on Shopify's Standard Contractual Clauses and our processors' data processing agreements to ensure an adequate level of protection.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the App after any changes constitutes your acceptance of the updated policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: