Privacy Policy

Last updated: August 3, 2025

Introduction

SpicyMagic ("we", "our", or "us") operates the SpicyMagic application (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

Information We Collect

Store Information

  • Store domain and basic store information
  • Store contact email address
  • Shopify API access tokens (encrypted)
  • Billing and subscription information

Product Information

  • Product IDs and basic product data
  • Product display rules you configure
  • Metafields we create for product protection

Analytics Data

We collect anonymized analytics to help you understand your campaign performance:

  • Number of personalized experiences served
  • Geographic distribution (country/state level)
  • Campaign source identifiers
  • Timestamp of visits

Technical Data

For the purpose of providing geo-targeted experiences:

  • IP addresses (temporarily processed, not stored)
  • User agent strings (hashed for security)
  • Campaign tracking parameters (e.g., fbclid, gclid)

How We Use Information

We use the collected data for various purposes:

  • To provide and maintain our Service
  • To deliver geo-targeted product experiences
  • To track and report on campaign performance
  • To prevent abuse through rate limiting
  • To send usage notifications and billing updates
  • To provide customer support
  • To detect, prevent and address technical issues

Data Retention

We retain data only as long as necessary:

  • Analytics data: 90 days rolling window
  • Temporary session data: Automatically expires after 60 minutes
  • Store information: Until you uninstall the app
  • Billing records: As required by law (typically 7 years)

Data Security

We implement industry-standard security measures:

  • All data transmitted over encrypted HTTPS connections
  • Database encryption at rest
  • Hashed storage of sensitive identifiers
  • Regular security audits and updates
  • Access controls and authentication

Third-Party Services

We use the following third-party services:

  • Shopify: App platform and payment processing
  • Supabase: Database hosting (SOC2 compliant)
  • Upstash: Redis caching (GDPR compliant)
  • MaxMind: GeoIP location services
  • Resend: Email notifications
  • Sentry: Error tracking and monitoring

Your Data Rights

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain data processing

GDPR Compliance

For European Union residents, we comply with GDPR requirements:

  • Legal basis for processing: Legitimate business interests and contract fulfillment
  • Data minimization: We only collect necessary data
  • Right to be forgotten: You can request complete data deletion
  • Data portability: Export your data at any time
  • Privacy by design: Security built into our systems

CCPA Compliance

For California residents, we comply with CCPA requirements:

  • We do not sell personal information
  • You can opt-out of data collection
  • No discrimination for exercising privacy rights
  • Transparent data practices

Children's Privacy

Our Service is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.

Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for material changes

Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: privacy@spicymagic.app
  • Support: https://spicymagic.app/support

This privacy policy is provided in English only. By using our Service, you acknowledge that you have read and understood this policy.