Privacy Policy
Effective date:
The short version
- We only process data to prevent discount abuse — nothing else.
- We never sell, share, or send your data to third parties.
- No advertising, analytics, or social media cookies.
- All shopper data is auto-deleted after 90 days.
See also our Terms of Service and Data Processing Agreement.
1. Who we are
OfferGuard ("we", "us", "our") operates the OfferGuard Shopify application and the website at offerguard.app. OfferGuard helps Shopify merchants protect new-customer discount offers from abuse by analyzing checkout signals.
For data protection purposes, the Shopify merchant who installs OfferGuard is the data controller. OfferGuard acts as a data processor on the merchant's behalf.
2. Data we collect
2.1 Merchant data
When a merchant installs OfferGuard, we store:
- Shopify store domain (e.g., your-store.myshopify.com)
- Billing plan tier and monthly usage counters
- Rules and configuration the merchant creates within the app
2.2 Shopper data collected at checkout
When a shopper reaches checkout on a merchant's store, OfferGuard processes the following categories of data to evaluate the merchant's eligibility rules:
- Contact details — email address and, if provided at checkout, phone number
- Shipping address — including city, postal code, region, and country
- Network information — the IP address associated with the checkout request
- Device characteristics — high-level browser and device attributes used to derive a non-identifying device hash
- Cart details — items, quantities, and order totals
- Checkout and browsing signals — limited checkout and page view events provided by Shopify
- Buyer identity — whether the shopper is signed in to a Shopify customer account
2.3 Visitor tracking
OfferGuard uses a Shopify web pixel that sets a first-party functional cookie scoped to the merchant's domain. The cookie holds a randomly generated visitor identifier used solely to recognize repeat visits from the same browser. It is not used for advertising, profiling, or cross-site tracking.
3. How we use the data
We process shopper data exclusively to:
- Evaluate whether a shopper qualifies as new or returning under the merchant's rules
- Detect indicators of duplicate or repeat purchases
- Identify low-quality or disposable contact information
- Apply merchant-configured post-order actions (such as order tags, customer tags, or fulfillment holds)
- Log checkout decisions for the merchant's dashboard and reporting
We do not use shopper data for advertising, profiling, marketing, or any purpose other than the abuse-prevention functionality described above.
4. Data sharing
Shopper data is processed within OfferGuard's own systems and through the Shopify Admin API in order to deliver the service to the merchant. We do not sell, rent, or share personal data with any third party for advertising, marketing, or unrelated purposes. We may disclose data where required to comply with applicable law or to protect the security and integrity of the service.
5. Data storage and security
- Data is stored in a secure database accessible only to authorized OfferGuard systems
- Communication with the Shopify checkout and merchant dashboard uses industry-standard TLS encryption
- Access to the merchant dashboard is protected through Shopify's OAuth session authentication
- We do not store or process payment card information — all payment processing is handled by Shopify
6. Data retention
- Shopper checkout records (contact, network, device, and cart data) — retained for up to 90 days, then automatically purged
- Device hashes — retained for up to 90 days
- Merchant rules and configuration — retained for the duration of the app installation
- Merchant account data — deleted within 30 days of app uninstallation, in line with Shopify's mandatory shop redaction process
7. Shopify permissions
OfferGuard requests only the Shopify permissions necessary to deliver its abuse-prevention features. These are presented to the merchant during installation and are used to:
- Look up customer and order history needed to evaluate a shopper as new or returning
- Add tags and notes to flagged orders
- Place fulfillment holds on flagged orders, where the merchant has enabled this action
- Register a checkout web pixel and receive checkout and page view events
8. Your rights (GDPR / CCPA)
If you are a shopper on a merchant's store, the merchant is the data controller. To exercise your data protection rights (access, deletion, correction, portability), please contact the merchant directly.
Merchants can contact us at [email protected] to:
- Request export of all data we process on their behalf
- Request deletion of specific shopper data from our systems
- Request a copy of our data processing records
We respond to Shopify's mandatory privacy webhooks (customers/data_request, customers/redact, shop/redact) to fulfill data subject rights programmatically.
9. Cookies
| Purpose | Duration | Type |
|---|---|---|
| Visitor identifier used to recognize repeat visits to the same merchant store | Up to 1 year | First-party, functional |
We do not use any advertising, analytics, or social media cookies.
10. Children's privacy
OfferGuard does not knowingly collect data from children under 16. Our service is designed for use by Shopify merchants (businesses) and their adult customers.
11. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via the app dashboard or email to the merchant's registered Shopify contact.
12. Contact
For privacy-related questions, contact us at [email protected].