WishSwift Wishlist Privacy Policy

Effective Date: 19th May 2026

Welcome to WishSwift ("WishSwift", "we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install, access, or use the WishSwift application (the "App") and any related wishlist, save-for-later, analytics, and storefront services (collectively, the "Services").

We are committed to complying with global data-protection and privacy laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), the Singapore Personal Data Protection Act (PDPA), the India Digital Personal Data Protection Act 2023 (DPDP Act), the Australian Privacy Act 1988, and other applicable regional legislation across the United States (US), Europe (EU & UK), and Asia-Pacific (APAC).

If you have any questions or concerns, please contact us at apps@seventhtriangle.com

1. Who We Are

WishSwift is a Shopify application developed and maintained by Seventh Triangle Consulting. We act as a data processor when processing information on behalf of Shopify merchants ("Merchants") and as a data controller for information we collect about visitors to our marketing site, prospective customers, or Merchants who contact us directly.

2. Information We Collect

Category

Examples

Source

Purpose

Merchant Account Data

Store name, store URL, contact email, Shopify plan, billing status, Shopify access tokens, granted scopes, locale, currency, and app installation/session details

Directly from Merchant via Shopify OAuth and Shopify APIs

• Provide, maintain & improve the App

• Authenticate Merchant access

• Billing and subscription management

Storefront Wishlist Data

Shop domain, logged-in Shopify customer ID, guest wishlist ID, wishlist owner type, saved product ID, variant ID, product handle, product title, product image URL, added date, and remove/add-to-cart activity

Automatically from customer interactions with wishlist buttons, wishlist modal, save-for-later controls, and Shopify storefront pages

• Save, show, remove, and merge wishlist items

• Support save-for-later and add-to-cart functionality

• Provide wishlist counts and storefront UI updates

Merchant Usage Data

App settings, onboarding status, theme extension status, UI placement selectors, widget configuration, analytics such as total wishlist users, saved items, wishlist-to-cart events, and most wishlisted products

Automatically via in-App events, Merchant configuration, and storefront app embed activity

• Operate & optimize wishlist functionality

• Product analytics & roadmap planning

• Fraud & abuse detection

Support & Communications Data

Name, email address, store domain, support messages, issue details, screenshots, and related diagnostic information voluntarily provided to us

Directly from Merchants or their authorized users

• Respond to support requests

• Troubleshoot and improve the Services

Sensitive data: We do not intentionally collect or process special categories of personal data (e.g. health, biometric, or children's data). Cardholder data is handled exclusively by Shopify's PCI-DSS-compliant infrastructure and is not processed by WishSwift.

3. Cookies & Similar Technologies

We use necessary Shopify cookies, app session storage, and browser local storage to:

  • Authenticate Merchants into the App dashboard.
  • Remember preferences and storefront widget configuration.
  • Create and remember a guest wishlist identifier so shoppers can save products before logging in.
  • Cache wishlist pages temporarily to improve storefront performance.

Where consent is required (e.g., under GDPR or ePrivacy Directive), Merchants are responsible for presenting any required consent notice on their storefront. WishSwift supports use of necessary storage for wishlist functionality.

4. Legal Bases for Processing (GDPR/UK GDPR)

We rely on the following legal grounds:

  1. Contractual Necessity - to provide the Services requested by installing and using the App.
  2. Legitimate Interests - to improve and secure our Services, communicate with you, provide wishlist analytics, and prevent fraud.
  3. Consent - for optional cookies, marketing communications, and any processing that requires explicit consent.
  4. Legal Obligation - to comply with applicable law, tax, accounting, and Shopify platform requirements.

5. How We Use Your Information

  • To deliver, operate, maintain, and update the App.
  • To authenticate access and secure Merchant accounts.
  • To enable shoppers to add, view, remove, merge, and move wishlist items to cart.
  • To fetch product details needed to display wishlist items correctly.
  • To provide Merchants with wishlist performance analytics and setup status.
  • To process invoicing and collect fees via Shopify's Billing API, where applicable.
  • To answer support requests and resolve issues.
  • To comply with legal obligations, Shopify mandatory privacy webhooks, and enforce our Terms of Service.

6. How We Share Information

We do not sell personal data. We only share information:

  • Within Seventh Triangle Consulting and its subsidiaries on a need-to-know basis;
  • With Service Providers acting on our behalf (e.g., AWS for hosting and managed database providers such as PostgreSQL or MongoDB for app, session, store setting, and wishlist data storage) under data-processing agreements and appropriate safeguards;
  • With Shopify as required by the Shopify App Store Partner Program, Shopify API terms, app proxy operation, billing, authentication, and mandatory privacy webhook requirements;
  • With Merchants through the App dashboard in the form of store-level wishlist analytics and configuration data;
  • For Legal Reasons such as responding to lawful requests from regulators or to protect our rights, property, or users.

Where data is transferred outside the EEA/UK, we rely on approved transfer mechanisms such as Standard Contractual Clauses (SCCs) or an adequacy decision.

7. International Data Transfers

Our application infrastructure is hosted using Amazon Web Services (AWS), including infrastructure in Mumbai (AP-South-1). Depending on your location, your personal data may be transferred to and processed in countries other than your own. We implement safeguards including:

  • ISO 27001-certified data centres.
  • Encryption in transit (TLS 1.2+) and at rest where supported by the underlying infrastructure.

8. Data Subject & Consumer Rights

Depending on where you reside, you may have rights to:

  • Access, correct, or delete personal data;
  • Object to or restrict processing;
  • Data portability;
  • Opt-out of marketing communications;
  • Withdraw consent at any time without affecting the lawfulness of prior processing;
  • Lodge a complaint with a supervisory authority (e.g., ICO in the UK, DPA in your EU member state, or local privacy regulator).

To exercise these rights, email apps@seventhtriangle.com. If your request relates to a Shopify Merchant's customer account or wishlist data, we may direct you to the relevant Merchant or process the request through Shopify's mandatory privacy webhooks. We will respond within the deadlines mandated by applicable law (e.g., 30 days under GDPR).

9. Security Measures

  • TLS encryption (HTTPS) for data in transit.
  • Encryption at rest where supported by AWS and database infrastructure.
  • Principle of least privilege & role-based access controls.
  • Shopify OAuth, app proxy signature validation, and Shopify mandatory privacy webhook handling.
  • Monitoring, logging, and issue investigation for operational security.

Although we implement industry-standard safeguards, no system is 100% secure. Please keep your Shopify credentials confidential and immediately notify us of any security incidents.

10. Data Retention

We retain Merchant, storefront configuration, wishlist, and customer or guest identifier data for as long as the Merchant's store uses the App or as needed to provide the Services. We may retain limited records for legal, accounting, security, dispute-resolution, and backup purposes where permitted by law. When a Merchant uninstalls the App or Shopify sends a customer or shop redaction request, we take steps to delete or anonymize applicable data in accordance with Shopify requirements and applicable law.

11. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal data from minors. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such data.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the revised version with an updated "Last Updated" date and, where required, provide notice (e.g., via the App dashboard or email). Continued use of the Services after such changes constitutes acceptance.

13. Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy or our privacy practices, please contact:

Privacy Team
WishSwift / Seventh Triangle Consulting
Second Floor, The Berry Coworks, Plot No 15, Sector-142, Noida, Uttar Pradesh - 201304
Email: apps@seventhtriangle.com
Data Protection Officer (EU/UK): Sushant Gupta, sushant@seventhtriangle.com

© 2026 Seventh Triangle Consulting. All rights reserved.