HomeAppsEmail Popups › Privacy Policy

Privacy Policy

BA: Email Popup & Discount Pop ยท Shopify App Store

๐Ÿ“… Effective Date: May 22, 2026 ๐Ÿ”„ Last Updated: May 22, 2026 ๐Ÿข Banify Apps  ยท  banifyapps.io
๐Ÿ”’
Short version: We collect only what is needed to run email and discount popups on your store. We do not sell personal data. End-customer emails are synced to your chosen email platform and are not permanently stored on our servers. We do not use cross-site advertising trackers.

1. Overview

This Privacy Policy explains how Banify Apps ("we," "us," or "our") collects, uses, stores, and protects information when you install and use the BA: Email Popup & Discount Pop application (the "App") available on the Shopify App Store.

By installing or using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please uninstall the App and discontinue use.

โ„น๏ธ
Who this policy covers: This policy applies to (a) Shopify merchants who install the App on their store, and (b) end customers who interact with popups displayed by the App on a merchant's store.

2. Who We Are

The App is developed and maintained by Banify Apps, a Shopify app development company.

Company: Banify Apps

Website: banifyapps.io

Privacy & general inquiries: [email protected]

App support: [email protected]

For the purposes of applicable data protection law (including the GDPR), we act as the data controller for personal data collected through the App. Merchants remain the data controller for their store customers' personal data and are responsible for their own store privacy notices.

3. Data We Collect

The App collects the following categories of data in order to function correctly and deliver its services.

3.1 Data From Merchants (Store Owners)

Data TypeExamplesWhy We Need It
Account identifiers Name, email address, phone number, physical address Account setup, billing, and support communication
Store configuration Theme settings, Online Store page content, discount codes, locales, locations To display and customize popups on your store
Product data Products, collections To enable product-specific popup targeting
Order history Order data from the last 60 days To enable targeting rules based on purchase behaviour
Discounts & promotions Discount codes, price rules To generate and auto-apply unique discount codes
Analytics pixels Web pixel events on your storefront To track popup impressions, clicks, and conversions

3.2 Data From Your Store's Customers (End Users)

When a visitor interacts with an email popup displayed on your Shopify store, the App may collect the following data:

Data TypeExamplesWhy We Need It
Contact information Email address (optionally: name) To fulfil the purpose of the email capture popup
Browsing & behaviour data Pages visited, time on page, scroll depth, exit intent signals To trigger popups at the right moment (e.g., exit intent, time delay)
Device & session data IP address, browser type, operating system, client ID cookie To suppress duplicate popups and prevent spam submissions
Geolocation Country/region derived from IP address To enable geo-based popup targeting
โ„น๏ธ
Note: We only collect end-customer data on behalf of the merchant whose store the App is installed on. Merchants are responsible for ensuring their customers are properly informed of data collection through their own store's privacy notice.

3.3 Data We Do NOT Collect

  • Payment card numbers or financial details
  • SMS/phone numbers (our App does not support SMS popups)
  • Passwords or login credentials
  • Sensitive personal data (health, biometric, or government ID data)
  • Data from users under 16 years of age (see Section 11)

4. How We Use Your Data

We use the data we collect for the following purposes:

  • Delivering the App's core functionality โ€“ displaying email popups, newsletter signup forms, exit intent popups, and discount popups on your Shopify store.
  • Discount code generation โ€“ creating unique discount codes and auto-applying them at checkout when a visitor submits a popup form.
  • Popup targeting & personalisation โ€“ showing relevant popups based on triggers such as exit intent, time delay, page URL, scroll depth, and visitor geo-location.
  • Subscriber syncing โ€“ transmitting captured email addresses to the merchant's connected email marketing tools (Shopify Email, Klaviyo, Mailchimp) as instructed by the merchant.
  • Analytics & A/B testing โ€“ measuring popup performance (impressions, submissions, conversions) and enabling merchants to test different popup variants.
  • App maintenance & support โ€“ diagnosing technical issues, responding to support requests, and improving App stability.
  • Legal compliance โ€“ complying with applicable laws, regulations, and Shopify's Partner Program requirements.

We do not use merchant or customer data for advertising, profiling, or any purpose unrelated to operating and improving the App.

5. Data Sharing & Third Parties

We do not sell, rent, or trade personal data. We may share data in the following limited circumstances:

5.1 Service Providers

We work with carefully selected sub-processors who help us deliver and operate the App (e.g., cloud hosting, error monitoring). These providers access data only as required to perform services on our behalf and are bound by data processing agreements.

5.2 Merchant-Authorised Integrations

When a merchant connects a third-party email marketing platform (Shopify Email, Klaviyo, Mailchimp), we transmit subscriber data to that platform solely as directed by the merchant. Please review Section 6 for details.

5.3 Shopify

As the App is built on the Shopify platform, Shopify has access to certain App usage data in accordance with Shopify's Privacy Policy.

5.4 Legal Requirements

We may disclose data when required by law, court order, or governmental authority, or when necessary to protect our rights, property, or safety.

5.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will provide notice before any such transfer and before personal data becomes subject to a different privacy policy.

6. Third-Party Integrations

The App integrates with the following platforms at the merchant's election. Each has its own privacy policy that governs how it handles data.

IntegrationData TransmittedPrivacy Policy
Shopify Email Subscriber email addresses, consent status shopify.com/legal/privacy
Klaviyo Subscriber email addresses, list/segment assignments, consent status klaviyo.com/legal/privacy-notice
Mailchimp (Intuit) Subscriber email addresses, list assignments, consent status mailchimp.com/legal/privacy

Data is only sent to an integration when a merchant has explicitly connected and authorised it within the App's settings. Merchants are responsible for ensuring their use of these platforms complies with applicable data protection law.

7. Cookies & Tracking Technologies

The App uses the following lightweight tracking mechanisms on merchant storefronts to deliver its popup functionality:

7.1 Session & Suppression Cookies

We set a first-party browser cookie to remember that a visitor has already seen or dismissed a popup, so it is not displayed repeatedly. These cookies contain no personally identifiable information.

7.2 Analytics Pixels

The App embeds a lightweight script (web pixel) on the merchant's storefront to capture popup impression and submission events. This data is aggregated and used solely for the popup analytics dashboard visible to the merchant.

7.3 No Cross-Site Tracking

We do not use cross-site tracking cookies, advertising cookies, or any tracking technology that follows visitors across different websites.

7.4 Cookie Consent

Merchants using the App in jurisdictions requiring cookie consent (such as the EU under the ePrivacy Directive / GDPR) are responsible for including the App's cookies in their store's cookie consent mechanism.

8. Data Retention

Data CategoryRetention Period
Merchant account data Retained for the duration of the App subscription, then deleted within 30 days of uninstallation.
End-customer email addresses captured via popups Retained only until successfully synced to the merchant's designated email platform, then purged from our servers. Raw copies are not permanently stored.
Popup analytics & aggregated event data Retained for up to 24 months to enable historical reporting, then deleted.
Support communication records Retained for up to 3 years for internal records and dispute resolution.
Session / suppression cookies Expire automatically after 30 days or on browser session end (where session cookies are used).

Upon App uninstallation, merchants may submit a data deletion request (see Section 14) to ensure all associated data is permanently removed from our systems within 30 days.

9. Your Rights โ€“ GDPR (EU & UK)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and/or the UK GDPR applies to our processing of your personal data. You have the following rights:

  • Right of Access โ€“ Request a copy of the personal data we hold about you.
  • Right to Rectification โ€“ Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten") โ€“ Request deletion of your personal data, where we are not legally required to retain it.
  • Right to Restriction โ€“ Request that we restrict processing of your data in certain circumstances.
  • Right to Data Portability โ€“ Receive your data in a structured, machine-readable format.
  • Right to Object โ€“ Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent โ€“ Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.

Legal Bases for Processing

We process personal data on the following legal bases:

  • Contract performance โ€“ To deliver the App's services to merchants under our Terms of Service.
  • Consent โ€“ When end customers submit their email address via a popup, processing is based on the consent signal presented in the popup form.
  • Legitimate interests โ€“ For analytics, security, and App improvement, where such interests are not overridden by individual rights.
  • Legal obligation โ€“ Where required by applicable law.

To exercise your GDPR rights, contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your supervisory authority.

10. Your Rights โ€“ CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the CPRA, provides you with additional rights:

  • Right to Know โ€“ Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to Delete โ€“ Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct โ€“ Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing โ€“ We do not sell or share personal information for cross-context behavioural advertising.
  • Right to Non-Discrimination โ€“ We will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, contact us at [email protected]. We will respond within 45 days, with an optional 45-day extension where reasonably necessary.

11. Children's Privacy

The App is designed for use by Shopify merchants and is not intended for, or directed at, children under the age of 16 (or 13 in the United States).

We do not knowingly collect personal data from children. If we become aware that a child under the applicable minimum age has submitted personal data through a popup form, we will promptly delete that data.

Merchants who operate stores targeting audiences that may include minors are responsible for implementing appropriate safeguards, including age-verification mechanisms on their popup forms.

12. Data Security

We take the security of personal data seriously and implement appropriate technical and organisational measures, including:

  • Encryption of data in transit using TLS (HTTPS) on all connections.
  • Encryption of data at rest using industry-standard encryption protocols.
  • Access controls ensuring that only authorised personnel can access personal data.
  • Regular security assessments and vulnerability monitoring.
  • GDPR-aligned sub-processor agreements with all data processors.

While we work hard to protect your data, no method of electronic storage or transmission over the internet is 100% secure. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify affected parties and relevant authorities in accordance with applicable law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or App functionality. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Notify merchants via the App admin or email where the change is significant.

Your continued use of the App after any changes become effective constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

Privacy Contact / Data Controller: Banify Apps

Email: [email protected]

Support: [email protected]

Website: banifyapps.io

Response Time: We aim to respond to all privacy-related requests within 5โ€“10 business days.

EU/UK Representative

If your company is not based in the EU or UK but processes data of EU/UK residents, you may be required to appoint a local representative under GDPR Article 27. Banify Apps does not currently maintain a separate EU/UK representative. For GDPR-related inquiries, contact [email protected].

โœ“
This privacy policy applies specifically to BA: Email Popup & Discount Pop. For our other apps, see Referral App Privacy and AI Visibility Privacy. For general company privacy matters, see our main Privacy Policy.