RRetentionKit
Install on Shopify

Privacy Policy

Last updated: 5/23/2026

1. Who we are

RetentionKit ("we", "us") is a Shopify app providing loyalty programs, product reviews, and referrals to Shopify merchants. This policy explains how we handle personal data.

2. Data we collect

From merchants: store domain, email, name, plan, and Shopify access tokens.

From shoppers (via the merchant's store): name, email, order history, points balance, reviews submitted. We only receive this data because the merchant has installed our app and authorized it via Shopify OAuth.

3. How we use data

  • Operate loyalty, reviews, and referral features inside the merchant's store
  • Send transactional emails (review requests, redemption codes) on the merchant's behalf
  • Aggregate, anonymized analytics to improve the product

We do not sell personal data and we do not use it for our own marketing.

4. Sub-processors

  • Supabase (database & auth hosting)
  • Cloudflare (application hosting & CDN)
  • Shopify (source data & OAuth)

5. Data retention

We retain merchant and shopper data for the lifetime of the install. On uninstall, data is anonymized within 48 hours and fully deleted within 30 days, in line with Shopify's GDPR webhooks (customers/redact, shop/redact).

6. Your rights

Shoppers can request access or deletion of their data by contacting the merchant they purchased from. Merchants can email privacy@retentionkit.app for direct requests.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Access tokens are scoped per shop. Row-level security restricts access to the owning merchant.

8. Contact

Questions? Email privacy@retentionkit.app.