Privacy Policy

Effective Date: 27th July 2025

Welcome to Every Possible Discount ("EPD", "we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install, access, or use the Every Possible Discount application (the "App") and any related services (collectively, the "Services").

We are committed to complying with global data‑protection and privacy laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), the Singapore Personal Data Protection Act (PDPA), the India Digital Personal Data Protection Act 2023 (DPDP Act), the Australian Privacy Act 1988, and other applicable regional legislation across the United States (US), Europe (EU & UK), and Asia‑Pacific (APAC).

If you have any questions or concerns, please contact us at apps@seventhtriangle.com 


1. Who We Are

Every Possible Discount is a Shopify‑certified application developed and maintained by Seventh Triangle Consulting, having its principal place of business at [Company Address]. We act as a data processor when processing information on behalf of Shopify merchants ("Merchants") and as a data controller for information we collect about visitors to our marketing site or prospective customers.


2. Information We Collect

Category

Examples

Source

Purpose

Merchant Account Data

Store name, store URL, contact email, Shopify plan, billing information, Shopify access tokens, locale & currency

Directly from Merchant via Shopify OAuth

• Provide, maintain & improve the App

• Billing

Merchant Usage Data

App settings, discount rules, feature interactions, support tickets, analytics (e.g., pages viewed, feature clicks)

Automatically via in‑App events

• Operate & optimize functionality

• Product analytics & roadmap planning

• Fraud & abuse detection

Sensitive data: We do not intentionally collect or process special categories of personal data (e.g. health, biometric, or children’s data). Cardholder data is handled exclusively by Shopify’s PCI‑DSS‑compliant infrastructure.


3. Cookies & Similar Technologies

We use necessary Shopify cookies and local storage to:

  • Authenticate Merchants into the App dashboard.
  • Remember preferences.

Where consent is required (e.g., under GDPR or ePrivacy Directive), we display a consent banner on first visit.


4. Legal Bases for Processing (GDPR/UK GDPR)

We rely on the following legal grounds:

  1. Contractual Necessity – to provide the Services you request by installing the App.
  2. Legitimate Interests – to improve and secure our Services, communicate with you, and prevent fraud.
  3. Consent – for optional cookies, marketing communications, and any processing that requires explicit consent.
  4. Legal Obligation – to comply with applicable law, tax, and accounting requirements.

5. How We Use Your Information

  • To deliver, operate, maintain, and update the App.
  • To authenticate access and secure Merchant accounts.
  • To process invoicing and collect fees via Shopify’s Billing API.
  • To answer support requests and resolve issues.
  • To comply with legal obligations and enforce our Terms of Service.

6. How We Share Information

We do not sell personal data. We only share information:

  • Within Seventh Triangle Consulting and its subsidiaries on a need‑to‑know basis;
  • With Service Providers acting on our behalf (e.g., AWS for hosting, MongoDB for accessToken storage) under data‑processing agreements and appropriate safeguards;
  • With Shopify as required by the Shopify App Store Partner Program and API terms;
  • For Legal Reasons such as responding to lawful requests from regulators or to protect our rights, property, or users.

Where data is transferred outside the EEA/UK, we rely on approved transfer mechanisms such as Standard Contractual Clauses (SCCs) or an adequacy decision.


7. International Data Transfers

Our servers are hosted in Amazon Web Services (AWS) regions in Mumbai (AP‑South‑1). Depending on your location, your personal data may be transferred to and processed in countries other than your own. We implement safeguards including:

  • ISO 27001‑certified data centres.
  • Encryption in transit (TLS 1.2+) and at rest (AES‑256).

8. Data Subject & Consumer Rights

Depending on where you reside, you may have rights to:

  • Access, correct, or delete personal data;
  • Object to or restrict processing;
  • Data portability;
  • Opt‑out of marketing communications;
  • Withdraw consent at any time without affecting the lawfulness of prior processing;
  • Lodge a complaint with a supervisory authority (e.g., ICO in the UK, DPA in your EU member state, or local privacy regulator).

To exercise these rights, email apps@seventhtriangle.com. We will respond within the deadlines mandated by applicable law (e.g., 30 days under GDPR).


9. Security Measures

  • End‑to‑end TLS encryption (HTTPS) for all data in transit.
  • Encryption at rest using AWS KMS‑managed AES‑256 keys.
  • Principle of least privilege & role‑based access controls.
  • Regular penetration tests and vulnerability scans.
  • Continuous monitoring, logging, and anomaly detection.

Although we implement industry‑standard safeguards, no system is 100 % secure. Please keep your Shopify credentials confidential and immediately notify us of any security incidents.


10. Data Retention

We retain Merchant and Customer data for as long as your store uses the App.


11. Children’s Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such data.


12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version with an updated "Last Updated" date and, where required, provide notice (e.g., via the App dashboard or email). Continued use of the Services after such changes constitutes acceptance.


13. Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy or our privacy practices, please contact:

Privacy Team
Every Possible Discount / Seventh Triangle Consulting
First Floor, 91-Springboard, C-2, Sector-1, Gautum Buddha Nagar, Uttar Pradesh - 201301
Email: apps@seventhtriangle.com
Data Protection Officer (EU/UK): Sushant Gupta, sushant@seventhtriangle.com


© 2025 Seventh Triangle Consulting. All rights reserved.