Rebolt Bundle App Privacy Policy
Welcome to Webcontrive Technologies Pvt. Ltd., your trusted provider of web application services. Our team is dedicated to offering innovative apps exclusively for merchants leveraging the Shopify platform for their e-commerce websites. Below, you'll find a comprehensive list of all the apps owned and operated by Webcontrive Technologies Pvt. Ltd. ("Webcontrive", "we", "us", "our").
- Rivyo Product Reviews & QA
- Rebolt - Bundle Products
- Native Subscriptions
- Wishlist Club
- AddUp Checkout Upsell
- Engines ‑ Discount Box
This Privacy Policy (for Merchants and Website Visitors) is a vital aspect of our Terms of Service and Websites Terms of Service. It explains how we collect, use, and protect your personal information as a Merchant or Website Visitor. Rest assured, we prioritize your privacy and ensure compliance with all relevant policies and procedures.
We take data protection seriously and are dedicated to complying with applicable laws, including the General Data Protection Regulation (GDPR). Our commitment to safeguarding your personal information is a top priority, and we have implemented robust measures to ensure compliance and protect your privacy.
The Service is intended for individuals aged 18 and above. We do not knowingly collect any information or data from individuals under the age of 18, nor do we permit individuals under the age of 18 to use the Service. Safeguarding the privacy and protection of children is a priority for us.
Please be aware that this Policy is subject to occasional updates. We will ensure that any modifications to this Policy are prominently displayed on our Service prior to their effective date. Moreover, if we have your email address on record, we will make reasonable attempts to notify you via email about significant revisions to this Policy.
What we collect and why
Information Collection and Purpose: When you install or access the Service, we collect certain data to serve the following purposes:
Identification: We use the collected information to accurately identify you and ensure the smooth operation of the Service, allowing you to fully utilize its features and functionality.
Technical Support: The information enables us to provide you with necessary technical support and assistance, including the delivery of updates and other relevant communications related to the Service.
Information Obtained from Your Shopify Account
We collect the following details from your Shopify account:
- Full name: To identify you accurately and personalize your experience with the Service.
- Address: To ensure proper communication and provide location-specific services if applicable.
- Email address: To communicate important information, updates, and notifications regarding the Service.
- Cell phone number: To facilitate communication and deliver relevant updates or notifications.
Additionally, we obtain information related to your Shopify store for enhanced functionality.
Information Collected During Service Usage
Device Information and Analytics: When using the Service, we collect device information and analytics for the following reasons:
Security and monitoring: We utilize this data to ensure the Service's security and detect any potential security breaches or unauthorized activities.
Interaction analysis: By analyzing how you interact with the Service, we can personalize your experience, optimize its development, and improve its overall functionality.
Gathering Meta Data and Analytics Information
To optimize the Service and gain valuable insights, we collect the following information:
Meta Data: This includes information about your computer or mobile device, operating system, and browser. It assists us in ensuring compatibility and delivering an enhanced user experience.
Analytics Information: We collect data about your Service usage, such as frequency, scope, actions taken, and interactions made. Furthermore, we gather analytics about your store, providing valuable insights for improved performance.
Contacting Us and Referral Links
When you reach out to us through our Service or request a referral link, we use the information provided for the following purposes:
- Operating the Service and ensuring its functionality and features.
- Addressing and responding to your inquiry or request.
- Engaging in business development activities.
Inquiry Information: When you submit an inquiry, we collect the following information - Full Name, Email, URL, Business type, and any additional details you provide. While you are not legally obligated to provide this information, please note that if you choose not to share it with us, we may be unable to effectively respond to your inquiry.
Consent for Marketing Purposes
When you provide your consent for us to use your information for marketing purposes, we may use it to deliver promotional materials, offers, and updates related to our products or services.
We will utilize your information to send you marketing communications regarding our services, including updates about new services that we believe may be relevant to you. If you wish to opt out of receiving these marketing communications, you can send an email to support@webcontrive.com or follow the instructions provided in our marketing communications. By opting out, we will cease using your information for marketing purposes, while still processing and utilizing the necessary information to provide you with the Service.
Use of Cookies on the Service
Cookies are utilized on the Service to fulfill specific features requested by Website Visitors, analyze Service usage to assess and enhance performance, improve the overall Website Visitor experience, and deliver personalized ads that align with the Website Visitor's interests.
During your use of the Service, we capture information such as your IP address, access timestamp, device type and browser details, preferred language, interactions, and the actions executed while utilizing the Service.
Personal Information Collection Methods and Sources
We gather personal information from various sources, which may include:
Shopify Integration: When you install and utilize the Service through the Shopify app store, we receive information directly from Shopify.
Direct Interaction: Personal information provided by you through our Service contact forms and email communications.
Shopify Store Customers: Information obtained from customers of Shopify stores who use the Service or leave reviews.
Service Providers: Personal information shared by our service providers who assist in the operation of the Service.
Device and Analytics: Collection of personal information through your device, including third-party cookies, analytics tools, and our internal event tracking system.
Personal Information Disclosure
Except for the situations indicated below or if you give us your express, informed consent, we won't disclose your information to third parties.
Your personal information will be disclosed to our service providers, who will only use it as required to help us run our company and the Service internally and not for their own marketing initiatives.
Here is a list of the service providers we work with:
- Digital Ocean
- CloudFlare Inc.
- Helpscout
- Sendinblue
- Mailerlite
In the event of a violation of the law, we may be required to share your information with competent authorities. This includes situations where we need to respond to, handle, and mitigate suspected violations of law in connection with our business. Such sharing may involve communication with competent authorities, legal counsels, and advisors who are involved in the legal process.
In certain circumstances, if a judicial, governmental, or regulatory authority mandates the disclosure of your information, we may be obligated to comply with such requests. This includes situations where we receive a binding request from a competent authority, and we are legally required to disclose your information.
In the event that the operation of the Service or our business undergoes a reorganization or is conducted through a different legal structure or entity, we may share your information to facilitate such changes. This includes enabling a structural shift in the operation of the Service and our business. The recipients of this information may include the target entity involved in a merger or acquisition, as well as legal counsels and advisors.
Data Retention and Security
We will retain your information for as long as necessary to operate the Service, conduct our business, and maintain interactions with you. Additionally, we may retain your personal information beyond this period to fulfill our legal obligations, resolve disputes, establish and defend legal claims, and enforce our agreements. Our general retention period is approximately 10 years, ensuring compliance with record-keeping requirements and maintaining data security.
To minimize the risks of information damage, loss, and unauthorized access or use, we have implemented security measures. However, it is important to understand that no security measure can provide absolute information security. While we make every effort to protect your personal information, we cannot guarantee that it will be entirely immune to information security risks.
Additional Information for EU and UK Residents
For individuals residing in the European Union (EU) or the United Kingdom (UK), the processing of your personal information is subject to the General Data Protection Regulation (GDPR) and other applicable data protection laws. In addition to the information outlined in this Privacy Policy, we would like to provide you with the following details:
Webcontrive fulfills the roles of the data controller and data processor for the personal information detailed in this Policy. As the data controller, Webcontrive is accountable for the personal information obtained from Website Visitors. When processing personal information on behalf of Users, Webcontrive serves as the data processor, adhering to the guidelines outlined in our Data Processing Addendum and Privacy Policy for Merchant's Customers.
International Data Transfers
In the event that we need to transfer your information from the EU to countries outside the European Commission's recognized list of countries with adequate data protection, we will make every effort to do so in accordance with a data transfer agreement. This agreement will include standard data protection contract clauses that incorporate appropriate safeguards as determined by the EU Commission and the UK Information Commissioner's Office.
Legal Basis for Processing Personal Data
Service Operation: The processing of your personal data is carried out to operate the Service and ensure its features and functionality. This processing is necessary for the performance of our contractual obligations as outlined in the Terms of Service. Additionally, it is based on our legitimate interest in providing a reliable and user-friendly Service experience.
Technical Support and Assistance: The processing of your personal data for the purpose of providing technical support and assistance is justified by our legitimate interest in promoting our business. This includes keeping Merchants and Website Visitors updated about new features, improvements, and other pertinent information regarding the Service.
Security and Monitoring Purposes: We process your personal data for security and monitoring purposes in order to protect the integrity and security of our Service. This processing is based on our legitimate interests in safeguarding our systems and ensuring a secure environment for our users.
Service Development and Enhancement: The processing of your personal data for the purpose of developing and improving the Service is justified by our legitimate interest in ensuring that our offering meets the needs and preferences of our users. By analyzing usage patterns and gathering feedback, we can make informed decisions to enhance the features and performance of the Service.
Subscription and Account Integration: The processing of your personal data to enable your subscription to the Service and link your chosen plan to your account is justified by the necessity to fulfill our contractual obligations and our legitimate interest in delivering the Service as requested by you. This ensures a seamless user experience and enables us to provide you with the features and functionalities of the Service.
Handling Inquiries and Referral Requests: When you make an inquiry or request a referral, we process your personal data to effectively respond to and address your needs. This processing is essential for operating the Service, delivering its features and functionalities, and ensuring smooth business development operations.
Processing Feedback and Reviews: We process your feedback and reviews to further develop and improve our business and Service. This processing is driven by our legitimate interest in enhancing our offerings, addressing your feedback, and providing you with an exceptional user experience.
Cookie Usage: The use of cookies on the Service is based on our legitimate interests. These interests include fulfilling your service requests and personalizing the Service to align with your preferences. By employing cookies, we aim to enhance your overall experience with the Service.
Interests in Addressing Legal Violations: We have a legitimate interest in defending and enforcing violations of the law that could potentially harm our business. Consequently, we may respond to, handle, and mitigate suspected violations in order to protect our interests and ensure compliance with applicable laws and regulations.
Compliance with Binding Requests: We may be required to comply with binding requests from competent authorities. This is based on our legitimate interests in adhering to mandatory legal requirements that are imposed on us.
Changes for Business Continuity: We may need to enable structural changes in the operation of the Service and our business. This is based on our legitimate interests in ensuring business continuity and adapting to the evolving needs of our users.
Data Subject Rights Under the GDPR (EU/UK)
If you are located in the EU or the UK, you have the following rights regarding your personal data under the General Data Protection Regulation (GDPR):
Right to Access: Under the GDPR, you have the right to access and receive a copy of the personal information that we process about you. This allows you to verify the lawfulness and accuracy of your data.
Right to Rectify: If we hold inaccurate or incomplete personal information about you, you have the right under the GDPR to request rectification and completion of such data. This ensures that your personal information is accurate, up-to-date, and complete.
Right to Withdraw Consent: You have the right to easily and at any time withdraw your consent to the processing of your personal data for our marketing purposes or the use of non-essential cookies on our Service. Please note that the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Data Portability: You have the right to data portability, which means you can request to receive the personal information you provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another person or entity. If technically feasible, you can even request that your personal information be transmitted directly from us to the person or entity you specify.
Right to Object: You have the right to object to our processing of your personal information based on our legitimate interests. However, please note that we may override your objection if we can demonstrate compelling legitimate grounds for the processing, or if we need to process the personal information for the establishment, exercise, or defense of legal claims.
Right to Restrict Processing: You have the right to request the restriction of processing of your personal information, except for its storage, in the following situations: (a) if you believe the personal information is inaccurate, for a period that allows us to verify its accuracy; (b) if the processing is unlawful and you prefer to restrict the processing rather than requesting deletion; (c) if we no longer need the personal information for the purposes stated in this Policy, but you require it for the establishment, exercise, or defense of legal claims; or (d) if you object to our processing based on our legitimate interests, during the period while we assess whether our legitimate grounds override yours.
Right to be Forgotten: You have the right to request the erasure of your personal information under certain circumstances. If you object to the processing of your personal information based on our legitimate interests and there are no overriding legitimate grounds for the processing, you can ask us to erase your personal information. However, please note that we may still process your personal information if it is necessary to comply with our legal obligations or for the establishment, exercise, or defense of legal claims. To exercise this right, please contact us using the contact details provided in this Policy.
To ensure the security and protection of your personal information, we reserve the right to ask for reasonable evidence to verify your identity when you contact us for information or to exercise your rights. If we are unable to fulfill your request, we will provide a clear explanation for the inability to do so, while maintaining the highest standards of privacy and data protection.
If you believe that your rights under applicable data protection laws have been violated, you have the right to lodge a complaint with your local data protection authority. If you are located in the EU, you can also lodge a complaint with the supervisory authority in the Member State where you reside, work, or believe the infringement of the GDPR has occurred.
Data Storage Policy for Meta Platform Data
At Webcontrive, we prioritize the security and confidentiality of Meta platform data. To safeguard this sensitive information, it is strictly prohibited to store Meta platform data on organizational devices such as laptops, tablets, and any other company-owned equipment, as well as on removable media such as USB devices and phones. This policy aims to prevent unauthorized access, data breaches, and potential data leaks that may arise from storing Meta platform data on vulnerable devices.
Prohibition of Data Storage: All personnel with access to Meta platform data are strictly forbidden from storing any such data on organizational devices, including but not limited to laptops, desktop computers, tablets, and other company-owned equipment. It is equally prohibited to store Meta platform data on removable media, such as USB devices, external hard drives, personal phones, or any other portable storage devices. This prohibition extends to both physical and digital storage formats.
Authorized Data Access: Access to Meta platform data will be granted only to authorized personnel only. Authorized persons can only access Meta platform data using approved methods, which may include secure login portals, encrypted connections, and Multi-Factor Authentication.
App and Systems Testing Policy for Meta Platform Data
At Webcontrive, we are committed to ensuring the security and privacy of Meta platform data. To comply with Meta policies and maintain a high level of data protection, we require regular testing of our applications and systems that handle Meta platform data. This policy establishes the frequency and scope of testing to identify vulnerabilities and ensure the robustness of our data-handling processes.
- 1. App Testing Frequency
All applications and systems that store and process Meta platform data undergo testing once every twelve (12) months. The testing schedule will be managed by the Webcontrive IT security team in collaboration with relevant stakeholders.
- 2. Scope of Tests
- 2.1 Security Testing: Security testing will assess the applications and systems for potential vulnerabilities, security flaws, and weaknesses that could lead to unauthorized access, data breaches, or other security incidents. This testing will encompass:
a. Penetration Testing: To find possible entry holes and measure how well the current security measures are working, simulated attacks will be carried out. b. Vulnerability Assessment: Systematic scans will be performed to discover and address any known vulnerabilities in the applications and systems. c. Authentication and Authorization Testing: Verification of access controls and authorization mechanisms will be conducted to ensure proper user permissions. d. Data Encryption Evaluation: The efficacy of data encryption measures will be evaluated to protect data during storage and transmission.
- 2.2. Data Integrity Testing: Data integrity testing will verify the accuracy and consistency of Meta platform data throughout its lifecycle, from data creation to processing and storage.
- 2.3. Performance Testing: Performance testing will assess the applications and systems’ response times, resource utilization, and scalability to handle the expected data load.
- 2.4. Disaster Recovery and Business Continuity Testing: Disaster recovery and business continuity plans will be tested to ensure data recovery and system resilience in case of a critical incident.
- 2.5. Code Review and Security Best Practices: Regular code reviews will be conducted to identify coding issues and adherence to security best practices during application development.
- 3. Responsibility and Reporting
- 3.1. The IT security team, in coordination with relevant departments, will be responsible for planning and executing the testing procedures.
- 3.2. Test results and findings will be documented, and appropriate stakeholders, including management and relevant teams, will be informed.
- 3.3. If any critical vulnerabilities or weaknesses are identified, immediate actions will be taken to address and remediate them.
Policy for Securing Meta App Secrets and Access Tokens
At Webcontrive, we recognize the importance of safeguarding Meta app secrets and access tokens to ensure the security and confidentiality of Meta platform data. To comply with Meta policies and industry best practices, it is mandatory for all applications using Meta Platform Data to store secrets and access tokens securely in a vault or a Key Manager. This policy outlines the requirements and responsibilities for protecting Meta app secrets and access tokens to maintain compliance with Meta policies and prevent potential security breaches.
- 1. Scope
- 1.1. This policy applies to all applications developed, maintained, or operated by Webcontrive that interact with Meta Platform Data.
- 1.2. Meta app secrets refer to confidential information such as API keys, client IDs, and client secrets used to authenticate and authorize access to Meta APIs.
- 2. Utilization of Vault or Key Manager
- 2.1. All Meta app secrets and access tokens are securely stored in a vault or a Key Manager system approved by the Webcontrive.
- 2.2. The vault or Key Manager follows security policies such as encryption-at-rest and encryption-in-transit to protect the stored secrets.
- 2.3. Access to the vault or Key Manager is restricted to authorized personnel only, and access controls are regularly reviewed and updated.
- 3. Responsibility and Compliance
- 3.1. The application development teams and relevant IT personnel are responsible for implementing and maintaining the security measures outlined in this policy.
- 3.2. Compliance with this policy is mandatory for all applications using Meta Platform Data.
- 3.3. Failure to comply with this policy may result in disciplinary actions as per the organization’s security policies and may lead to suspension of access to Meta Platform Data.
- 4. Regular Audits and Compliance Monitoring
- 4.1. The organization will conduct periodic audits and security assessments to ensure compliance with this policy.
- 4.2. Non-compliance or vulnerabilities identified during the audits must be promptly addressed and remediated.
- 5. Policy Review
- 5.1. This policy will be reviewed periodically to ensure its effectiveness and alignment with changing security standards, regulations, and organizational requirements.
- 6. Acknowledgment
- By implementing this policy, Webcontrive ensures its commitment to protecting Meta app secrets and access tokens and complying with Meta policies. All personnel involved in application development and data handling are expected to adhere to this policy to maintain the highest level of data security and confidentiality.
Get in Touch
We value your questions, comments, and concerns regarding this Policy and the processing of your personal information. Feel free to contact us at support@webcontrive.com