Privacy Policy
Geoffy is a product operated by ANT VENTURES LTD (company number 13933505). We are committed to protecting your privacy and complying with applicable data protection law, including the UK GDPR and EU GDPR where relevant.
1. Who We Are
ANT VENTURES LTD t/a Geoffy
Registered office: 7a, Robert House, 21 Station Rd, Chinnor, OX39 4PU, United Kingdom.
Contact email for privacy matters: legal@geoffy.net.
2. Data We Collect
2.1 Merchant and Store Data
When you install and use Geoffy as a Shopify app, we may collect:
- Shopify account and store identifiers.
- Store configuration and settings relevant to GEO.
- Product data (titles, descriptions, variants, tags, collections).
- Discount codes and promotion metadata.
- Usage data such as which features you access and when.
Personal data is processed only as instructed by the merchant and is not used for independent marketing or profiling purposes.
2.2 Website Visitors
When you visit geoffy.net, we may collect:
- IP address and general location (country or region).
- Browser and device information.
- Pages visited and basic analytics data.
- Cookie preferences (see Cookie Policy).
3. How We Use Data
We use data to:
- Provide and operate the Geoffy Service.
- Generate GEO Bundles and structured content for your store.
- Monitor performance, usage and reliability.
- Improve the accuracy, safety and usefulness of the Service.
- Comply with legal obligations and respond to lawful requests.
We may use aggregated and anonymised data to improve our algorithms and reporting. We do not sell your personal data.
4. GDPR & Shopify Data Protection
4.1 Data Controller and Processor Roles
Geoffy acts as a data processor on behalf of Shopify merchants. The merchant remains the data controller for any personal data processed through the Geoffy app. Shopify may also act as an independent data controller under its own privacy policy.
4.2 Shopify GDPR Webhooks
Geoffy complies with Shopify's mandatory GDPR webhooks and data protection requirements. We support and respond to the following Shopify webhook topics:
- customers/data_request – to acknowledge customer data access requests.
- customers/redact – to anonymise or delete customer-related personal data.
- shop/redact – to permanently delete store data and credentials.
- app/uninstalled – to clean up store data when the app is removed.
These webhooks are authenticated using Shopify's HMAC verification and are processed automatically.
4.3 Data Deletion and Anonymisation
Upon receipt of a valid Shopify GDPR webhook or when a merchant uninstalls the app, Geoffy will:
- Delete stored access tokens and credentials.
- Remove or anonymise customer-related personal data, including email addresses used for discount claims.
- Retain only non-personal, aggregated, or anonymised operational metadata where legally required.
Deletion actions are irreversible.
4.4 Logging and Data Minimisation
Geoffy does not log personal data such as customer names or email addresses in application logs. Logs contain only minimal, non-identifying metadata required for security, auditing, and operational reliability.
5. Legal Bases for Processing
We rely on the following legal bases:
- Contract – to provide the Service you have requested.
- Legitimate interests – to improve the Service, maintain security and prevent abuse.
- Consent – for optional cookies and similar technologies where required.
6. Data Sharing and Sub-processors
We may share data with:
- Shopify, as part of the normal operation of a Shopify app.
- Cloud hosting and infrastructure providers.
- Analytics and logging tools.
We only use sub-processors where necessary and ensure appropriate data protection measures are in place. A list of key sub-processors is available on request.
7. International Transfers
Data may be processed in the United Kingdom, the European Economic Area or other jurisdictions where our service providers are located. Where we transfer personal data outside the UK or EEA, we will use appropriate safeguards such as standard contractual clauses where required.
8. Retention
We retain merchant and store data only for as long as your account is active. Upon app uninstallation or receipt of a Shopify GDPR webhook request, store credentials and associated personal data are deleted or anonymised without undue delay. Logs and backups are retained for limited periods solely for security and operational purposes.
9. Your Rights
Depending on your location, you may have rights to:
- Access your personal data.
- Rectify inaccuracies.
- Request erasure of your personal data.
- Restrict or object to certain processing.
- Request a copy of your data in portable form.
To exercise these rights, contact legal@geoffy.net. We may need to verify your identity before responding.
10. Cookies
We use cookies and similar technologies on geoffy.net for essential functionality and basic analytics. For more information, please see our Cookie Policy.
11. Contact and Complaints
If you have any questions or concerns about this Privacy Policy, please contact legal@geoffy.net. You may also have the right to lodge a complaint with your local data protection authority.