Swipewrap Privacy Policy

Swipewrap "the App" provides Digital Gift Wrap "the Service" to merchants who use Shopify to power
their stores. This Privacy Policy describes how personal information is collected, used, and shared when
you install or use the App in connection with your Shopify-supported store.
The security of your Personal Information is important to us, but remember that no method of
transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use
commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute
security. 
As a evidence of our commitment to your privacy, Swipewrap is committed to subject to the Principles,
all personal data received from the EU in reliance on the Privacy Shield
https://www.privacyshield.gov/list
Personal Information the Service Collects.
When you install the App, we are automatically able to access certain types of information from your
Shopify account:
o Read Shop Info
We read your shop info, so that we can maintain your account registration, make available
invoices for usage of the service, and provide secure support.
o Read customers
We get notified of customers who register with you on your store (if applicable). This
information is used to support those customers when they use swipewrap, and to minimize the
information we need to collect from them, in order to send their gifts.
o Read & Write script tags
Script Tags are the Shopify mechanism by which we can add the Swipewrap functionality to your
store’s pages. We write a script-tag which in tern loads the Swipewrap functionality onto the
pages for your customers to use.
o Read & Write products
We get notified of changes to your product catalogue, so that we may provide digital gift
wrapping of those products when requested by your customers. We need the Names,
Descriptions, and Images of those products.
We also install into your catalogue, and additional product, which is the Swipewrap product,
which gets added to your customer’s cart when they choose to use our service.
o Read orders
When a customer check’s out from your store, we receive order information, and updates to
that order. We use that order information, to fulfill any Swipewrap product orders that the
customer has purchased through your store.

Any orders which do not, contain any Swipewrap items are DISCARDED, and not stored.
o Read & Write fulfillments
The Swipewrap app, acts as a fulfillment service, like a digital warehouse for supplying the
Swipewrap products that your customer has ordered. Fulfillment requests are your indication to
us, that you wish that order to be sent.
o Read Gift Cards
If your store supports Gift Cards, then optionally, you may elect to allow Gift Cards to be sent
within a Swipewrap. (This is a common use of Swipewrap). In order to do so, we collect the Gift
Card number, to embed it in the Swipewrap.
Additionally, we collect the following types of personal information from your customers once you have
installed the App:
o Recipient Identity
As part of the customization of the Swipewrap, we collect from your customer, personal
information of the recipient of the gift wrap, in order that we can send then the wrap. Including:
o Name
o Email Address
o Phone Number (optional)
o Social Media Identity (optional)
o Any other information the customer chooses to include within the gift wrap.
This information is ONLY associated with the Swipewrap in order to deliver the digital gift.
We collect personal information directly from the relevant individual, through your Shopify account, or
using the following technologies:
"Cookies" are data files that are placed on your device or computer and often include an
anonymous unique identifier. For more information about cookies, and how to disable cookies,
visit http://www.allaboutcookies.org. We use a Session Cookie containing an anonymous
unique identifier to ONLY identify your store and associate your store with your account in the
Swipewrap administrator dashboard.
"Log files" track actions occurring on the Site, and collect data including your IP address,
browser type, Internet service provider, referring/exit pages, and date/time stamps. We may
use "Google Analytics" (or equivalent) service to monitor our services in order to improve our
service to you.
How Do We Use Your Personal Information?
We use the personal information we collect from you and your customers in order to provide the
Service and to operate the App. Additionally, we use this personal information to:
o Communicate with you;
o Optimize or improve the App;

Sharing Your Personal Information
Swipewrap group and third party sub-processors: In order to provide services and technical support for
our products, the contracting entity within the Swipewrap group engages other group entities and third
parties.
Employees and independent contractors : We may provide access to your service data to our employees
and individuals who are independent contractors of the Swipewrap group entities involved in providing
the services (collectively our "employees") so that they can identify, analyze and resolve errors. We
ensure that access by our employees to your service data is restricted to specific individuals and is
logged and audited. Our employees will also have access to data that you knowingly share with us for
technical support or to import data into our products or services. We communicate our privacy and
security guidelines to our employees and strictly enforce privacy safeguards within the Swipewrap
group.
Collaborators and other users: Some of our products or services allow you or your customers to
collaborate with other users or third parties. Initiating collaboration may enable other collaborators to
view some of your information. For example, when a customer sends a Swipewrap, their name and
email address, and the shop’s product information may be shared with the recipient.
Finally, we may share your Personal Information to comply with applicable laws and regulations, to
respond to a subpoena, search warrant or other lawful request for information we receive, or to
otherwise protect our rights.
Your Rights If you are a European resident, you have the right to access personal information we hold
about you and to ask that your personal information be corrected, updated, or deleted. If you would like
to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to
fulfill contracts we might have with you (for example if you make an order through the Site), or
otherwise to pursue our legitimate business interests listed above. Additionally, please note that your
information will be transferred outside of Europe, including to Canada and the United States.
Data Retention
When you place an order through the Site, we will maintain your Order Information for our records
unless and until you ask us to delete this information, through Shopify, or at the contact information
below.
When un-installing the service, Shopify may request through APIs that your shop’s information and
customer information is deleted. We shall conform to these requests.
However, Swipewrap must still retain accounting information, as legally required as an operating
business, which may identify your business, and contain records of transactions with your business, and
your customers. Including, but not limited to:
o Purchases, Purchase Orders and Purchase Journal
o Invoices: Sales to Customers and Credit Memos
o Trial Balance information

o Electronic Payment Records
o Production and Sales Reports
o General Ledger, Subsidiary Ledgers
These records will be retained as legally required (typically 7 years), but will not contain un-necessary
How and Where we store your information
Swipewrap operates using ‘Cloud’ based services, only from reputable, highly secure, trusted
companies.
Our main operational database, is hosted by Microsoft Azure and is synchronized across the following
Microsoft Cloud Regions:
o US_WEST
Microsoft Azure Privacy Policy can be found at: https://privacy.microsoft.com/en-
us/PrivacyStatement
We also store information within our cloud-based management service, which is hosted by Zoho.
Information stored include Customer Relationship Management, and Accounting information
(http://zoho.com/)
Zoho’s Privacy Policy can be found at: https://www.zoho.com/privacy.html
This information is accurate as of 6/26/2020, and will be updated if this changes due to operational
reasons.
Changes
We may update this privacy policy from time to time in order to reflect, for example, changes to our
practices or for other operational, legal or regulatory reasons.
What is the EU-US Privacy Shield?
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of
Commerce, and the European Commission and Swiss Administration, respectively, to provide companies
on both sides of the Atlantic with a mechanism to comply with data protection requirements when
transferring personal data from the European Union and Switzerland to the United States in support of
transatlantic commerce. On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield
Framework adequate to enable data transfers under EU law. On January 12, 2017, the Swiss
Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal
mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the
United States.
The Privacy Shield program is administered by the International Trade Administration (ITA) within the
U.S. Department of Commerce. To join the Privacy Shield Framework, a U.S.-based organization is
required to self-certify to the Department of Commerce and publicly commit to comply with the
Framework’s requirements. While joining the Privacy Shield Framework is voluntary, once an eligible

organization makes the public commitment to comply with the Framework’s requirements, the
commitment becomes enforceable under U.S. law.
For further information, see: https://www.privacyshield.gov/Individuals-in-Europe
Our Obligations under EU-US Privacy Shield
a. An organization must inform individuals about:
i. its participation in the Privacy Shield and provide a link to, or the web address for, the
Privacy Shield List, https://www.privacyshield.gov/list
ii. the types of personal data collected and, where applicable, the entities or subsidiaries of
the organization also adhering to the Principles,
iii. its commitment to subject to the Principles all personal data received from the EU in
reliance on the Privacy Shield,
iv. the purposes for which it collects and uses personal information about them, 
v. how to contact the organization with any inquiries or complaints, including any relevant
establishment in the EU that can respond to such inquiries or complaints, 
vi. the type or identity of third parties to which it discloses personal information, and the
purposes for which it does so, 
vii. the right of individuals to access their personal data, 
viii. the choices and means the organization offers individuals for limiting the use and
disclosure of their personal data,
ix. the independent dispute resolution body designated to address complaints and provide
appropriate recourse free of charge to the individual, and whether it is:

(1) the panel established by DPAs,
(2) an alternative dispute resolution provider based in the EU, or
(3) an alternative dispute resolution provider based in the United States, 
x. being subject to the investigatory and enforcement powers of the FTC, the Department
of Transportation or any other U.S. authorized statutory body,
xi. the possibility, under certain conditions, for the individual to invoke binding arbitration,
xii. the requirement to disclose personal information in response to lawful requests by
public authorities, including to meet national security or law enforcement requirements,
and
xiii. its liability in cases of onward transfers to third parties.
b. This notice must be provided in clear and conspicuous language when individuals are first asked
to provide personal information to the organization or as soon thereafter as is practicable, but in
any event before the organization uses such information for a purpose other than that for which
it was originally collected or processed by the transferring organization or discloses it for the
first time to a third party. 

Contact Information
Contact Us For more information about our privacy practices, if you have questions, or if you would like
to make a complaint, please contact us by e-mail at [email protected] or by
mail using the details provided below:
Swipewrap Data Protection Officer
4934 Amador Drive
Oceanside CA, 92056