SellRise — Privacy Policy

Last updated: May 2026

1. Overview

SellRise is a Shopify app that helps merchants increase conversions through configurable storefront widgets including sticky add-to-cart, trust badges, urgency timers, free shipping bar, recent order notifications, and email/WhatsApp lead capture popups.

2. Data we collect

• Shop information: shop domain, store currency, and Shopify access token.
• Merchant settings: configuration values you enter (button text, colors, thresholds, badge selections, discount codes) stored as Shopify metafields.
• Customer leads (opt-in only): If the merchant enables the Email & WhatsApp Popup feature, customers may voluntarily submit their email address and/or phone number through the popup form. This data is stored to make it available to the merchant for their own marketing communications.
• Analytics events: Anonymous widget interaction counts (impressions, clicks, conversions) per shop. No personally identifiable information is collected in analytics.

3. How we use data

• To authenticate merchants and provide app functionality.
• To save and retrieve merchant configuration settings.
• To render storefront widgets based on merchant configuration.
• To deliver captured leads to the merchant who owns the store (via the in-app Leads list and CSV export).
• To display analytics in the merchant's Revenue Dashboard.

4. Data sharing

We do not sell, rent, or share merchant or customer data with any third party. Captured customer leads are accessible only to the merchant who owns the Shopify store.

5. Data retention

• Merchant settings are stored as long as the app is installed.
• Customer leads are stored as long as the app is installed.
• Session data is deleted immediately on uninstall.
• 48 hours after uninstall, we receive a shop/redact webhook and delete all remaining shop data, including leads and analytics events.
• Customers can request immediate deletion via the customers/redact GDPR webhook (triggered by Shopify when a customer requests data erasure).

6. GDPR & CCPA compliance

SellRise implements all Shopify mandatory compliance webhooks:

• customers/data_request — Returns all leads matching the customer's email or phone.
• customers/redact — Deletes all leads matching the customer's email or phone.
• shop/redact — Deletes all shop-related data within 30 days of uninstallation.

7. Security

• All data transmitted via HTTPS (TLS 1.3).
• Webhooks verified using Shopify HMAC signatures.
• Access tokens and customer data stored encrypted at rest.
• Database hosted in a secure cloud environment with restricted access.
• No third-party trackers or analytics services that share data outside SellRise.

8. Customer consent

Customer email and phone capture occurs only through the Popup widget when the customer voluntarily submits the form. The popup clearly states what information is being collected and the purpose. Customers may close the popup without submitting and are not tracked if they decline.

9. Contact

For privacy questions or data requests, contact: info@yumnaz.com

© 2026 SellRise. All rights reserved.