Legal
Privacy Policy
Last updated:
This document explains what information Wishlist & Save for Later (the “App”) collects, why we collect it, and what we do with it. The App is a Shopify application that helps merchants let shoppers save products to a wishlist, move cart items to save for later, and return to purchase when they are ready. The App connects to your storefront through a theme app embed and an app proxy. Throughout this policy, “we,” “us,” and “our” refer to the legal entity that operates the App. “You” means the merchant who installs the App. Shoppers are people who visit your storefront and save, view, or manage wishlist items.
Shopify runs its own platform. When you use Shopify, Shopify’s terms and privacy policy apply to Shopify’s services. This policy only covers how we handle information in connection with Wishlist & Save for Later.
If you are a shopper, the merchant is usually the one who decides why your data is collected. We process shopper information on the merchant’s instructions to deliver the features they enable. For most privacy requests, you should start with the store you used; we describe how we help merchants and Shopify with compliance below.
1. Who is responsible for your information?
| Role | Value |
|---|---|
| Data controller (for merchant and App operational data) | SideHustleX |
| Privacy contact | contact@hustlepops.com |
Use the email above for questions about this policy or requests about personal data we hold in connection with the App.
2. What we collect
2.1 From Shopify when you install or use the App
Installing the App through Shopify allows us to receive and use the minimum data needed to sign you in, identify your store, and perform the functions you expect. That typically includes:
- Store identifiers (for example, shop domain and internal IDs).
- Account-related details Shopify provides in the install or admin context, such as contact email and plan signals where applicable.
- Access credentials Shopify issues for API use so the App can call Shopify on your behalf.
- Product and variant data (for example, titles, handles, images, prices, and inventory-related fields) when needed to display wishlist items and storefront widgets.
- Customer data where you enable logged-in wishlists or account-page features, limited to what Shopify exposes for matching saved items to a customer profile.
- Theme information needed to render wishlist buttons, pages, and embeds.
The permissions you approve at install define what we can request. As of the date above, the App may request scopes such as: read products, read themes, read customers, read and write metaobject definitions, read and write metaobjects, and write app proxy. The exact list shown in Shopify at installation applies to your store.
We use that access to publish widget configuration to your theme embed, process wishlist actions through the app proxy, sync saved items for logged-in customers where enabled, and run the merchant admin experience. We do not use OAuth tokens for unrelated purposes.
2.2 Data you (the merchant) generate inside the App
We store configuration and operational records needed to run the service, which may include:
- Wishlist button, page, and save-for-later settings (copy, styling, display rules, and layout preferences).
- Onboarding and theme embed status for your shop.
- Wishlist records (saved products and variants, list names, guest or customer identifiers, and timestamps).
- Save-for-later cart item references when shoppers move products out of checkout flow.
- Aggregate analytics (for example, top wishlisted products, list growth, and engagement counts).
- Optional notification settings if you enable email alerts for price changes or restocks.
2.3 Data from shoppers on your store
If a shopper saves an item, shares a list, or uses save for later, we may process:
- Information they submit or that Shopify associates with them, such as an email address for guest list recovery, logged-in customer IDs, or marketing opt-in where you enable it.
- Product and variant identifiers for items they save or move to save for later.
- List metadata such as list name, share tokens, or device-level identifiers used to persist guest wishlists across sessions.
- Technical metadata such as IP address, user agent, and timestamps, for security, abuse prevention, and reliability.
The merchant is responsible for having a lawful basis and a clear notice for that collection, where the law requires it.
2.4 Compliance and lifecycle signals from Shopify
We subscribe to webhooks required for app operations and privacy compliance, which may include app uninstall, products update, customers update, and mandatory privacy topics Shopify specifies (for example, customer data request, customer redact, and shop redact). We use payloads only to keep wishlists accurate, operate the App, and meet our obligations under Shopify’s program rules and applicable law.
2.5 When you browse our site or the App’s web surfaces
When you or your staff use our pages or the embedded admin App, we and our infrastructure partners may process device and connection data, usage logs, and cookies or similar storage to run the service, keep it secure, and diagnose issues. A current list of material subprocessors (hosting, database, email, etc.) is available on request.
3. How we use information
We process personal data to:
- Provide, maintain, and secure the App, including authentication, app proxy routes, theme embed configuration, and wishlist storage.
- Let shoppers create, view, edit, share, and recover wishlists and save-for-later lists you enable.
- Show dashboard metrics (for example, wishlist growth and top saved products) to merchants.
- Send optional shopper notifications merchants configure (for example, price-drop or restock reminders tied to wishlisted items).
- Communicate with you about the App, security, and support.
- Improve and troubleshoot the product, including fraud prevention and error diagnosis.
- Comply with law, enforce our terms, and respond to valid requests from public authorities, courts, or Shopify’s compliance program.
We do not sell your personal information in the sense used by many U.S. state privacy laws. We do not use shoppers’ contact details for our own unrelated marketing unless that is a separate, clearly disclosed practice.
4. Legal bases (EEA, UK, Switzerland, and similar)
Where GDPR-style laws apply to our own processing, we may rely on:
- Contract — to provide the App you asked us to run.
- Legitimate interests — to keep our systems secure, fix bugs, and protect users, balanced against your rights.
- Legal obligation — where the law compels retention or disclosure.
- For shoppers’ data, we usually act as a processor on the merchant’s instructions.
5. Retention and uninstall
We keep merchant and configuration data for as long as you use the App and for a limited period afterward where needed for legal, accounting, or security reasons.
Wishlist and save-for-later records are kept for as long as the feature requires or until deletion is triggered by you, a shopper request handled through the merchant, a redaction request, or uninstall procedures.
When the App is uninstalled, we follow Shopify’s requirements to stop processing for that shop and to delete or de-identify personal data, except where a narrow legal or security need requires minimal records.
7. Your rights
Merchants: Depending on your location, you may have the right to access, correct, delete, object, restrict processing, or port your data. Contact contact@hustlepops.com.
Shoppers: Contact the merchant first. We will work with the merchant and Shopify when a valid privacy webhook or other lawful process applies.
8. Children
The App is not intended for use by children, and we do not knowingly collect personal data from children. If you believe a child’s data was collected, contact us and we will take appropriate steps.
9. Changes
We may update this policy. We will change the “Last updated” date and, if the change is material, provide additional notice when practical.