Legal

Privacy Policy

Last updated: February 17, 2026

Expresso Gift Cards, "the App," provides the ability for Shopify merchants to generate gift cards in bulk, optionally schedule them for future delivery, and email them to recipients.

This Privacy Policy describes how personal information is collected, used, stored, and shared when the App is installed and used in connection with a Shopify-supported store.

Personal Information the App Collects

When the App is installed, the following information is accessed from the merchant's Shopify account:

  • Shop domain
  • Shopify ID
  • Owner email
  • Owner name

Additionally, the following types of information may be collected:

  • Merchant data: Information entered into the app, such as gift card details, including recipient name, email address, gift card amount, custom messages, internal notes, custom codes, and expiration dates.
  • Customer data: For merchants using the app, data such as customer name and email address may be collected to facilitate the creation and delivery of gift cards. Customer accounts may be created in Shopify on the merchant's behalf.
  • Import history: Records of gift card creation batches, including timestamps, success/failure counts, and scheduling details.
  • App usage data: Information about how the app is used, including actions taken, browser type, and time zone.

How Personal Information is Used

Personal information is collected to:

  • Provide and enhance the App's core functionality, such as creating, scheduling, and managing bulk gift cards.
  • Allow merchants to resume incomplete sessions and maintain a history of imports for reference.
  • Monitor and resolve errors to ensure app reliability.
  • Communicate with merchants regarding app updates, features, or support inquiries.
  • Ensure compliance with legal obligations and prevent fraud or misuse of the app.

Sharing Personal Information

We only share information when necessary to provide the service or comply with legal requirements. Third-party services we use include:

  • Neon: For secure database storage and session management.
  • Vercel: For application hosting and serverless deployment.
  • Sentry: For error monitoring and performance tracking to maintain app reliability.
  • Upstash (QStash): For reliable execution of scheduled gift card imports.

We do not sell personal information to third parties.

GDPR Compliance

The App implements Shopify's mandatory GDPR webhooks:

  • Customer data request: Returns all stored data associated with a customer upon request.
  • Customer data erasure: Deletes all stored data associated with a customer.
  • Shop data erasure: Deletes all stored data associated with a shop upon app uninstallation or request.

Your Rights

For Residents of the European Economic Area (EEA):

  • You have the right to access, update, or delete your personal information.
  • If you wish to exercise these rights, contact us at support@anatolilabs.com.

For California Residents (CCPA):

  • You have the right to know what personal data we collect and how it's used.
  • You may request deletion of your data or opt out of data sharing.

Data Retention

We retain merchant and customer data as long as necessary to provide our services. Data is stored securely in Neon's encrypted PostgreSQL database. Upon uninstalling the App, data is retained to allow merchants to resume their work if they reinstall the App. You may request data deletion at any time by contacting support@anatolilabs.com.

Contact Us

Was this article helpful?

Your feedback helps us improve our documentation.