privacy policy - Shopify
updated on 30th october 2025
PLEM (“we,” “us,” or “our”) has published this Privacy Policy to explain how we collect, use, disclose, and store personal information. Transparency is important to us, so this document provides both a concise summary and detailed explanation.If you have questions, contact: support@plem.in
Processing of Personal Information
Most personal information we process is necessary to provide our services and meet contractual obligations with merchants - including loyalty points, rewards, and coupon functionality. We do not collect or process payment details or other financial transaction data. All payment processing remains the sole responsibility of the merchant’s Shopify store and its chosen payment providers. In other cases, we rely on legitimate interest or, where required, user consent.
We process information to:
Communicate with merchants and users
Track and process purchases and reward points
Manage, improve, and analyze service usage
Prevent fraud and ensure platform security
Comply with applicable legal requirements
Where required by law (such as in the EEA or UK), the legal bases for processing include:
Contractual necessity (providing services to merchants)
Legitimate interests (improving our services, preventing fraud)
Consent (where you opt-in to marketing communications)
Additional Note for Shopify Merchants and Users
The PLEM Shopify application does not process, collect, store, or handle any payment information, credit card data, or financial transactions.
All payment processing is handled directly by individual Shopify stores through their own payment systems. PLEM has no involvement in the payment flow.
This Shopify app is limited exclusively to:
Loyalty program management
Rewards points tracking
Coupon creation functionality
Customer payment data is never accessed, processed, or stored within the PLEM Shopify app environment.
All communication between the app and users is protected using TLS 1.2+ encryption, and sensitive data (like storefront access tokens) is encrypted at rest using AES-256-GCM with secure key management.
Data Deletion and Retention
For Shopify Merchants, data deletion follows Shopify’s requirements:
Automatic Deletion: Uninstalling the PLEM app triggers a Shopify webhook that automatically requests deletion of all store data within 30 days.
Manual Request: Merchants may contact support@plem.in for immediate deletion.
No Sale of Data: PLEM does not sell, rent, or trade merchant or customer data to third parties under any circumstances. Any sharing of information is as required by law, and is always subject to strict confidentiality and security obligations.
We retain data only as long as necessary to:
Provide services
Comply with legal obligations
Maintain business records
After this period, data is securely deleted or anonymized.
Tracking Technologies
We use cookies and similar tools to enhance user experience and analyze traffic.
You can disable cookies through your browser settings; however, certain features may not function properly without them.
Cookies: Site functionality, analytics, and preferences.
IP Address: Retained for up to 24 months for security and fraud prevention.
Web Beacons: Measure engagement in emails or marketing campaigns.
Security of Personal Information
We maintain strict physical, technical, and procedural safeguards, including:
TLS 1.2+ for all data in transit
AES-256-GCM encryption for sensitive data at rest
Secure key management via environment variables
HTTPS-only communication enforced in production
No payment data storage of any kind
While we implement strong security measures, no system is completely immune to risk.
Your Privacy Rights
Depending on your jurisdiction, you may have the right to:
Access, correct, or delete your data
Object to or restrict processing
Withdraw consent at any time
To exercise your rights, contact support@plem.in. Verification may be required.
For merchants, customer data deletion requests must be directed to the relevant merchant, not PLEM.
