CharityChoice Privacy Policy

Last updated: 25 July 2025

1. Introduction

This Privacy Policy describes how Origin Lab Ltd ("we," "us," or "our") collects, uses, and protects information through our CharityChoice application ("the App") available on the Shopify App Store. We are committed to protecting the privacy of merchants and their customers while facilitating charitable donations through post-purchase experiences.

Contact Information:

Company: Origin Lab Ltd
Address: 24 St Ronans Drive, Peterculter, Aberdeen, Scotland
Email: originlabapps@gmail.com

2. Information We Collect

2.1 Order Information

We collect limited order-related information to facilitate charitable donations:

Order ID and reference numbers
Order total and currency
Donation amounts selected
Charity selections made by customers
Order confirmation status
Transaction timestamps

Important: We do NOT collect or access any personally identifiable information (PII) such as customer names, email addresses, phone numbers, or physical addresses.

2.2 Shop Information

From merchants who install our App, we collect:

Shop domain and ID
Shop name and currency settings
Shopify access tokens (encrypted and securely stored)
Shop configuration preferences
Charity listings and settings

2.3 Analytics Information

We use Google Analytics on our Shopify App Store listing page only to understand listing performance. This may include:

Page views and visitor statistics
Geographic location (country/region level)
Device and browser information
Traffic sources

3. How We Use Information

We use the collected information exclusively for:

Processing and tracking charitable donations
Displaying post-purchase charity selection options
Generating donation reports for merchants
Maintaining accurate financial records
Providing customer support to merchants
Improving our App functionality
Ensuring compliance with applicable laws

4. Data Storage and Security

4.1 Storage Locations

Your data is stored using:

Firebase/Firestore: For primary data storage
Google Cloud Platform: For webhook processing and cloud functions
Railway: For application hosting
Sentry: For error tracking and monitoring (no PII stored)

4.2 Security Measures

We implement industry-standard security measures including:

Encryption of data in transit (HTTPS/TLS)
Encryption of data at rest
Secure API authentication
Regular security audits
Access controls and authentication
Secure credential management

5. Data Sharing

We do not sell, rent, or trade any information. We share data only:

With service providers necessary for App operation (Firebase, Google Cloud, Railway, Sentry)
When required by law or legal process
To protect our rights or safety
With merchant consent

All third-party service providers are bound by confidentiality agreements and are only authorized to use information as necessary to provide services to us.

6. Data Retention

Active Merchants: We retain data indefinitely while the App remains installed and active
Inactive Merchants: Data is deleted one (1) year after App uninstallation
Transaction Records: Maintained for the same periods as above for accounting and legal compliance

7. GDPR Compliance

For merchants and customers in the European Economic Area (EEA) and United Kingdom:

7.1 Legal Basis

We process data based on:

Legitimate interests in providing our services
Contractual necessity to deliver App functionality
Legal obligations for financial record-keeping

7.2 Your Rights

You have the right to:

Access your data
Correct inaccurate data
Delete your data (subject to legal requirements)
Restrict processing
Data portability
Object to processing

To exercise these rights, contact us at originlabapps@gmail.com.

7.3 GDPR Data Requests

We have implemented automated webhook handlers for Shopify's GDPR webhooks:

Customer data requests
Customer redaction requests
Shop redaction requests

These are processed according to Shopify's requirements and applicable law.

8. International Data Transfers

As we operate worldwide, data may be transferred to and processed in countries outside your own. We ensure appropriate safeguards are in place for such transfers, including:

Standard contractual clauses
Adequacy decisions
Privacy Shield frameworks (where applicable)

9. Cookies and Tracking

We do not use cookies within the App itself
Google Analytics cookies are used only on our Shopify App Store listing page
No tracking occurs within merchant stores or during the checkout process

10. Children's Privacy

Our App is not directed to children under 16. We do not knowingly collect information from children. Since we don't collect customer PII, we cannot identify the age of end users.

11. Merchant Responsibilities

Merchants using CharityChoice are responsible for:

Ensuring their own privacy policies reflect the use of our App
Obtaining necessary consents from their customers
Complying with applicable privacy laws in their jurisdictions
Accurately representing the charity donation process to customers

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify merchants of material changes through:

Email notifications
In-app notifications

Continued use of the App after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, requests, or concerns:

Email: originlabapps@gmail.com
Mail: Origin Lab Ltd, 24 St Ronans Drive, Peterculter, Aberdeen, Scotland

We aim to respond to all privacy inquiries within 30 days.

14. Dispute Resolution

Any disputes relating to this Privacy Policy will be resolved through:

Good faith negotiations
Mediation (if necessary)
UK law governs this Privacy Policy

By installing or using CharityChoice, you acknowledge that you have read, understood, and agree to this Privacy Policy.