Skip to content

Privacy Policy

Effective date: June 1, 2026

Campaignly (“Campaignly”, “we”, “us”) is a Shopify app operated by PapaThemes. This policy explains what data we collect when you install and use the app, why we collect it, and the choices you have. We collect shop identity data only — we do not collect, store, or process your customers’ personal information.

1. Information we collect

When you install Campaignly, we collect and store:

  • Shop identity — your .myshopify.com domain, store name, currency, timezone, and the store contact email (used to send you campaign notifications).
  • Authentication credentials — the Shopify access token issued to the app, stored encrypted at rest and used only to call the Shopify Admin API on your behalf.
  • Campaign configuration — the discounts, schedules, product selections, and tier rules you create in the app, plus a snapshot of the prices we applied so we can revert them when a campaign ends.

We do not collect your customers’ personal data. The app does not request the read_orders or read_customers access scopes and does not read order or buyer information.

2. How we use your data

  • Operate the discount scheduling service (apply and revert prices on schedule).
  • Send you transactional emails — campaign reports, reminders, and lifecycle notices (you can manage these in the app’s settings).
  • Provide customer support and respond to your requests.
  • Maintain the security, reliability, and billing of the service.

We never sell your data and we do not use it for advertising.

3. Sub-processors

We rely on the following third-party sub-processors to deliver the service. Each is bound by data-protection obligations consistent with this policy:

Sub-processor Purpose Location
Shopify Core platform + Admin API. Hosts the merchant store this app integrates with. Global (Shopify Inc.)
Amazon Web Services (AWS) Application hosting, database (DynamoDB), and background processing. United States (us-east-1)
Amazon CloudFront Content delivery network for this marketing site and static assets. Global edge network
Resend Delivery of transactional emails to the merchant (campaign reports, reminders). United States

4. Data retention

We retain your shop data for as long as the app is installed. When you uninstall Campaignly, we delete your access token immediately and your shop record and campaign data are removed shortly thereafter. Operational logs are retained for up to 30 days for security and troubleshooting, then automatically purged.

5. Your rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the right to access, correct, export, or delete the data we hold about your shop. To exercise these rights, contact us at the address below.

Campaignly honours Shopify’s mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact). Because we do not store any customer personal data, a customer data request or redaction returns no buyer data; a shop redaction deletes all data we hold for your store.

6. Deleting your data

Uninstalling the app from your Shopify admin triggers deletion of your data as described above. You may also email us to request immediate deletion at any time.

7. Security

All data in transit is encrypted using TLS. Shopify access tokens are encrypted at rest. We follow the principle of least privilege for access scopes and infrastructure permissions.

8. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by an updated effective date at the top of this page.

9. Contact

Questions about this policy or your data? Email support@campaignly.papathemes.com.