Privacy Policy for MatchLabs

Last updated: April 14, 2026

1. Controller

MatchLabs
Daniel Werpel
Erlenstraße 35, D-90556 Seukendorf
daniel.werpel@gmail.com

2. Overview

MatchLabs ("the App") is a Shopify app that allows merchants to collect anonymous product preference data from storefront visitors through a swipe interface.

3. Data We Collect

Merchant data:

• Shop domain
• Shopify session tokens
• Campaign configuration, including product pools, reward codes, and design settings

Storefront visitor data:

• Anonymous session tokens (randomly generated and stored in browser localStorage)
• Swipe interactions, such as liked or disliked product IDs

We do not actively collect or use personal data such as names or email addresses from storefront visitors.

4. Server Logs

Our hosting provider may automatically process technical data such as IP addresses, browser information, timestamps, and request metadata in server logs. This data is used for security, stability, and technical administration.

5. Purpose and Legal Basis of Processing

We process data for the following purposes:

• To provide and operate the App and its features
• To authenticate merchants through Shopify
• To track campaign completion and issue discount codes
• To provide aggregated and anonymous analytics to merchants
• To maintain security and technical stability

The legal basis for processing is:

• Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract
• Art. 6(1)(f) GDPR, where processing is necessary for our legitimate interests in operating, securing, and improving the App

6. Data Retention

Merchant data is retained for as long as the App is installed. Merchant and session-related data is permanently deleted within 48 hours after app uninstallation, unless legal retention obligations apply.

7. Third-Party Services

We use the following third-party service providers:

• Railway – application hosting and database storage
• Shopify – authentication, platform integration, and billing

These providers may process data on our behalf to the extent necessary for the operation of the App.

8. International Data Transfers

As the App is available internationally, data may be processed in countries outside the European Union or the European Economic Area. Where required, we use appropriate safeguards, including Standard Contractual Clauses, to ensure an adequate level of data protection.

9. GDPR and Data Requests

We comply with Shopify's mandatory GDPR webhooks where applicable. Merchants may request data deletion by uninstalling the App or contacting us directly using the contact details below.

10. Your Rights

Under applicable data protection law, you may have the right to:

• Request access to your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Request restriction of processing
• Object to processing
• Request data portability
• Lodge a complaint with a supervisory authority

11. Contact