Privacy Policy
Last updated: March 19, 2026
1. Overview
OfferEngine ("the App") is a Shopify application developed by Vasta Inc. This Privacy Policy describes how we collect, use, and protect information when you install and use OfferEngine on your Shopify store.
2. Information We Collect
When you install OfferEngine, we access the following data through Shopify's API: • Store information: shop domain, currency, and timezone. • Order data: product IDs and order totals used to determine which upsell offer to display after checkout. • Session data: authentication tokens stored securely in our database to maintain your login session. • Analytics events: anonymized records of offer views, acceptances, and declines linked to checkout reference IDs, with no connection to individual customer identities.
3. How We Use Your Information
We use the collected data solely to: • Display relevant post-purchase upsell offers to your customers. • Track funnel performance and provide analytics in your dashboard. • Maintain authenticated sessions for app administrators. We do not sell, rent, or share your data with third parties for marketing purposes.
4. Data Storage & Security
All data is stored in a PostgreSQL database hosted on Supabase with encrypted connections (TLS). Access tokens are stored encrypted at rest. We retain order-related analytics data for as long as your store has the app installed. Upon uninstallation, session data is automatically deleted.
5. Customer Data (GDPR Compliance)
OfferEngine supports Shopify's mandatory privacy webhooks: • customers/data_request: we provide any stored data associated with a customer upon request. • customers/redact: we delete analytics events linked to a customer's orders upon request. • shop/redact: we delete all store data within 30 days of app uninstallation. Merchants are responsible for informing their own customers about data processing in accordance with applicable laws (GDPR, CCPA, etc.).
6. Third-Party Services
OfferEngine uses the following third-party infrastructure: • Shopify API: reads products and processes upsell orders. • Supabase: database hosting. • DigitalOcean: server hosting. These providers have their own privacy policies and security certifications.
7. Your Rights
As a merchant, you may request access to, correction of, or deletion of your store's data at any time by contacting us at info@vasta.me. We will respond within 30 days.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via the app dashboard or email. Continued use of the app after changes constitutes acceptance of the updated policy.
9. Contact
If you have questions or concerns about this Privacy Policy, please contact us: Vasta Inc. info@vasta.me