Privacy Policy for VibeWheel
Last Updated: January 22, 2026
This Privacy Policy describes how VibeWheel (the "App") collects, uses, and shares personal information when you install or use the App in connection with your Shopify-supported store.
1. Personal Information the App Collects
When you install the App, we automatically access certain types of information from your Shopify account via the Shopify API:
- Merchant Information: We collect your shop's primary domain, email, and store name to facilitate app functionality, billing, and communication.
- Customer Information: When a customer interacts with a VibeWheel popup, we capture their email address and marketing consent status.
- Technical Data: We respect user privacy settings. When consent is granted via Google Consent Mode v2, we use cookies to manage "one spin per user" logic. We do not store browser fingerprints or IP addresses once the session is complete.
2. How We Use Your Personal Information
We use the personal information we collect to provide the core service of the App:
- Lead Management: We store collected email addresses so they can be displayed on your Merchant Dashboard and successfully synchronized with your Shopify Customer database.
- Segmentation: We apply custom tags (e.g., "VibeWheel-Winner") to customer profiles in your Shopify Admin to help you track the performance of your campaigns.
- Consent Tracking: We ensure that marketing consent levels are correctly passed to Shopify to keep your mailing lists compliant.
3. Data Retention and Deletion
We believe in data minimization and merchant control:
- Active Stores: We retain lead data (emails) for as long as the App is installed to provide you with historical analytics on your dashboard.
- Uninstallation: If you uninstall the App, we retain your data for a 48-hour grace period to allow for seamless restoration should you choose to reinstall.
- Mandatory Redaction: In accordance with Shopify’s security requirements, we honor the
shop/redact webhook. This request is triggered 48 hours after uninstallation, at which point all data associated with your shop (including accounts, campaigns, and events) is permanently deleted from our database.
4. Security
We protect your data using industry-standard encryption (AES-256 for data at rest and TLS 1.2+ for data in transit). Access to our backend systems is strictly controlled and protected by mandatory multi-factor authentication (2FA).
5. Individual Rights (GDPR / CCPA)
Because VibeWheel processes data on your behalf, customers should direct their privacy requests to you (the Merchant). We fully support Shopify's mandatory GDPR webhooks (customer redaction and data requests) to help you fulfill these obligations immediately.