Privacy Policy

Last updated: 20/03/2026

This Privacy Policy explains how Milos Baran (“CLICKAPLY”, “we”, “us”, “our”) collects, uses, stores, and shares personal data when you:

  • contact us through our website
  • install or use one of our Shopify apps
  • interact with our support, onboarding, billing, or technical systems

We provide this information in line with applicable European data protection requirements, including the GDPR.

1. Who we are?

Controller for website and business-contact data:

Milos Baran
Email: support@clickaply.com

For merchant-store data processed through our Shopify apps, our role may vary depending on the context:

  • for our own website, account, legal, billing, security, and support operations, we generally act as controller
  • for certain merchant data processed on behalf of a Shopify merchant through the app, we may act as processor or service provider, while the merchant remains the controller

2. Scope

This Privacy Policy applies to:

  • visitors to our website
  • merchants and merchant representatives who install or use our app
  • people who contact us by email, contact form, or support channels
  • data we receive from Shopify or from the merchant in connection with app functionality

It does not replace Shopify’s own privacy documentation for data processed by Shopify itself.

3. Categories of personal data we may collect

Depending on how you interact with us, we may collect:

A. Website and contact data

  • name
  • email address
  • company name
  • message contents
  • IP address and basic technical request data
  • correspondence history

B. Merchant account and app-installation data

  • Shopify store domain
  • merchant or staff contact details provided by Shopify or the merchant
  • app installation status
  • granted scopes/permissions
  • timezone, plan, and store-related configuration data
  • authentication and token-related records

C. App operational data

Depending on the app features used, this may include:

  • pricing configuration
  • customer pricing lists or price-list assignments
  • import/export files
  • webhook payloads
  • API request logs
  • technical error and diagnostic logs

D. Customer-related data processed through the merchant’s store

Where relevant to app functionality, this may include limited customer-related data made available through Shopify or merchant configuration, for example:

  • customer identifiers
  • customer tags or segmentation attributes
  • pricing eligibility or assigned pricing group

We do not intend to collect more personal data than is necessary for the purposes described in this Policy.

4. Sources of personal data

We may collect personal data:

  • directly from you
  • from Shopify when a merchant installs or uses the app
  • from the merchant’s store configuration and app activity
  • from files or data uploaded by the merchant
  • automatically through server, security, and application logs

5. Why we use personal data and legal bases

We process personal data only where we have a valid legal basis.

A. To provide and operate our website and app

Examples:

  • app installation and setup
  • maintaining app configuration
  • processing imports, webhooks, and app requests
  • providing customer-specific pricing features
  • maintaining service performance and security

Legal basis: performance of a contract, or steps taken before entering into a contract; and, where relevant, our legitimate interests in operating a secure and reliable service.

B. To provide support and respond to enquiries

Examples:

  • answering contact form submissions
  • resolving technical issues
  • responding to merchant requests

Legal basis: performance of a contract, pre-contractual steps, or our legitimate interests in providing support and maintaining customer relationships.

C. To secure, monitor, and improve our systems

Examples:

  • fraud prevention
  • abuse detection
  • debugging
  • backups
  • audit trails
  • service monitoring and reliability

Legal basis: our legitimate interests in protecting our systems, users, and business operations.

D. To comply with legal obligations

Examples:

  • accounting and tax recordkeeping
  • legal claims handling
  • security and compliance obligations
  • responding to valid lawful requests

Legal basis: compliance with a legal obligation.

E. To send marketing or promotional communications

Where we send marketing communications, we do so only where permitted by applicable law.

Legal basis: consent where required, or legitimate interests where permitted.

6. How long we keep personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law.

Typical retention periods may include:

  • contact enquiries: 12 months
  • support correspondence: duration of relationship + 24 months
  • website/server security logs: 180 days
  • app operational logs and webhook records: 30 days
  • billing/accounting records: as required by applicable law
  • app configuration and merchant account data: for the duration of the service relationship and a limited period afterward for security, backup, dispute handling, and legal compliance
  • imported files: 30 days
  • backup copies: retained according to backup cycles and then deleted or overwritten

Where data is no longer needed, we delete it or anonymise it where reasonably possible.

7. Who we share data with

We may share personal data with:

  • Shopify, where necessary for app installation, operation, support, and platform compliance
  • hosting and infrastructure providers
  • cloud storage providers
  • analytics, monitoring, and logging providers
  • email and support providers
  • professional advisers such as lawyers, auditors, or accountants
  • authorities, courts, regulators, or law enforcement where legally required
  • service providers that process data on our behalf under appropriate contractual protections

We do not sell personal data.

8. International transfers

Some of our service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we will use appropriate safeguards required by applicable law, such as:

  • adequacy decisions
  • Standard Contractual Clauses
  • other lawful transfer mechanisms

You can contact us for more information about the safeguards used for relevant transfers.

9. Data minimisation and security

We aim to process data that is adequate, relevant, and limited to what is necessary for the stated purposes.

We use appropriate technical and organisational measures designed to protect personal data, including measures such as:

  • access controls
  • encryption where appropriate
  • logging and audit measures
  • secure hosting and storage practices
  • backup and recovery controls
  • role-based access restrictions

No method of transmission or storage is completely secure, but we work to maintain an appropriate level of protection for the data we process.

10. Your rights

Subject to applicable law, you may have the right to:

  • be informed about how your data is used
  • access your personal data
  • correct inaccurate or incomplete data
  • request deletion of data
  • restrict processing
  • object to certain processing
  • request portability of data
  • withdraw consent where processing is based on consent
  • not be subject to certain automated decision-making with significant effects, where applicable

To exercise your rights, contact us at: support@clickaply.com.

We may need to verify your identity before responding.

11. Complaints

You have the right to lodge a complaint with your local data protection authority.

If you are in Spain, this is generally the Agencia Española de Protección de Datos (AEPD).

We would appreciate the opportunity to address your concerns first, but you are always entitled to contact the relevant authority.

12. Shopify merchant data and controller/processor roles

When a Shopify merchant installs one of our Shopify apps, the merchant is generally responsible for ensuring that its own customers and users are informed about how their data is processed through the merchant’s store and apps.

Where we process merchant-store data on the merchant’s behalf to provide the app, we do so according to the merchant’s instructions, our contract with the merchant, and applicable law.

Where we process data for our own business operations, security, compliance, support, or service improvement, we may act as an independent controller for those purposes.

13. Automated decision-making

We do not use automated decision-making or profiling to make decisions that produce legal effects or similarly significant effects on individuals, unless we clearly inform you otherwise and have a lawful basis to do so.

App pricing rules and display logic may be applied automatically according to merchant-configured settings, but these are merchant-controlled commerce functions rather than decisions about an individual’s legal rights in the GDPR sense.

14. Children

Our services are intended for businesses and business representatives. They are not directed to children.

15. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice.

16. Contact us

For privacy questions or requests, contact:

Milos Baran
Email: support@clickaply.com