Privacy Policy
Last updated: May 18, 2026
1. Who We Are
echomate is a Shopify app developed by Valerian Huber, operating under the brand Alpin-Code (alpin-code.de) and the Shopify-app studio shopforge.studio. echomate provides store health monitoring, QR code generation, short link tracking, link-in-bio pages, loyalty stamp cards, wallet passes, and analytics for Shopify merchants.
2. What Data We Collect
Merchant Data (Shopify Store Owners)
- Shop domain — Your myshopify.com domain, used to identify your store
- Session tokens — Encrypted Shopify session data for authentication
- Settings — Your app configuration (scan frequency, QR branding, stamp-card mechanics, etc.)
- QR codes, short links & bio pages — The QR codes, short links, and bio-page content you create
- Stamp-card configuration — Reward thresholds, trigger modes, discount-code names you select
End-User Data — Anonymous Tracking (QR scans & link clicks)
- IP address — Hashed (SHA-256) and truncated daily for privacy. We never store raw IP addresses.
- Country — Derived from Cloudflare headers (cf-ipcountry), not from IP geolocation
- Device type, browser, OS — Extracted from the User-Agent header
- Referrer — Sanitized (query params and fragments stripped)
- Timestamp — When the scan or click occurred
End-User Data — Loyalty Program (Stamp Cards) Sprint-2+
When a merchant activates the stamp-card / loyalty feature, the following data is processed per customer for the purpose of running the merchant's loyalty program:
- Customer e-mail address — Provided by the customer during checkout in the merchant's shop. Used as the unique identifier of the customer's stamp card. We store both the cleartext e-mail (for the merchant to communicate with the customer) and a SHA-256 hash (for the unique constraint).
- Order metadata — Shopify Order ID, order name (e.g.
#1001), order value, order currency, order timestamp. We do not store line items, shipping addresses, or payment details. - Stamp count — How many stamps the customer has collected toward the next reward.
- Reward status — Whether a reward (discount code) has been issued, whether it has been redeemed, when it expires.
- Refund events — If a stamping order is later cancelled or refunded, we log the event for transparency and (depending on merchant configuration) reverse the stamp.
End-User Data — Wallet Pass (Apple Wallet / Google Wallet) Sprint-7+
If a customer chooses to add an echomate stamp-card to Apple Wallet or Google Wallet:
- Pass-personalisation data — Merchant's shop name & brand color, customer's current stamp count, the customer e-mail (used as the pass' unique serial token). This data is embedded in the pass itself.
- Device registration token (Apple only) — When the customer adds the pass to Apple Wallet, Apple sends us a device-token via the PassKit Web Service so we can notify the device when the stamp count changes. We do not receive any other Apple-account information.
- Pass identifier & auth token — Stored server-side in our
wallet_pass_registrationtable so we can authenticate pass-update requests from Apple/Google. - Transfer to Apple / Google — Pass-personalisation data is transmitted to Apple Inc. (USA) and Google LLC (USA) when the pass is downloaded / updated. These transfers happen under the EU-US Data Privacy Framework. Customers can remove the pass from their wallet at any time, which deletes the device-side data.
3. What Data We Do NOT Collect
- We do not use cookies on redirect pages
- We do not collect names, e-mail addresses, or personal identifiers of end-users outside the explicit loyalty / wallet-pass features (which are merchant-activated and customer-triggered by placing an order or adding a pass)
- We do not sell data to third parties
- We do not use the data for advertising
- We do not store raw IP addresses (only daily-rotated hashes)
- We do not read order line items, shipping addresses, or payment-card data — only order total + currency + ID
4. How We Use Data
- Analytics — Aggregate scan/click counts, device breakdowns, country distribution
- A/B Testing — Random variant selection (no user profiling)
- Rate Limiting — Prevent abuse (IP-based, in-memory only)
- Store Health — Google PageSpeed API calls on merchant's behalf
- Loyalty Program — Track stamp count per customer, issue reward discount codes when threshold is reached, send reward / status e-mails to the customer on the merchant's behalf
- Wallet Pass — Generate Apple-Wallet (.pkpass) and Google-Wallet pass objects when a customer requests one, push updates to the customer's device when the stamp count changes
5. Legal Basis for Processing (GDPR Art. 6)
- Merchant data — Art. 6(1)(b) GDPR (contract performance: the merchant installed the app to receive the service)
- Anonymous tracking data (QR / link) — Art. 6(1)(f) GDPR (legitimate interest of the merchant in measuring the effectiveness of their own marketing materials, balanced against the customer's privacy via the anonymisation measures listed in § 2)
- Loyalty program data — Art. 6(1)(b) GDPR (pre-contractual / contractual measure: the customer participates by placing a qualifying order in the merchant's shop, in accordance with the merchant's loyalty terms and conditions which the merchant publishes separately)
- Wallet-pass data — Art. 6(1)(b) GDPR (the customer triggers the pass creation by tapping “Add to Apple/Google Wallet”, expressing their wish to receive the loyalty benefit through their wallet)
6. Data Storage & Security
- Data is stored in Supabase (PostgreSQL, EU region) and a self-hosted PostgreSQL on our European VPS, both with Row-Level Security (RLS) enabled
- All connections use HTTPS/TLS
- API keys are stored as SHA-256 hashes (never in plain text)
- Shopify session tokens are encrypted
- Wallet-pass cryptographic certificates are stored as environment variables and never logged
- Our servers run on a dedicated VPS with Docker containerisation, hosted in the EU
7. Data Retention
- Analytics data: Free plan — 7 days; Growth plan — 180 days; Pro / Business plan — until app uninstall. A daily cron job removes expired records.
- Loyalty / stamp-card data: Deleted when the customer's stamp card is inactive for 24 months (no new order, no reward redemption) and there are no overriding merchant-side bookkeeping obligations. Audit-logs (
stamp_event) are anonymised after 18 months. - Wallet-pass registrations: Removed when the customer deletes the pass from their wallet (Apple/Google notifies us via webhook), or after 24 months of inactivity.
- App uninstall: Merchant data is retained for 30 days (to allow re-install), then permanently deleted via the
shop/redactShopify webhook. - Right-to-be-forgotten: On request via the
customers/redactwebhook (Shopify) or via direct contact, we delete the affected customer's data within 30 days, except where statutory retention obligations (e.g. tax/commercial law on the merchant side) require otherwise.
8. Third-Party Services (Sub-processors)
- Shopify — Authentication, billing, order webhooks, customer data requests
- Supabase — Database hosting (EU region)
- Hostinger (VPS) — Application hosting (EU region, Frankfurt)
- shopforge.studio (our own Hub) — Routes all outbound transactional e-mails (reward e-mails, status e-mails, performance alerts) through a central proxy so we can rotate keys and apply consistent branding. The Hub talks to Resend (EU region) for actual delivery. Only the recipient e-mail address, subject, and body are transmitted.
- Apple Inc. (only when wallet-pass feature is used) — PassKit Web Service (USA, EU-US Data Privacy Framework). Receives pass-update notifications for Apple-Wallet customers.
- Google LLC (only when wallet-pass feature is used) — Google Wallet API (USA, EU-US Data Privacy Framework). Receives pass-update notifications for Google-Wallet customers.
- Google PageSpeed Insights API — Store health scanning (merchant-initiated only)
- Google Analytics 4 — Optional, merchant-configured for their own GA4 property. Forwards anonymised aggregate events.
- Facebook Pixel / Google Ads — Optional retargeting, merchant-configured. Disabled by default.
9. GDPR Compliance
We comply with the General Data Protection Regulation (GDPR):
- We process data based on the legal bases listed in § 5
- We act as processor for the merchant's loyalty / wallet-pass data (the merchant is the controller of their own customers' data). A Data Processing Agreement (DPA / AVV) template is available on request via support@echomate.shop.
- We support Shopify's mandatory GDPR webhooks:
customers/data_request— We respond with any data we hold about the customer (stamp count, reward status, anonymised tracking) within 30 dayscustomers/redact— We delete the customer's stamp card, wallet-pass registration, and any tracking entries we can resolve to them within 30 daysshop/redact— We delete all shop data within 48 hours of receiving the webhook (Shopify-mandated 48-hour window)
- End-users (customers) can request data deletion by contacting the merchant (recommended, since the merchant is the controller) or us directly at support@echomate.shop
- We do not transfer personal data outside the EU/EEA except for the Apple/Google Wallet integrations (§ 8), which rely on the EU-US Data Privacy Framework
10. Your Rights
As a merchant or end-user, you have the right to:
- Access the data we hold about you (Art. 15 GDPR)
- Request correction of inaccurate data (Art. 16)
- Request deletion of your data (Art. 17 — subject to retention obligations in § 7)
- Object to data processing (Art. 21)
- Restrict processing (Art. 18)
- Export your data in a machine-readable format (Art. 20 — available via CSV export and REST API for merchants; via “customers/data_request” for customers)
- Withdraw consent at any time, where consent is the legal basis
- Lodge a complaint with a supervisory authority (the data-protection authority of your habitual residence)
11. Loyalty Program — Information for Customers
If you have collected stamps on a merchant's shop powered by echomate:
- The merchant is the controller of your data — questions about “Why did I lose a stamp?” or “When does my reward expire?” should go to the merchant.
- echomate is the processor — we run the technical system on the merchant's behalf under a Data Processing Agreement.
- You can request deletion of your stamp card at any time by contacting either the merchant or us at support@echomate.shop.
- If you add the stamp card to Apple Wallet / Google Wallet, you can remove it at any time by deleting it from your wallet app — this also removes the device-registration on our side.
12. Contact
For privacy inquiries, data requests, or questions:
Email: support@echomate.shop
Developer / Operator: Valerian Huber
Brand: Alpin-Code (alpin-code.de) / shopforge.studio