Privacy Policy

1. Introduction

Brand Clubb ("we", "our", or "us") operates a platform that helps brands run ambassador and affiliate programs. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our services, including our Shopify integration.

2. Information We Collect

From Shopify Stores

When a merchant connects their Shopify store to Brand Clubb, we access the following data through the Shopify API:

• Order information (order number, amounts, status, line items)
• Customer information (name, email, shipping address)
• Product catalog data (titles, descriptions, images, pricing)
• Discount and price rule data

From Ambassadors & Members

• Account information (name, email address)
• Profile information (bio, social media links, profile photo)
• Commission and payout information

Automatically Collected

• Attribution cookies for tracking referral links
• Browser type, device information, and IP address
• Usage data (pages visited, features used)

3. How We Use Your Information

• Order attribution: matching purchases to ambassador referral links and discount codes
• Commission tracking: calculating and managing ambassador commissions and payouts
• Campaign management: running and measuring marketing campaigns
• Product sync: displaying up-to-date product catalogs for ambassador content creation
• Communication: sending transactional emails (account invitations, commission notifications, campaign updates)
• Analytics: providing merchants with program performance dashboards

4. Data Sharing & Third-Party Services

We do not sell your personal information. We share data only with the following service providers, as necessary to operate our platform:

• Shopify: e-commerce platform integration for order and product data
• Supabase: database hosting and authentication
• Resend: transactional email delivery
• Cloudflare R2: file and image storage
• Vercel: application hosting

5. Data Retention & Deletion

We retain your data for as long as your account is active or as needed to provide our services. When data is no longer required:

• Customer personal information is soft-deleted (PII fields are cleared while maintaining anonymized records for historical reporting)
• When a Shopify store uninstalls our app, all associated customer PII is automatically redacted within 48 hours
• You can request deletion of your data at any time by contacting us

6. GDPR & Your Rights

If you are located in the European Economic Area (EEA), you have the following rights:

• Access: request a copy of the personal data we hold about you
• Rectification: request correction of inaccurate data
• Erasure: request deletion of your personal data
• Portability: request your data in a portable format
• Objection: object to processing of your data

We process GDPR data subject requests received through Shopify's mandatory compliance webhooks automatically. For direct requests, contact us using the information below.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption of sensitive credentials at rest, HMAC signature verification on all webhooks, row-level security policies on our database, and HTTPS encryption for all data in transit.

8. Cookies

We use essential cookies for authentication and session management. We also use attribution cookies to track referral links for commission purposes. These cookies are necessary for the core functionality of our service.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify affected users of any material changes via email or through our platform.

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: privacy@brandclubb.com