How We Handle Your Customer Data on the Essential Loyalty Program & Rewards

Essential Loyalty Program & Rewards helps you build customer retention while keeping data safe and compliant with global privacy standards, including GDPR, CCPA, and DPA requirements. Unlike analytics-only apps, loyalty programs require storing customer information to track points, maintain balances, and enable reward redemptions. This guide explains exactly how we protect your customer data and ensure worldwide compliance.

đź”’ What Data We Collect and Why

Data we store for program functionality:

To operate your loyalty program, we collect and store:

✅ Customer email addresses, names, and phone numbers (for account identification)


✅ Order information and purchase history (to calculate and award points)


✅ Loyalty point balances, transaction history, and reward redemptions


âś… Program analytics and performance metrics


What we do NOT collect:

❌ Credit card or payment information


❌ Detailed billing addresses beyond necessity


❌ Browsing behavior or tracking cookies



Why this data is necessary:

Without storing customer information, your loyalty program cannot function. We need this data to maintain accurate point balances, process reward redemptions, prevent duplicate claims, and ensure customers don’t lose their earned rewards when they return to your store.

🌍 Privacy Compliance: GDPR, CCPA & DPA

We comply with the world’s strictest data protection regulations to ensure your business operates confidently across all markets.


GDPR Compliance (EU/UK)

We follow all core GDPR principles:

✅ Data Minimization: We collect only the customers' information necessary for loyalty operations


✅ Purpose Limitation: Data is used exclusively for loyalty program functionality


✅ Transparency: Clear disclosure of what we collect and why


✅ Customer Rights: Support for access, rectification, erasure, and data portability requests


✅ Security: Robust encryption and access controls protect all data


âś… Accountability: Documented compliance measures and processing activities


CCPA/CPRA Compliance (California & US States)

We support your compliance with California privacy laws:

✅ Right to know what data is collected


✅ Right to delete personal information


✅ Right to opt-out (note: we never sell customer data)


âś… Transparent disclosures about loyalty program data usage


Other International Regulations: Our framework aligns with PIPEDA (Canada), LGPD (Brazil), APPI (Japan), and other regional privacy laws.

Data Processing Agreement (DPA)

We operate under Shopify’s Data Processing Addendum as your data processor. This means:

✅ We process data only according to Shopify’s compliance framework


✅ We implement appropriate security measures


✅ We assist with customer data requests


âś… We notify you of any security incidents


Sub-Processors: We use no external sub-processors or third-party services. All data processing occurs entirely within our secure servers, ensuring complete data isolation and direct security control.


🗄️ Data Storage and Security

Location: All data is stored on secure servers in the United States with:

✅ Encryption in transit (TLS/SSL) and at rest


✅ Strict access controls and authentication protocols


✅ Regular security audits and monitoring


✅ Industry-standard firewalls and intrusion detection


âś… Regular backups for data integrity


International Transfers: For merchants outside the US, data transfers rely on Shopify’s Data Processing Addendum with Standard Contractual Clauses for EU/UK compliance.


🗑️ Data Retention and Deletion Policy

After you uninstall the app:

We retain your data for 90 days to enable seamless reinstallation and restore customer point balances, reward history, and program settings without data loss.


After 90 days:

We permanently redact or delete all personal information following Shopify’s data redaction requirements:

✅ Email addresses → Redacted


✅ Phone numbers → Redacted


✅ Customer names → Replaced with REDACTED


✅ Detailed purchase information → Anonymized or deleted


🛡️ Our Commitment

Essential Loyalty Program & Rewards is built on data protection principles:

✅ Minimal data collection - only what’s necessary for loyalty operations


✅ Full compliance with GDPR, CCPA, and international privacy regulations


✅ Secure US-based storage with robust encryption


✅ No external third parties or sub-processors


✅ 90-day retention for reinstallation, then permanent deletion


âś… Prompt response to all mandatory data requests


Your customers trust you with their loyalty, and you can trust us with their data.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us