CareCreator respects your privacy. This policy describes how we collect, use, and protect your data.
When you install CareCreator, we store your shop domain and an access token to communicate with the Shopify Admin API. We also store care package templates you create, redemption link records (including recipient email addresses), and basic usage metrics.
When a recipient claims a gift through a CareCreator redemption link, we may additionally store: the first name, last name, and optional email the recipient enters on the claim page; the social media platforms they declared they plan to post on and any handle they provided; whether they consented to the merchant reposting their content, along with the timestamp and the version of the consent wording at the time of agreement; the Shopify draft order id and invoice URL for their checkout; and a non-reversible salted hash of the network IP address that submitted the claim (the raw IP is never stored — the hash exists solely to detect duplicate redemption attempts on the same link from the same network within a 24-hour window). The recipient-provided name and email are surfaced to the merchant whose store sent the gift as the audit-log entry for who claimed what.
Your data is used solely to operate the CareCreator application: creating templates, generating redemption links, and facilitating draft order creation through the Shopify API. Recipient information (social handles, consent state, cached customer name and email) is surfaced to the merchant whose store sent the gift so they can follow up, tag the recipient on social, and reach out for content reuse where the recipient has explicitly consented. We do not sell, share, or use your data for advertising purposes.
When you uninstall CareCreator, we process the shop/redact webhook from Shopify and delete all data associated with your shop, including templates, links, sessions, redemption records, social handles, and installation records.
When Shopify sends a customers/redact request for a specific customer, we redact the recipient-provided name and email, any cached Shopify customer name and email, and the hashed IP on every redemption tied to that person, delete the social handles they provided, and redact their email on any redemption link addressed to them. Recipients can also request deletion at any time by contacting the merchant or [email protected]. We also comply with customers/data_request as required by Shopify.
Access tokens are stored securely. All communication with Shopify uses HTTPS. Session cookies are signed with HMAC-SHA256 and are httpOnly.
For privacy questions, contact us at [email protected].