Privacy Policy

Last updated: May 18, 2026

UpsellPro ("UpsellPro", "we", "our", or "us") provides a post-purchase upsell tool for Shopify merchants. This Privacy Policy explains what information we process, how we use it, with whom we share it, and how merchants and customers can exercise their rights.

1. Scope

This policy applies to data we process when a Shopify merchant installs the UpsellPro application on their Shopify store and when customers of that store interact with upsell offers powered by UpsellPro.

2. Information We Process

2.1 Merchant (Shop) Information

• Shop domain (e.g. example.myshopify.com)
• Shopify session and OAuth access tokens (encrypted at rest)
• Upsell configuration settings created by the merchant
• Product, variant, and discount identifiers used to render offers
• App billing status (subscription tier, trial state)

2.2 Protected Customer Data

UpsellPro requests access to a minimum set of protected customer data fields through the Shopify Orders API and webhooks. We only request what is strictly required to deliver post-purchase upsell functionality:

• Customer name (first and last name) — used in real time to personalize the upsell screen shown after checkout (for example, "Thanks, Maria!"). Used under the legal basis of legitimate interests / personalization.
• Customer email — used to correlate the post-purchase session with the original order so the correct upsell offer is shown and recorded. Used under the legal basis of app functionality / contract performance.

UpsellPro does not request or store customer phone numbers, shipping addresses, billing addresses, payment instruments, customer notes, or any other personally identifiable information beyond the two fields above.

2.3 Storefront and Analytics Data

We process anonymous event data such as upsell impressions, accept/decline events, and aggregated conversion metrics. This data is associated with a shop, not with an individual customer.

3. How We Use Information

• To install and authenticate the app with the merchant's Shopify store
• To deliver the configured post-purchase upsell offers
• To personalize the upsell screen with the customer's first name
• To match a post-purchase session to its order via the customer email
• To bill the merchant according to their selected plan
• To provide customer support and resolve technical issues
• To meet Shopify's compliance and security requirements

We do not use protected customer data for marketing, advertising, profiling, automated decision-making with legal effects, training machine-learning models, or any purpose other than what is described in this policy.

4. Data Sharing

We do not sell, rent, or trade personal data. We only share data with the following categories of service providers, strictly to operate the app and under written data protection commitments:

• Render.com — application hosting (encrypted in transit via TLS, SOC 2 compliant infrastructure)
• Supabase — managed PostgreSQL for storing shop sessions and upsell configuration (encrypted at rest with AES-256, SOC 2 Type II)
• Shopify — data flows necessarily between our app and Shopify's APIs and webhooks

5. Data Retention

• Customer name and email received via webhooks are processed in memory only and are not persisted in our database.
• Shop sessions, access tokens, and upsell settings are retained for as long as the app is installed.
• When the app is uninstalled, we receive an app/uninstalledwebhook and delete all related shop sessions within 48 hours.
• When Shopify sends a shop/redact request (48 hours after uninstall), we permanently delete all remaining shop data.
• Aggregate, non-identifiable analytics may be retained indefinitely.

6. Security

• All data is encrypted in transit using TLS 1.2 or higher.
• Data at rest is encrypted using AES-256 (Supabase).
• Database backups are encrypted by the infrastructure provider.
• Access to production data is restricted to authorized personnel.
• Strong authentication and two-factor authentication are enforced for staff.
• Access to personal data is logged by our infrastructure providers.
• We maintain a documented security incident response procedure.

7. GDPR & Compliance Webhooks

UpsellPro implements the mandatory Shopify GDPR compliance webhooks:

• customers/data_request — Because we do not persist customer personal data, the response confirms there is no stored data to deliver.
• customers/redact — Same as above; no personal data is stored, so there is nothing to delete.
• shop/redact — All sessions and configuration associated with the shop are permanently deleted.

8. International Data Transfers

Our infrastructure may process data in the European Union and the United States. All providers maintain appropriate safeguards (Standard Contractual Clauses or equivalent) for international transfers.

9. Customer Rights

Customers of merchants using UpsellPro may exercise the following rights through the merchant operating the store: access, rectification, deletion, restriction, portability, and objection. Because the merchant is the controller of the customer data, requests should be directed to the merchant first. UpsellPro will support the merchant in fulfilling these requests.

10. Merchant Responsibilities

Merchants are responsible for their own privacy notices and for obtaining any necessary consents from their customers under applicable laws (including GDPR, CCPA, and other regional regulations).

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified through the app dashboard or by email to the merchant.

12. Contact

For privacy-related questions, data subject requests, or to report a security concern, contact us at:
Email: support@upcell.onrender.com

UpsellPro is operated by MBCSOFT LLC.