Privacy Policy
App: MultiTier Discounts ·
Publisher: MerchantCanvas ·
Last updated: March 24, 2026
Short version: We access only the Shopify data needed to run your discount campaigns. We do not sell your data. We do not use it for advertising. You can ask us to delete your data at any time.
1. Who We Are
MultiTier Discounts is a Shopify app published by MerchantCanvas. When you install this app, MerchantCanvas acts as the data processor on behalf of your store.
If you have questions about this policy, contact us at:
bariis.arslan@gmail.com
2. What Data We Access
To provide the app's functionality, we access the following data from your Shopify store:
- Shop information: Store name, domain, timezone, currency code, and IANA timezone. Used to configure discount campaigns correctly.
- OAuth session token: Used to authenticate your store and maintain your session within the app. Required by Shopify's embedded app standard.
- Products and collections: Product titles, IDs, variants, and collection memberships. Used only when you select products or collections as campaign targets.
- Orders: Order line items and applied discounts. Used to calculate campaign analytics and discount attribution. We access only the order data required to attribute discounts created by the app.
- Customer tags: Tag names only. Used when you configure customer-segment targeting for a campaign.
- Discount nodes: We create and manage Shopify discount records on your behalf when you activate a campaign.
3. What Data We Store
We store the following data in our own database (hosted on servers in the European Union):
- Session data: Your store's Shopify OAuth access token and session identifier. Required for the app to function. Access tokens are stored encrypted at the application layer.
- Campaign configurations: Names, discount tiers, trigger settings, start/end dates, and usage limits you define. This is the core data of the app.
- Analytics records: Pseudonymized order references, the campaign applied, discount amounts, and timestamps. Used to power your analytics dashboard. No customer names, emails, phone numbers, or addresses are stored.
- App settings: Your preferred language, discount threshold settings, and onboarding state.
We do not store customer names, email addresses, phone numbers, or shipping addresses.
4. How We Use Your Data
We use the data described above solely to:
- Display and manage your discount campaigns within the app
- Apply campaign logic at checkout via Shopify Functions
- Show analytics on your campaign performance
- Sync discount widget data to your storefront (via Shopify metafields)
- Process billing through Shopify's built-in billing API
We do not use your data for advertising, profiling, or selling to third parties.
5. Data Sharing
We do not sell, rent, or share your store data with any third parties, except:
- Shopify: All discount operations go through the Shopify API. Shopify's own privacy policy applies to data processed on their platform.
- Infrastructure providers: We use server and database infrastructure providers operating under data processing agreements. Your data does not leave EU-based infrastructure.
6. Data Retention
- Active stores: Data is retained for as long as the app is installed on your store.
- After uninstallation: When you uninstall the app, your session is immediately deleted. Campaign and analytics data is retained for up to 30 days for recovery and support purposes, then permanently deleted.
- On request: You may request immediate deletion of all data associated with your store at any time by contacting us.
7. Your Rights (GDPR and CCPA)
Depending on where your store operates, you may have certain rights regarding the data we process:
- Right to access: You can request a copy of all data we hold for your store.
- Right to deletion: You can request that we permanently delete all data related to your store.
- Right to correction: If any stored data is incorrect, you can request a correction.
- Right to portability: You can request your campaign and analytics data in a machine-readable format.
To exercise any of these rights, email us at bariis.arslan@gmail.com with the subject line "Data Request - [your store domain]". We will respond within 30 days.
8. Shopify Compliance Webhooks
We implement all mandatory Shopify compliance webhooks:
customers/data_request - We acknowledge and handle requests in line with Shopify's compliance workflow. The app does not store direct customer profile fields such as name, email, phone, or address.customers/redact - We acknowledge redact requests and remove stored shop data where applicable under Shopify's compliance workflow.shop/redact - We permanently delete all data associated with your shop within 30 days of receiving this request.
9. Security
We take reasonable precautions to protect your data. Access tokens and stored protected order references are encrypted or pseudonymized at the application layer, backups can be encrypted, and our server infrastructure uses HTTPS exclusively. Database access is restricted to application-level authentication only.
No method of transmission over the internet is 100% secure. If you become aware of any security concern, please notify us immediately at bariis.arslan@gmail.com.
10. Cookies
The app itself (running inside Shopify Admin) does not use cookies independently. Shopify manages session handling within their admin iframe. The storefront badge extension does not set any cookies.
11. Children's Privacy
This app is intended for use by Shopify merchants operating businesses. It is not directed at children under 13 and we do not knowingly collect data from minors.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make significant changes, we will notify merchants through the app interface or via email. The "Last updated" date at the top of this page reflects the most recent revision.
Continued use of the app after any changes constitutes acceptance of the updated policy.
13. Contact
For any privacy-related questions or requests:
MerchantCanvas
Email: bariis.arslan@gmail.com