EFFECTIVE DATE: MAY 17, 2022
Lawful Basis for Processing
When you enter into an agreement with us, either by accessing the Services, by executing an agreement in hard copy, or by clicking “I Accept” or similar language online, we will process your Personal Information for the purposes of fulfilling the terms of our contract with you. In that case, our processing of your Personal Information is based on the contract, so your withdrawal of consent will only be effective after the purposes for processing that Personal Information have been fulfilled and after we no longer have a legal obligation to keep that Personal Information.
In all cases, we will comply with applicable law and we will cease processing your Personal Information after the legal right, obligation, or other lawful basis expires.
Personal Information we collect
When you install the App, we are automatically able to access the following types of Personal Information from your Shopify account:
- Your name; and
- Your email address.
Additionally, after you have installed the App and granted us Shopify Partner Access, we collect the following types of Personal Information from you and/or your End Customers:
- Information regarding transactions on the Shopify Webstore, including but not limited to sales revenue, order replenishment, purchase information about specific products sold, and information about your End Customers (“Customer Data,” which is included when we use the term Personal Information).
- Customer Data includes an End Customer’s name, email, physical address, billing information and their order history on your Shopify Webstore.
- For End Customers who opt-in to receive Electronic Messages, we receive their telephone number, email address (or other electronic contact information), first name and complete order history.
- Billing information you provide to Repeat.
- Information about the browsing activity of individuals that visit your Shopify Webstore, including web browser details and the most recent web page (if any) from which the Shopify Webstore and/or App was accessed.
We also collect information (which may include Personal Information) from you either directly or through a third-party service provider using the following technologies (“Tracking Technologies”):
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies tell us how and when pages and features in our Services are visited and by how many people.
- “Log files” track actions occurring on the Services, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Services.
Your web browser(s) may offer a “Do Not Track” option, which allows the individual to signal to operators of websites and web applications and services (including behavioral advertising services) that he or she does not wish such operators to track certain of his or her online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we may collect information about your and your End Customers’ online activity both while you are using the Services and after you leave our Services. We do not knowingly collect or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for or use the Services or App or send any personal information about yourself to us. If we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. Please email us at firstname.lastname@example.org if you believe that a child under 13 may have provided us personal information.
How do we use Personal Information?
We use the Personal Information we collect from you and End Customers in order to provide the Services and to operate the App. Additionally, we use this Personal Information for the following purposes:
- Communicate with you at your request;
- Provide you with information about updates to the Services and App;
- Optimize or improve the Services and App; and
- Provide you with information or advertising relating to our products or services.
We send Electronic Messages solely to End Customers who have consented to such receipt. You agree to provide End Customers with the notice about Electronic Messaging as set forth in our Terms of Service. If your End Customers no longer wish to receive Electronic Messages they may reply STOP at any time to cancel, HELP for help, or use the Unsubscribe feature at the bottom of certain Electronic Messages. Any phone numbers, short codes, or other electronic identifiers Repeat uses to communicate with End Customers belong solely to Repeat and are non-transferable, whether during or upon termination of your use of the Services.
We will retain Personal Information only for as long as necessary to fulfill the purposes for which the information was collected. The length of our data retention depends on the purposes for which we collected the information, the nature of the information, obligations as set forth in any contractual relationship that may govern the data and its retention, and any applicable legal obligations. At the conclusion of our retention, we will either destroy or de-identify the data, as allowed under applicable law.
Information that’s been de-identified.
We may de-identify yours or your End Customer’s Personal Information so that you and your End Customers cannot reasonably be identified as individuals, and provide that information to our partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you or your End Customers as individuals.
We allow advertisers and/or merchant partners (“Advertisers”) to choose the demographic information of users who will see their advertisements and/or promotional offers and you agree that we may provide any of the information we have collected from you in de-identified or aggregated form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are. Or, we might allow Advertisers to display their ads to users with similar usage patterns to yours, but we will not disclose usage information to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the advertiser may conclude that you fit the description of the audience they were trying to reach.
In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. One such service may include the ability for you to automatically transmit Third Party Account Information to your Services profile or to automatically transmit information in your Services profile to your third party account. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.
We may use third party analytics service providers, such as Google Analytics (https://www.google.com/analytics/terms/us.html) and Fullstory (https://www.fullstory.com/ legal/terms-and-conditions/), for our business purposes, including but not limited to improving and developing our Services, monitoring and analyzing use of our Services, and increasing the functionality and user-friendliness of our Services. When you use our Services, these analytics service providers may collect and retain some information about you by planting a persistent cookie or identifier on your web browser or device.
We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we may use a payment processing company to receive and process your credit card transactions for us. Twilio helps us generate text messages, subject to its Terms of Service, https://www.twilio.com/legal/tos. Klaviyo helps us generate emails, subject to its Terms of Service, https://www.klaviyo.com/legal/terms-of-service. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. Note that an “agent” may also be considered a “partner” in certain circumstances, and would be subject to the terms of the “Information that’s been de-identified” section in that regard. Further, an "agent" may also be a "subprocessor" as defined in applicable data privacy laws.
If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, your and your End Customers’ Personal Information could be among the assets transferred to or acquired by a third party.
Protection of Repeat and Others.
We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of Repeat, our employees, our users, or others. We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Access to Personal Information
The information you can view, update, and delete may change as the Services change and depending on what information you add to your Shopify account. If you have any questions about viewing or updating information we have on file about you or your End Customers, please contact us at email@example.com.
Your Rights Regarding Your Personal Information
Under applicable data protection, privacy, and other laws, you may have certain rights related to your access and control of your Personal Information. Such rights may include the following:
- The right to access, correct, update, or request deletion of your Personal Information
- The right to object to processing or restrict the processing of your Personal Information (Please note that if you exercise this right, it may limit or eliminate our ability to provide you the Services).
- The right to request portability of your Personal Information
- The right to opt-out of marketing communications we send you. You can exercise this right by clicking the "Unsubscribe" or "Opt-Out" link found in these communications.
- The right to not be subject to a decision based solely on automated processing, including profiling, known as Automatic Decision Making. Please note that we currently do not employ any Automatic Decision-Making processes in providing the Services.
- The right to submit a complaint to any applicable regulatory authority about our processing activities.
- The right to opt-out of us sharing (as defined in the CPRA) your Personal Information, including for direct marketing purposes, subject to certain legal exceptions.
- The right to limit use, disclosure, and restrict sensitive personal information (as defined in the CPRA).
We may use additional processes to verify your identity before we reveal or delete any of your Personal Information, including two-factor or two-step authentication measures to ensure we can identify you.
Further, although we currently do not process Personal Information without consent, if we at any time in the future process Personal Information without your express consent, you may opt-out or withdraw consent at any time.
Please note that exercising any of the above rights may limit or eliminate our ability to provide you the Services. If so, we may terminate the Services due to such requests.
We will try to comply with your request(s) as soon as reasonably practicable and at the very least as required under applicable law. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request.
Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages while continuing to use the Services.
Further, you may opt-out or disable certain functions on your particular device, preventing us from collecting Personal Information. For example, you may disable geolocation or GPS functionality on your mobile device or disable push notifications. If you disable such features, your ability to use and access the Services may be limited.
To exercise any of these rights, or if you have any questions about our processing of your Personal Information, please contact us at firstname.lastname@example.org or at our toll-free number: 1-213-259-3736.
A. Privacy for EU/UK Residents
We are based in the United States. By accessing or using the Services or otherwise providing information to us, you understand that your information will be subject to processing, transfer, and storage in and to the United States.
Due to the nature of our Services, we act as a "Processor" as defined under the GDPR. If you have questions about the nature of our relationship with you, please contact us at email@example.com.
Pursuant to the GDPR, residents of the EU (and the EEA, as applicable) have the right to obtain our confirmation of whether we maintain Personal Information relating to them in the United States. If you are a resident of Europe, upon request from you, we will provide you with access to the Personal Information that we hold about you. Please contact us if you have any questions.
Further, if you are a resident of the United Kingdom ("UK"), to the extent the GDPR as incorporated into UK law pursuant to s.3 of the European Union (Withdrawal Act) 2018 (as amended, the "UK GDPR") is different than the GDPR, we will follow all supplemental requirements under the UK GDPR and you have all rights as a UK citizen under the UK GDPR.
B. Privacy for California Residents
California adopted the California Consumer Privacy Act (“CCPA”), which took effect at the beginning of 2020 and has now adopted the California Privacy Rights Act ("CPRA"), portions of which took effect January 1, 2022. We comply with the requirements of the CCPA and CPRA to the extent they apply to us.
If you are a California resident, you may request to exercise your rights for any Data we have processed in the 12 months prior to your request. Such request covers any categories, sources, purposes, and, if applicable, third parties to whom we share the Data. Further, you can exercise any of your rights free of discrimination, for example, we cannot increase the price of the Services or decrease the quality of the Services because you exercise your rights.
Due to the nature of our Services, we act as a "service provider" as defined under the CCPA and CPRA. If you have questions about the nature of our relationship with you, please contact us at firstname.lastname@example.org or at our toll-free number: 1-213-259-3736. For more information, please direct your questions to us at email@example.com or at our toll-free number: 1-213-259-3736.
C. Privacy for Other Jurisdictions
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at firstname.lastname@example.org.