Privacy Policy – DiscountEasy

1. Data Controller

The controller of personal data is:

WIZKARO Karolina Gustalik
ul. Królewska 103
97-561 Radziechowice Drugie
Poland
VAT ID (NIP): 7722423185

For matters related to personal data processing, you may contact us via the “Contact us” form available within the application.

2. Scope and Purpose of Data Processing

In connection with the use of the DiscountEasy application, data necessary for its operation is processed, including in particular:

• store identification data (e.g., store domain),

• store administrator email address,

• information related to the app subscription,

• discount configuration and app settings,

• product, discount, and order data available via the Shopify API to the extent required to perform the app’s functions,

• technical data related to the use of the application (e.g., session identifiers).

Data is processed for the purpose of:

• providing the discount management service,

• performing the contract concluded through installation of the application,

• ensuring proper operation and security of the application.

The legal basis for processing is Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(f) GDPR (legitimate interest of the controller – security and maintenance of the service).

3. Data Recipients and Transfers Outside the EEA

Data may be shared with entities supporting the operation of the application, in particular:

• Shopify Inc. (Canada),

• Gleap,

• hosting and infrastructure service providers.

Data transferred to Shopify Inc. (Canada) is protected based on a European Commission adequacy decision recognizing an adequate level of data protection in Canada.

Data may also be disclosed to public authorities if required by applicable law.

4. Data Retention and Deletion

Data is retained for the duration of use of the application and for the period required by applicable law.

After uninstallation of the application, data processing ceases. Data may be deleted upon request submitted to the controller.

The application receives privacy-related webhooks required by Shopify (including SHOP_REDACT, CUSTOMERS_REDACT, and CUSTOMERS_DATA_REQUEST).

5. Local Browser Storage

The application may use local browser storage (localStorage and sessionStorage) to ensure proper operation of the service, store user preferences, and maintain current configuration.

6. Data Subject Rights

Data subjects have the right to:

• access their data,

• rectify their data,

• request deletion,

• restrict processing,

• data portability,

• object to processing,

• lodge a complaint with a supervisory authority.
  
  

7. Data Security

The controller applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction.

Last updated: March 3, 2026