Pure Subscriptions - Privacy Policy
================================================================================
PRIVACY POLICY
Pure Subscriptions (Paystack Integration)
================================================================================
Last Updated: October 17, 2025
INTRODUCTION
================================================================================
Pure Subscriptions ("we," "our," or "us") is committed to protecting your
privacy. This Privacy Policy explains how we collect, use, disclose, and
safeguard your information when you use our Shopify application ("the App").
INFORMATION WE COLLECT
================================================================================
1. INFORMATION COLLECTED FROM SHOPIFY
When you install and use our App, we collect the following information from
your Shopify store:
• Store Information: Store name, domain, contact email, currency, and locale
• Customer Information: Customer names, email addresses, shipping addresses,
billing addresses, and phone numbers
• Order Information: Order details, line items, prices, taxes, shipping
costs, and order status
• Product Information: Product names, descriptions, prices, variants, SKUs,
and inventory data
• Payment Information: Payment status and transaction references (we do NOT
store full payment card details)
2. INFORMATION COLLECTED FROM PAYSTACK
We collect the following payment-related information from Paystack:
• Payment Authorization Codes: Encrypted authorization tokens for recurring
payments
• Card Information: Last 4 digits of card numbers, card type (Visa,
Mastercard, etc.), expiration dates, cardholder names, and issuing bank
• Transaction Data: Transaction IDs, payment references, transaction amounts,
fees, and payment status
3. INFORMATION YOU PROVIDE
• Subscription Settings: Billing intervals, subscription plans, shipping
rates, and tax settings
• Email Templates: Custom email content for subscription notifications
• Support Inquiries: Any information you provide when contacting our support
team
4. AUTOMATICALLY COLLECTED INFORMATION
• Usage Data: Log data including IP addresses, browser types, access times,
and pages viewed
• Error Logs: Technical error information for debugging and improving the App
HOW WE USE YOUR INFORMATION
================================================================================
We use the collected information for the following purposes:
1. CORE FUNCTIONALITY
• Process recurring subscription payments
• Create and manage subscription orders
• Calculate shipping costs and taxes
• Send transactional emails (order confirmations, payment receipts,
subscription updates)
• Manage customer payment methods securely
2. SERVICE IMPROVEMENT
• Analyze usage patterns to improve the App
• Identify and fix technical issues
• Develop new features and functionality
3. COMMUNICATION
• Send service-related notifications
• Respond to support inquiries
• Provide important updates about the App
4. LEGAL COMPLIANCE
• Comply with legal obligations
• Prevent fraud and unauthorized access
• Enforce our Terms of Service
DATA STORAGE AND SECURITY
================================================================================
1. DATA STORAGE
• All data is stored on secure servers hosted by Heroku (Salesforce)
• Database is hosted on AWS RDS with encryption at rest
• Payment authorization codes are encrypted using industry-standard
encryption (AES-256)
2. SECURITY MEASURES
• All data transmission is encrypted using TLS/SSL
• Payment card data is tokenized and never stored in full
• Access to systems is restricted and monitored
• Regular security audits and updates
• Automated backup systems
3. DATA RETENTION
• Subscription data is retained while your subscription is active
• Historical order data is retained for accounting and legal purposes
• Payment method information is retained until manually deleted by the
merchant or customer
• Inactive subscriptions and associated data are retained for 7 years for
compliance purposes
DATA SHARING AND DISCLOSURE
================================================================================
We do NOT sell your personal information. We share data only in the following
circumstances:
1. SERVICE PROVIDERS
• Shopify: To create orders, manage customers, and process transactions
• Paystack: To process payments securely
• Gmail API: To send transactional emails (only if configured)
• Heroku/AWS: For hosting and infrastructure
2. LEGAL REQUIREMENTS
We may disclose information if required by law, subpoena, or court order, or
if necessary to:
• Comply with legal processes
• Protect our rights and property
• Prevent fraud or security issues
• Protect the safety of users or the public
3. BUSINESS TRANSFERS
If we are involved in a merger, acquisition, or sale of assets, your
information may be transferred as part of that transaction.
YOUR RIGHTS AND CHOICES
================================================================================
1. ACCESS AND CORRECTION
• Merchants can access and update their store settings within the App
• Customers can view and manage their subscriptions through the customer
portal
2. DATA DELETION
• Merchants can request deletion of their data by uninstalling the App
• Upon uninstallation, we will delete or anonymize your data within 30 days
(except data required for legal compliance)
• Customers can request deletion of their data by contacting the merchant
3. PAYMENT METHOD MANAGEMENT
• Customers can add, remove, or update payment methods
• Payment authorization tokens can be revoked at any time
4. EMAIL PREFERENCES
• Customers can manage email preferences through subscription settings
• Transactional emails (order confirmations, payment receipts) cannot be
opted out as they are essential to the service
THIRD-PARTY SERVICES
================================================================================
Our App integrates with the following third-party services:
1. SHOPIFY
Privacy Policy: https://www.shopify.com/legal/privacy
We access your Shopify store data through their API with your explicit
permission
2. PAYSTACK
Privacy Policy: https://paystack.com/privacy
Payment processing is handled securely by Paystack
We only store encrypted payment authorization tokens
3. HEROKU (SALESFORCE)
Privacy Policy: https://www.salesforce.com/company/privacy/
Infrastructure and hosting provider
4. AWS (AMAZON WEB SERVICES)
Privacy Policy: https://aws.amazon.com/privacy/
Database hosting and storage
CHILDREN'S PRIVACY
================================================================================
Our App is not intended for children under the age of 13. We do not knowingly
collect personal information from children under 13. If you believe we have
collected information from a child under 13, please contact us immediately.
INTERNATIONAL DATA TRANSFERS
================================================================================
Your information may be transferred to and processed in countries other than
your own, including South Africa, the United States, and other locations where
our service providers operate. We ensure appropriate safeguards are in place
to protect your information in accordance with this Privacy Policy.
GDPR COMPLIANCE (EUROPEAN USERS)
================================================================================
If you are located in the European Economic Area (EEA), you have additional
rights under the General Data Protection Regulation (GDPR):
1. LEGAL BASIS FOR PROCESSING
• Contractual Necessity: To provide the subscription service
• Legitimate Interest: To improve our services and prevent fraud
• Legal Obligation: To comply with tax and financial regulations
• Consent: For marketing communications (if applicable)
2. YOUR GDPR RIGHTS
• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time
To exercise these rights, contact us at: privacy@purecommerce.co.za
POPIA COMPLIANCE (SOUTH AFRICAN USERS)
================================================================================
We comply with the Protection of Personal Information Act (POPIA) for South
African users:
• We process information lawfully and with your consent
• We collect information for specific, lawful purposes
• We ensure data quality and implement security safeguards
• You have the right to access and correct your personal information
CHANGES TO THIS PRIVACY POLICY
================================================================================
We may update this Privacy Policy from time to time. We will notify you of any
material changes by:
• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a prominent notice within the App
Your continued use of the App after changes become effective constitutes
acceptance of the revised Privacy Policy.
CONTACT US
================================================================================
If you have questions, concerns, or requests regarding this Privacy Policy or
our data practices, please contact us:
Pure Commerce
Email: privacy@purecommerce.co.za
Support: Available through the App's support page
Data Protection Officer: privacy@purecommerce.co.za
MERCHANT RESPONSIBILITIES
================================================================================
As a merchant using our App, you are responsible for:
1. Customer Consent: Ensuring you have proper consent to collect and share
customer data
2. Privacy Notices: Providing your own privacy policy to your customers
3. Data Accuracy: Keeping customer information accurate and up-to-date
4. Compliance: Complying with applicable data protection laws in your
jurisdiction
DATA PROCESSING AGREEMENT
================================================================================
WE HAVE A FORMAL DATA PROCESSING AGREEMENT (DPA) WITH ALL MERCHANTS.
As a merchant using our App, you act as a Data Controller and we act as a Data
Processor on your behalf. Our Data Processing Agreement covers:
• Processing Activities: How we process your customers' personal data
• Security Measures: Technical and organizational safeguards we implement
• Sub-processors: Third-party services we use (Heroku, Paystack, Shopify,
Google, Sentry)
• Data Subject Rights: How we help you respond to customer requests
• Data Breach Notification: Our 24-hour breach notification policy
• International Transfers: Safeguards for cross-border data transfers
• Audit Rights: Your right to audit our compliance
View the full Data Processing Agreement at:
https://www.purecommerce.co.za/pages/data-processing-agreement-pure-subscriptions
By installing the Pure Subscriptions app, you accept the terms of our Data
Processing Agreement. This DPA is incorporated into our Terms of Service and
complies with:
• GDPR (EU General Data Protection Regulation)
• POPIA (South Africa Protection of Personal Information Act)
• PIPEDA (Canada Personal Information Protection and Electronic Documents Act)
• Other applicable data protection laws
COOKIES AND TRACKING
================================================================================
Our App uses minimal cookies and tracking technologies:
1. ESSENTIAL COOKIES
• Session Cookies: To maintain your login session
• Security Tokens: To prevent cross-site request forgery (CSRF)
2. ANALYTICS
• We may use analytics to understand how the App is used
• This helps us improve functionality and user experience
• Analytics data is aggregated and anonymized
CUSTOMER PORTAL PRIVACY
================================================================================
Our customer account extension allows your customers to:
• View their subscription details
• Manage payment methods (add, remove, set default)
• Update shipping addresses
• Reschedule orders
• View order history
All customer portal access is secured and requires authentication through
Shopify's customer accounts system.
PAYMENT SECURITY STANDARDS
================================================================================
We comply with PCI DSS requirements by:
• Never storing full payment card numbers
• Using Paystack's PCI-compliant payment processing
• Storing only encrypted authorization tokens
• Implementing strong access controls
RETENTION PERIODS
================================================================================
Data Type Retention Period
--------------------------------------------------------------------------------
Active subscriptions Duration of subscription + 7 years
Order history 7 years (tax/accounting requirements)
Payment methods Until manually deleted
Transaction logs 7 years (financial regulations)
Error logs 90 days
Webhook logs 30 days
Email logs 1 year
AUTOMATED DECISION-MAKING
================================================================================
Our App uses automated processes for:
• Calculating shipping costs based on rates you configure
• Processing recurring payments on scheduled dates
• Sending automated transactional emails
No automated decisions are made that significantly affect customers without
human review capability.
================================================================================
ACKNOWLEDGMENT
By installing and using Pure Subscriptions, you acknowledge that you have read
and understood this Privacy Policy and agree to its terms.
================================================================================
Pure Commerce - Pure Subscriptions
Email: privacy@purecommerce.co.za
================================================================================
