Privacy Policy

Section 1: Affily Mobile App Privacy Policy

This section applies to the Affily mobile app, affilyapp.com, and related services. It covers promoters, businesses, site visitors, applicants, and other users, as well as limited information provided by third parties such as Shopify and Stripe.

Categories of information we collect may include:

• account and profile information, such as name, username, email, business name, domain, avatar or logo, role, and account status;
• business and campaign information, including campaign names, descriptions, product links, pricing, categories, discount settings, promotion guidelines, media, and storefront setup data;
• promoter and referral information, including referral codes, payout schedule, category preferences, product keywords, leaderboard activity, and onboarding status;
• transaction and attribution data such as smartlinks, clicks, IP address, browser, operating system, device type, order records, order items, conversions, commissions, refunds, reversals, settlements, and related accounting records;
• payment and payout details including bank account display data, last four digits, payout method details, Stripe account status, requirements, capabilities, and related payment metadata;
• identity and compliance information, such as identity-verification results or related metadata from Stripe Identity or similar providers, fraud and risk signals, and records tied to compliance or legal requests;
• communication and support information, including support tickets, messages, internal notes, and notification preferences; and
• technical and usage information, including log data, app events, push tokens, and security information generated while using the platform.

Affily uses cookies and similar attribution technologies to determine whether a click or visit should be associated with a campaign, promoter, or referral. Affily currently uses a standard seven-day attribution cookie for campaigns unless otherwise stated. We use these technologies to operate services, attribute conversions, detect fraud, support analytics, and maintain related operational workflows.

We use personal information to operate, maintain, and improve the platform; create and manage accounts, campaigns, links, conversions, commissions, refunds, reversals, payouts, and settlements; attribute conversions and calculate amounts owed; detect, investigate, and respond to fraud, botting, abuse, chargebacks, security incidents, and harmful conduct; provide support and send notifications; enforce agreements and policies; comply with legal obligations; resolve disputes; protect rights and property; maintain accounting, audit, and tax records; and verify identities, eligibility, account ownership, and payout readiness.

Our legal bases for processing include performance of contract, compliance with legal obligations, legitimate interests such as fraud prevention and platform security, and consent where required by law.

We may share personal information with service providers and infrastructure vendors for hosting, analytics, communications, payment processing, identity verification, fraud prevention, support, and technical operations; with Stripe and related financial providers for payments, payouts, onboarding, identity checks, fraud review, and compliance workflows; with Shopify and other commerce integrations when necessary to sync campaign, order, refund, attribution, or compliance information; between businesses and promoters to the extent needed to operate campaigns, attribute conversions, resolve refunds and disputes, and administer payouts; with regulators, courts, law enforcement, and other authorities where required or reasonably necessary; and in connection with mergers, financings, acquisitions, reorganizations, or similar transactions.

When businesses provide customer, order, or related commerce data for attribution, commission calculation, fraud detection, reversals, or refund and dispute support, the business acts as controller or business and Affily acts as processor or service provider. Affily processes that data only for the limited purposes described in applicable business terms, the Data Processing Addendum, and documented written instructions, unless law requires otherwise.

We retain personal information as long as reasonably necessary to provide services, maintain records, process payouts, administer refunds and reversals, detect fraud, resolve disputes, comply with law, and protect the platform.

Users may access, update, or correct certain account information, request deletion subject to legal, security, accounting, fraud, and payment-reconciliation exceptions, and exercise applicable-law rights such as access, correction, deletion, portability, restriction, or objection. Users may opt out of non-essential communications, but operational and legal notices may still be sent.

Affily maintains commercially reasonable safeguards designed to protect information, but no system can guarantee absolute security. Our services are not for individuals under 18 years old.

Depending on your location, additional disclosures may apply under GDPR, UK GDPR, CCPA, and CPRA. For privacy requests, contact admin@affilyapp.com.

Section 2: Affily Shopify App Privacy Policy

This section applies when a Shopify merchant installs or uses the Affily Shopify app. Affily provides affiliate marketing, attribution, and commission tracking tools for Shopify merchants.

This Shopify privacy section applies to information collected or processed in connection with app installation, merchant account administration, support, compliance, and operational workflows. For merchant relationship and account data, Affily generally acts as controller. For merchant customer information made available through Shopify or merchant instructions to support attribution, commission, fraud prevention, refund, and analytics services, Affily acts as processor/service provider/contractor under applicable law.

For merchant account data, Affily acts as a controller. For merchant customer data received through Shopify or merchant workflows, Affily acts as a processor or service provider. We do not independently maintain full customer profiles unless provided by Shopify or the merchant.

Data categories for Shopify app operations may include:

• merchant account data;
• Shopify store and installation data;
• product, order, refund, and discount data received through Shopify APIs and webhooks;
• compliance webhook data, including customers/data_request, customers/redact, and shop/redact;
• attribution and tracking data, including aff_click_id, referral and UTM parameters, IP address, browser, operating system, device type, and referrer;
• storage and access technologies, including cookies, local storage, and session storage where applicable; and
• technical and security data, including logs, fraud signals, rate limiting, and abuse-prevention data.

Shopify permissions may include products, orders via webhooks, discounts, pixels and customer events, and app proxy interactions. Permissions may change as features evolve.

Affily also relies on webhook-driven workflows. Delays, failures, or inconsistencies in Shopify-delivered data may affect attribution, reporting, and related outputs. This policy does not guarantee uninterrupted or complete receipt of all Shopify-originated events.

We use this information for attribution and campaign tracking, commissions, reversals, and fee administration, fraud and abuse detection, support and communications, and legal, regulatory, and Shopify platform obligations. We may share data with service providers, Shopify, legal authorities, and payment or compliance partners where applicable.

Data is retained as needed for commissions, reversals, disputes, fraud investigations, and legal or accounting obligations. Some data may persist after app uninstall where required or permitted by law and platform obligations.

Merchants may submit privacy requests directly to Affily at admin@affilyapp.com. Customer requests are generally handled through merchant or Shopify privacy workflows.

Affily may process information in jurisdictions outside a merchant's location. Where required, Affily implements recognized safeguards for international transfers under applicable law.

Affily uses commercially reasonable administrative, technical, and organizational safeguards. No method of transmission or storage is completely secure, and Affily cannot guarantee absolute security.

Services are not intended for individuals under 18 years old. Affily may update this policy from time to time; updates are effective when posted or on a later stated effective date. Continued use after the effective date constitutes acknowledgment to the extent permitted by law.

Section 3: Data Retention / Deletion / Privacy Requests

Users may request deletion through in-app tools where available or by contacting admin@affilyapp.com from the email address associated with the account. Affily may request additional information to verify identity and authority before taking action.

This section also covers Shopify uninstall and privacy-redaction workflows. Uninstalling the Affily Shopify app generally ends active app access and may delete or invalidate Shopify session or installation access records, but uninstall does not automatically delete historical transaction, attribution, refund, fraud, support, accounting, legal, or compliance records.

After a deletion request is initiated, Affily may restrict account access and place the account into a pending deletion state. Final deletion may be delayed where needed for fraud review, payout reconciliation, refund and reversal processing, chargeback handling, security review, legal compliance, backup cycling, or other legitimate operational needs.

Affily receives and logs privacy-related Shopify webhooks, including customers/data_request, customers/redact, and shop/redact, and processes those through internal compliance workflows. Where Affily acts as processor/service provider for merchant customer data, the merchant remains primarily responsible for determining response scope and legal basis, subject to Shopify and legal requirements.

If Affily receives direct requests from individuals whose data was provided through a merchant's Shopify store, Affily may route the request through merchant or Shopify workflows as appropriate. Affily does not guarantee immediate deletion of all copies; backups and other lawfully retained records may persist until ordinary deletion cycles or retention periods expire.

Information that may be deleted or de-identified can include:

• profile and preference data no longer needed for active operations;
• campaign draft content, unused links, and certain non-required records;
• support communications or app-level metadata that no longer need identifiable links; and
• other data that can reasonably be deleted, anonymized, or de-identified without impairing legal compliance, fraud prevention, accounting integrity, or platform security.

Information Affily may retain includes:

• transaction, accounting, settlement, payout, refund, reversal, tax, and audit records;
• records needed to investigate fraud, abuse, security incidents, or policy violations;
• logs, device and IP data, support records, identity-verification records, and payment-provider records needed for legal claims, disputes, or compliance;
• records required by contractual, legal, court, regulatory, or payment-network obligations; and
• backup and disaster-recovery copies until overwritten in the ordinary course of operations.
• fraud, abuse, cooldown, rate-limiting signals, and related investigative records.

If a promoter deletes an account, the promoter forfeits rights to unpaid conversion profit, pending commission, unpaid referral code profit, referral bonus, reward, or similar amounts not already finally disbursed.

If a business deletes or closes an account, the business remains responsible for fees, refunds, reversals, chargebacks, negative balances, collection amounts, legal claims, and other obligations arising before or after deletion. Deletion does not erase payment obligations.

Affily may apply legal and compliance holds where needed. De-identified and aggregated information may be retained.

Contact Affily, Inc. at admin@affilyapp.com or by mail: