Giftagram Shopify App — Data Retention Policy

Last updated: May 1, 2026

​​

INTRODUCTION

​

This Data Retention Policy describes how long Giftagram Inc. ("Giftagram") retains personal data and other information collected in connection with the Giftagram Shopify sales channel application (the "App") and related services. It supplements the Giftagram Shopify App Terms of Service and the Giftagram Privacy Policies. This policy applies to data accessed through the Shopify integration and orders sourced through the Shopify sales channel

​

Giftagram retains personal data only for as long as necessary to deliver the services, fulfill legal and contractual obligations, defend against payment disputes, prevent fraud, and pursue other legitimate business interests. After the applicable retention period elapses, personal data is irreversibly anonymized or deleted, except where a longer retention period is required by applicable law or for the resolution of pending disputes.

​

​

SCOPE

​

This policy covers data accessed by Giftagram through the Shopify integration and data Giftagram collects in connection with orders placed through the Shopify sales channel:
 

• Store profile and account information for Shopify merchants who install the App
   

• Product catalog data accessed through the Shopify API
   

• Integration credentials (Shopify API access tokens, OAuth credentials, webhook secrets)
   

• Orders that Giftagram creates in a merchant's Shopify store
   

• Personal data of gift senders ("purchasers") and gift recipients in connection with Shopify-channel orders
   

• Operational and audit logs related to Shopify-channel activity

​​

Data collected outside the Shopify integration (for example, retail consumer data on giftagram.com or corporate client data on the GiftCenter platform) is governed by Giftagram's other privacy and retention policies referenced at the end of this document.

​

​​​

ROLES

​​​

• Giftagram acts as a data controller for personal data it collects directly from gift senders and gift recipients in the course of providing the gifting service (including sender contact information, payment data, recipient contact information, and gift personalizations).
   

• Giftagram acts as a data processor for personal data it processes on a Shopify merchant's behalf (for example, store profile and product catalog data the merchant has authorized Giftagram to access via the Shopify API).
   

• The Shopify merchant acts as a data controller for the merchant's own store data and the customer records that exist in the merchant's Shopify store, including the order copies Giftagram synchronizes to the store via the Shopify API.

​

​​​

DATA CATEGORIES AND RETENTION PERIODS

​​

Store profile information
Description: Store name, owner email, store address, plan, currency
Retention Period: Active for the duration of App installation
Trigger: Deleted within 30 days of shop/redact webhook receipt (~48 hours after uninstall)

 

Product catalog data
Description: Titles, descriptions, images, variant details, inventory levels, publishing status
Retention Period: Active for the duration of App installation
Trigger: Anonymized within 30 days of shop/redact webhook receipt; products hidden from the Giftagram catalog so they cannot be displayed or purchased

 

Integration credentials
Description: Shopify API access token, OAuth credentials, webhook secrets
Retention Period: Active during App installation
Trigger: Revoked immediately on uninstall or termination; deletion confirmed within 7 days

Order records (operational)
Description: Line items, fulfillment status, tracking, order tags, financial totals, foreign keys
Retention Period: Retained while needed for fulfillment, support, financial reconciliation, and dispute defense
Trigger: Anonymized fields per the rule below; non-PII fields retained for analytics and reconciliation

 

Recipient personal data
Description: Gift recipient name, email, phone, shipping address, gift message
Retention Period: Up to 365 days following the date the order reaches a terminal status (delivered, cancelled, or invalidated), after which recipient personal data is irreversibly anonymized
Trigger: Order terminal status + 365 days

 

Sender personal data
Description: Gift sender / purchaser name, email, phone, billing address
Retention Period: Retained for the duration of the sender's account; anonymized following 48 months of account inactivity. Sender email is retained as the account login identifier even after anonymization.
Trigger: Account inactivity + 48 months

 

Operational and audit logs
Description: Application logs, API logs, payment attempt records, action logs
Retention Period: Up to 425 days from log creation date
Trigger: Log created_at + 425 days

 

Financial and accounting records
Description: Credit transactions, invoices, tax records
Retention Period: Up to 7 years (or longer where required by tax and accounting regulations)
Trigger: Transaction date + 7 years

 

Database backups
Description: Aurora MySQL automated point-in-time recovery snapshots
Retention Period: 35 days
Trigger: Backup creation date + 35 days

​

Aggregated and anonymized data
Description: Statistical, aggregate, or fully anonymized data with no personal identifiers
Retention Period: Retained indefinitely for analytics and platform improvement
Trigger: n/a

​​

When an order is also subject to a corporate client cessation of service or other deletion request, the tighter applicable retention window applies.​

​

​​

DELETION MECHANICS

Giftagram processes deletion and data subject requests through the Shopify GDPR webhook framework. Each request is fulfilled within 30 days unless a longer period is permitted under applicable law.

​

shop/redact (merchant uninstall)

​

Triggered approximately 48 hours after a merchant uninstalls the App. Within 30 days of receipt:

 

• Delete — store contact information and partner credentials (Shopify API access tokens, OAuth credentials, webhook secrets).Delete —

​

• Anonymize — product catalog records, order recipient names, shipping addresses, contact information, gift messages, and other personally identifying content. Data subject identifiers are replaced with non-reversible placeholders so that financial and operational records remain referentially intact.

​

• Hide — affected products from the Giftagram catalog so they cannot be purchased or displayed.

​

​

customers/redact (per-customer deletion request)

​

Triggered by a merchant for a specific customer. Within 30 days:

​

• Customer account records are deleted only where the customer has no remaining orders with other partners; otherwise, account records are preserved for those other partner relationships and only the order-level data tied to the requesting store is anonymized.

​

​

customers/data_request (per-customer data export request)

​

Triggered by a merchant for a specific customer. Within 30 days:

​​

• Giftagram delivers an export in structured JSON or CSV format covering, where applicable: store profile information, product catalog data, order records, shipping addresses, gift personalizations, order attributes, survey responses, and payment method metadata (card type and last four digits only). Internal security and operational records (fraud scores, device tokens, IP-based geolocation, internal status logs) are excluded from exports.

​

​

Token revocation on uninstall or termination

​​

Upon uninstallation of the App or termination of the Shopify App Terms of Service, Giftagram immediately revokes the Shopify API access token and ceases all access to the merchant's Shopify store data. Giftagram confirms deletion of the access token and cessation of data access within 7 days.

​

​

STORAGE LOCATION AND CROSS-BORDER TRANSFERS

​​

Personal data accessed under this policy is stored on Amazon Web Services (AWS) infrastructure located in the United States (us-east-1 region). Personal data may also be processed by third-party subprocessors located in the United States, Canada, and other regions, including:

​​

• Amazon Web Services — primary cloud hosting (United States)
   

• Stripe — payment processing (United States, multi-region)
   

• Mandrill (a Mailchimp transactional email product) — transactional email delivery, including gift link emails, order confirmations, and thank-you messages (United States)
   

• AfterShip — shipment tracking and delivery status notifications for orders fulfilled by Shopify partners (United States and other regions)
   

• Bugsnag (a SmartBear product) — backend error monitoring and exception reporting; error contexts may incidentally include user identifiers, request payloads, and other personal data captured at the time of an exception (United States)
   

• Shopify — order data synchronized to merchant Shopify stores is processed by Shopify on its global infrastructure, which may include the United States, Canada, the European Union, and the United Kingdom

​

Where personal data of individuals located in the European Economic Area, the United Kingdom, or Switzerland is transferred to the United States, Giftagram relies on appropriate safeguards under applicable law, including (as applicable): the European Commission Standard Contractual Clauses (SCCs), the United Kingdom International Data Transfer Addendum, and the Swiss Federal Data Protection and Information Commissioner (FDPIC) clauses.

A Data Processing Agreement (DPA) is available on request to partners@giftagram.com.

​

 

BACKUPS
 

Aurora MySQL automated point-in-time recovery backups are retained for 35 days. When personal data is anonymized or deleted from production, the corresponding pre-anonymization data ages out of backups within 35 days. Backups are used solely for disaster recovery — they are not relied on as an extended retention mechanism, and they are not searched in response to data subject requests outside of the standard retention window.
 

Manual snapshots are retained only when subject to an active, documented legal hold.

 

LEGAL HOLD
 

Where Giftagram is subject to an active legal hold — including pending or threatened litigation, regulatory inquiry, fraud investigation, or governmental request — retention windows may be extended as necessary to comply with the hold. Data subject to a hold is access-restricted to those who require it for the purpose of the hold, and standard retention is resumed once the matter is resolved.

 

DATA SUBJECT RIGHTS
 

Where applicable law (including the General Data Protection Regulation, the United Kingdom GDPR, the Personal Information Protection and Electronic Documents Act, the California Consumer Privacy Act, and other state privacy laws) grants individuals rights with respect to their personal data, Giftagram honours those rights as follows:​
​

• Access — request a copy of the personal data Giftagram holds

  ​

• Correction / Rectification — request correction of inaccurate or incomplete data

  ​

• Deletion / Erasure — request that personal data be deleted, subject to legal and operational retention obligations

  ​

• Portability — request a copy in a structured, machine-readable format

  ​

• Objection — object to certain processing activities

​​

Where Giftagram is acting as a data processor (for example, on behalf of a Shopify merchant who is the data controller), individuals must direct their rights requests to the data controller. Giftagram will support the controller in fulfilling those requests.

​

Where Giftagram is acting as a data controller (for example, for gift senders and recipients on Giftagram's own platforms), rights requests may be submitted to partners@giftagram.com for App-related data, or to the contact addresses in the corresponding Giftagram Privacy Policy. Giftagram will respond within 30 days of identity verification, subject to extensions where necessary under applicable law.

 

SECURITY
 

Personal data retained under this policy is protected by the security measures described in the Giftagram Shopify App Terms of Service, including encryption in transit (TLS 1.2 or higher), encryption at rest (AWS Key Management Service), restricted access on a need-to-know basis with multi-factor authentication, HMAC-SHA256 webhook signature verification, centralized logging, regular vulnerability assessments, and a documented incident response process. Giftagram notifies affected merchants of a data breach within 72 hours of becoming aware of such breach.

 

CHANGES TO THIS POLICY
 

Giftagram may modify this policy from time to time and will update the "Last updated" date accordingly. Significant changes will be communicated to Shopify merchants directly via email and to other affected users through the standard policy update process described in our Privacy Policies. Continued use of the services constitutes acceptance of the updated policy.
 

​