Overview
Custlo ("we", "us", "our") is a Shopify application developed and operated by Mandasa Technologies, Arihant Tower, Ramtekri, Mandsaur 458001, India. We provide customer account management, store credit, post-purchase upsells, and related features to Shopify merchants.
This Privacy Policy explains what data we collect from merchants and their end-customers, why we collect it, how it's used, and your rights regarding that data. It applies to:
- The Custlo Shopify application (apps.shopify.com/customer-dashboard-pro)
- Our website at custlo.com
- Any related services, APIs, or communications from Custlo
By installing or using the Custlo app, you (the merchant) agree to this Privacy Policy. If you do not agree, please uninstall the app and contact us to ensure your data is deleted.
Definitions
| Term | Meaning |
|---|---|
| Merchant / You | The Shopify store owner or operator who installs and uses the Custlo app. |
| End-Customer | A customer who shops at a merchant's store and whose data is processed by Custlo on behalf of the merchant. |
| Shop Data | Data related to the merchant's Shopify store — products, orders, configurations, etc. |
| Personal Data | Any information that identifies or can identify a natural person (e.g. name, email, IP address). |
| Data Controller | The merchant — the entity that determines the purposes and means of processing end-customer data. |
| Data Processor | Custlo — we process end-customer data strictly on behalf of the merchant and per their instructions. |
| Service | The Custlo app and website collectively. |
Shopify Data We Access
When you install Custlo, you grant us OAuth-based access to specific areas of your Shopify store. We only request the permissions we need to deliver our features. Below is a full list of the Shopify API scopes we use and why:
Read and write access to customer records — names, email addresses, phone numbers, addresses, order history, tags, and account status. Used to power the customer account portal, store credit balances, and loyalty features.
Read access to order data — line items, totals, fulfillment status, and refunds. Used to calculate cashback, display order history in the customer portal, and trigger post-purchase upsells.
Read and write access to gift card / store credit records. Used to issue, track, and redeem store credits on behalf of merchants.
Basic store details — store name, domain, currency, timezone, plan type. Used to configure Custlo correctly for your store and to process billing.
Read access to product catalog. Used only when you configure post-purchase upsell offers that display specific products.
We register webhooks for order creation, customer updates, and app uninstall events to keep data in sync and trigger automations in real-time.
Data We Collect
4.1 From Merchants (Store Owners)
- Name and email address (for account login and support communications)
- Shopify store URL and shop ID
- Billing information via Shopify Billing API (we do not store card details)
- App configuration preferences and settings you create within Custlo
- Support messages and communications you send us
4.2 From End-Customers (Your Shoppers)
We process the following end-customer data on behalf of merchants:
- Name, email address, phone number
- Shipping and billing addresses
- Order history and purchase data
- Store credit balances and transaction history
- Account login activity within the customer portal
- Loyalty points, rewards, and cashback records
- Wishlist and saved product data (where applicable)
4.3 Technical & Usage Data
- IP addresses and browser/device type (for security logging)
- Pages visited on custlo.com and time spent (via analytics)
- App feature usage patterns (aggregated and anonymized)
- Error logs and diagnostic data
How We Use Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing the Custlo app features | Merchant data, end-customer data, Shopify API data | Performance of contract |
| Processing store credits, cashback, and rewards | Customer orders, credit balances | Performance of contract |
| Customer portal functionality | Customer profile, orders, wishlist | Performance of contract |
| Sending transactional emails (trial expiry, billing) | Merchant email address | Performance of contract |
| Sending product update & onboarding emails | Merchant email address | Legitimate interest / Consent |
| Customer support and troubleshooting | Merchant data, support communications | Legitimate interest |
| Improving app features and performance | Anonymized usage data | Legitimate interest |
| Fraud detection and security | IP addresses, usage logs | Legitimate interest |
| Compliance with legal obligations | Any relevant data | Legal obligation |
We do not sell merchant or end-customer data to third parties. We do not use end-customer data for advertising purposes unrelated to the merchant's store.
Data Deletion & Mandatory Shopify Webhooks
Shopify requires all apps to respond to three mandatory data privacy webhooks. Here is how Custlo handles each:
7.1 Customer Data Request (customers/data_request)
When a Shopify merchant or end-customer requests a copy of their personal data, Shopify sends this webhook to Custlo. Upon receiving it, we will compile all data we hold for that customer (store credit history, portal activity, order-linked records) and provide it to the requesting merchant within 30 days. Merchants should forward this information to their customer.
7.2 Customer Data Erasure (customers/redact)
When a merchant requests erasure of an end-customer's personal data (e.g. when a customer exercises their right to be forgotten), Shopify sends this webhook to Custlo. We will permanently delete all personally identifiable information we hold for that end-customer within 30 days, except where retention is required by applicable law.
Data deleted includes: customer name, email, phone, address, store credit records, and portal activity logs tied to that customer's identity.
7.3 Shop Data Erasure (shop/redact)
When a merchant uninstalls the Custlo app, Shopify sends this webhook 48 hours after uninstall. Upon receiving it, we will permanently delete all shop-level data associated with that store, including all merchant configuration data, and all end-customer data processed on that store's behalf, within 30 days.
Email support@custlo.com with the subject line "Data Request" or "Data Deletion Request" and include your Shopify store URL. We will respond within 5 business days.
Data Retention
We retain data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|---|
| Active merchant account data | Duration of subscription + 30 days post-uninstall |
| End-customer data (active store) | Duration of merchant's subscription |
| End-customer data (after shop redact webhook) | Deleted within 30 days |
| Support communications | 3 years from last interaction |
| Anonymized usage/analytics data | Up to 36 months |
| Security and fraud logs | 12 months |
| Billing records | 7 years (legal/tax obligation) |
Security
We take the security of your data seriously. Our measures include:
- Encryption in transit: All data transferred between Custlo, Shopify, and your browser uses TLS 1.2+ (HTTPS).
- Encryption at rest: Sensitive data stored in our database is encrypted at rest.
- OAuth 2.0: We use Shopify's official OAuth flow for authentication — we never ask for or store your Shopify admin password.
- Access controls: Internal access to merchant data is strictly limited to team members who need it to provide support or operate the service.
- Regular audits: We review our security practices and dependencies periodically.
No system is 100% secure. In the event of a data breach that affects your data, we will notify affected merchants promptly and in accordance with applicable law.
GDPR & Your Privacy Rights
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data protection laws, you have the following rights regarding your personal data:
| Right | What it means |
|---|---|
| Right of Access | Request a copy of the personal data we hold about you. |
| Right to Rectification | Request correction of inaccurate or incomplete data. |
| Right to Erasure | Request deletion of your personal data ("right to be forgotten"). |
| Right to Restriction | Request that we limit how we use your data in certain circumstances. |
| Right to Portability | Receive your data in a structured, machine-readable format. |
| Right to Object | Object to processing based on legitimate interests or for marketing purposes. |
| Right to Withdraw Consent | Withdraw consent at any time where processing is based on consent. |
To exercise any of these rights, email support@custlo.com. We will respond within 30 days. For end-customers, requests should be routed through the merchant (your store owner), who acts as the data controller.
Cross-Border Data Transfers
Our servers are primarily based in India and the USA. If you are in the EEA or UK, your data may be transferred to countries that do not have the same data protection standards as your jurisdiction. We take appropriate safeguards (such as contractual clauses with sub-processors) to ensure adequate protection of your data during such transfers.
Children's Privacy
The Custlo app and website are not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will delete it promptly. If you believe we have collected such data, please contact us at support@custlo.com.
Changes to this Policy
We may update this Privacy Policy from time to time as our features evolve or as legal requirements change. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to active merchants at least 14 days before the change takes effect
- Post a notice in the Custlo app dashboard
Continued use of the app after the effective date of any changes constitutes your acceptance of the updated policy.
Contact Us
For any questions, data requests, or privacy concerns:
Mandasa Technologies
Arihant Tower, RamTekri, Mandsaur, MP, India 458001
We aim to respond to all privacy-related inquiries within 5 business days.