Legal
Privacy Policy
Last updated:
This document explains what information HustlePop (the “App”) collects, why we collect it, and what we do with it. HustlePop is a Shopify app that helps merchants run popup experiences, connect storefront traffic to the App through an app proxy, and (when you turn those features on) work with related store settings such as themes, discounts, and metaobjects. Throughout this policy, “we,” “us,” and “our” refer to the legal entity that operates the App. “You” means the merchant who installs the App. Shoppers are people who visit a merchant’s storefront and interact with popups or other surfaces the App powers.
Shopify runs its own platform. When you use Shopify, Shopify’s terms and privacy policy apply to Shopify’s services. This policy only covers how we handle information in connection with HustlePop.
If you are a shopper, the merchant is usually the one who decides why your data is collected. We process shopper information on the merchant’s instructions to deliver the features they enable. For most privacy requests, you should start with the store you bought from; we describe how we help merchants and Shopify with compliance below.
1. Who is responsible for your information?
| Role | Value |
|---|---|
| Data controller (for merchant and App operational data) | SideHustleX |
| Privacy contact | contact@hustlepops.com |
Use the email above for questions about this policy or requests about personal data we hold in connection with the App.
2. What we collect
2.1 From Shopify when you install or use the App
Installing the App through Shopify allows us to receive and use the minimum data needed to sign you in, identify your store, and perform the functions you expect. That typically includes:
- Store identifiers (for example, shop domain and internal IDs) so we can match our records to the correct shop.
- Account-related details Shopify provides in the install or admin context, such as contact email and plan or billing-related signals that Shopify exposes to apps, where applicable to operating the App.
- Access credentials in the form Shopify issues for API use (we store and use these in line with our security practices so the App can call Shopify on your behalf).
The permissions you approve at install time define what we can request from Shopify. As of the date above, the App may be configured to request scopes such as: read metaobject definitions, read metaobjects, read themes, write app proxy, write discounts, write metaobject definitions, and write metaobjects. The exact list shown in Shopify at installation is the one that applies to your store.
We use that access to power features you configure (for example, popup and related content, app proxy traffic, and discount or metaobject workflows tied to those features). We do not use OAuth tokens for unrelated purposes.
2.2 Data you (the merchant) generate inside the App
We store configuration and operational records needed to run the service, which may include:
- Popup and campaign configuration (layout, text, rules, and similar settings).
- Performance or engagement metrics the App records for your popups (for example, aggregate counts where the feature exists).
- Other settings you save while using the merchant-facing parts of the App.
2.3 Data from shoppers on your store
If a shopper interacts with a popup or related flow, we may process:
- Information they submit (for example, an email address for a list or a promotion).
- Technical metadata that accompanies a normal web request, such as IP address, user agent, and timestamps, which we use for security, abuse prevention, routing, and reliability.
The merchant is responsible for having a lawful basis and a clear notice for that collection, where the law requires it.
2.4 Compliance and lifecycle signals from Shopify
We subscribe to webhooks and processes required for app operations and privacy compliance, which may include app uninstall and mandatory privacy topics Shopify specifies (for example, customer data request, customer redact, and shop redact). We use the payloads only to meet our obligations under Shopify’s program rules and applicable law.
2.5 When you browse our site or the App’s web surfaces
When you or your staff use our pages, we and our infrastructure partners may process device and connection data (such as IP address, browser type, and general region derived from the request), usage logs (pages or endpoints requested, time, and success or error signals), and small identifiers stored in cookies or similar storage. We use this information to run the service, keep it secure, and understand reliability issues. We may use “pixels” or tags on our own properties in line with that same purpose. You can control cookies through your browser settings; disabling some cookies can limit certain features.
If we add third-party analytics or support ticketing tools to our public website or our support workflow, we will use them to understand product usage or respond to you, and we will link to the relevant provider’s privacy documentation where required. A current list of material subprocessors (hosting, database, email, etc.) is available on request or in our Partner / listing materials when published.
3. How we use information
We process personal data to:
- Provide, maintain, and secure HustlePop, including authentication, App Proxy and API routes, and the features you enable.
- Communicate with you about the App, security, and support (for example, responding to the email you use with Shopify or that you provide to us).
- Improve and troubleshoot the product, including fraud prevention and error diagnosis.
- Send product-related information about HustlePop and our other offerings only where the law allows and you have not opted out where an opt-out applies.
- Comply with law, enforce our terms, and respond to valid requests from public authorities, courts, or Shopify’s compliance program.
We do not sell your personal information in the “sale” sense used by many U.S. state laws. We do not use shoppers’ contact details for our own marketing unless that is a separate, clearly disclosed practice (it is not the default purpose of the App).
4. Legal bases (EEA, UK, Switzerland, and similar)
Where GDPR-style laws apply to our own processing, we may rely on:
- Contract — to provide the App you asked us to run.
- Legitimate interests — to keep our systems secure, fix bugs, and protect users, balanced against your rights.
- Legal obligation — where the law compels a certain retention or disclosure.
- For shoppers’ data, we usually act as a processor on the merchant’s instructions; the merchant’s legal basis applies to the shopper relationship.
5. Retention and uninstall
We keep merchant and configuration data for as long as you use the App and for a limited period afterward where needed for legal, accounting, or security reasons, unless the law requires longer retention.
If you use subscriber lists or similar data, we keep that for as long as the feature requires or until deletion is triggered by you, a redaction or erasure request we handle in line with Shopify’s program, or uninstall procedures.
When the App is uninstalled, we follow our internal procedures and Shopify’s requirements to stop processing for that shop and to delete or de-identify personal data, except where a narrow legal or security need requires keeping minimal records.
7. Your rights
Merchants: Depending on your location, you may have the right to access, correct, delete, object, restrict processing, or port your data. Contact contact@hustlepops.com. We will respond within the time frame required by law.
Shoppers: Contact the merchant first. We will work with the merchant and Shopify as needed when a valid privacy webhook or other lawful process applies.
8. Children
HustlePop is not intended for use by children, and we do not knowingly collect personal data from children. If you believe a child’s data was collected, contact us and we will take appropriate steps.
9. Changes
We may update this policy. We will change the “Last updated” date and, if the change is material, provide additional notice when practical (for example, by email to the address associated with your install or a notice in the App).