1. Introduction
This Privacy Policy explains how Meshtix ("we", "us", or "our") collects, uses, stores, and protects information when you use our Shopify application for event ticketing. We are committed to protecting the privacy of merchants and their customers.
By installing and using Meshtix, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Merchant Information
When you install Meshtix, we access the following information from your Shopify store:
| Data Type | Purpose |
|---|---|
| Shop name and domain | App functionality and identification |
| Contact email | Communication and support |
| Shop timezone | Accurate event date/time handling |
| Shop policies | Display on tickets (refund policy, etc.) |
| Shop logo | Branding on generated tickets |
| Location information | Event venue details and timezone |
2.2 Customer Information
When orders are placed in your store, we access the following customer information to generate tickets:
| Data Type | Purpose |
|---|---|
| Customer name | Display on tickets for identification |
| Customer email | Ticket association and order lookup |
| Customer phone (if provided) | Optional display on tickets |
| Shipping/billing address | Optional display on tickets |
2.3 Order Information
We process the following order data:
| Data Type | Purpose |
|---|---|
| Order ID and number | Ticket association and tracking |
| Line items | Determine ticket quantities and types |
| Order status | Ticket validity management |
| Payment status | Ticket generation triggers |
| Refund information | Ticket status updates |
2.4 Product Information
For products configured as events, we access:
| Data Type | Purpose |
|---|---|
| Product title and description | Display on tickets |
| Event dates | Ticket validity periods |
| Event location | Display on tickets |
| Product metafields | Custom event configuration |
2.5 Generated Data
Our app generates and stores:
| Data Type | Purpose |
|---|---|
| Tickets with unique IDs | Core app functionality |
| QR codes | Ticket validation at events |
| PDF ticket files | Ticket delivery to customers |
| Redemption records | Track ticket usage |
| Daily reports | Merchant analytics |
3. How We Use Information
We use the collected information for the following purposes:
3.1 Core Functionality
- Generate QR code-based tickets for event products
- Create PDF tickets for customer delivery
- Validate and redeem tickets at point-of-sale
- Track ticket status (valid, used, refunded)
3.2 Order Fulfillment
- Automatically create tickets when orders are paid
- Update ticket status on refunds
- Associate tickets with customer records
3.3 Merchant Features
- Generate redemption reports and analytics
- Display ticket information in Shopify admin
- Support POS ticket scanning and redemption
3.4 Communication
- Respond to support requests
- Send important service notifications
4. Data Sharing
4.1 We Do Not Sell Data
We do not sell, rent, or trade any merchant or customer data to third parties.
4.2 Third-Party Services
We use the following third-party services to operate our app:
| Service | Purpose | Data Shared |
|---|---|---|
| Cloud hosting provider | Application hosting | All app data (encrypted) |
| PDF generation service | Create ticket PDFs | Ticket content only |
4.3 Legal Requirements
We may disclose information if required by law, regulation, legal process, or governmental request.
5. Data Security
We implement appropriate technical and organizational measures to protect your data:
5.1 Encryption
- All data is encrypted in transit using TLS/SSL
- Data at rest is encrypted using industry-standard encryption
5.2 Access Controls
- Staff access to data is limited and logged
- Strong authentication required for all systems
5.3 Infrastructure
- Application hosted on secure, SOC 2 compliant infrastructure
- Regular security updates and monitoring
5.4 Incident Response
- We maintain security incident response procedures
- We will notify affected parties within 72 hours of a confirmed breach
6. Data Retention
6.1 Retention Periods
| Data Type | Retention Period |
|---|---|
| Order and ticket data | Until app uninstalled + 48 hours |
| Customer PII | Until deletion requested or app uninstalled |
| PDF ticket files | Until app uninstalled |
| Redemption reports | Until app uninstalled |
6.2 Data Deletion
- When you uninstall Meshtix, we retain data for 48 hours to allow for reinstallation
- After 48 hours, all shop data is permanently deleted
- Customer data deletion requests are processed within 30 days
7. Your Rights
7.1 Merchant Rights
As a merchant using Meshtix, you have the right to:
- Access: View all data we store about your shop
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (uninstall the app)
- Export: Request an export of your data
7.2 Customer Rights
Your customers have the right to:
- Access: Request their data through you (the merchant)
- Deletion: Request deletion of their personal data
- Opt-out: Opt out of data processing where applicable
7.3 Exercising Rights
To exercise any of these rights:
- Merchants: Contact us at the email below or uninstall the app
- Customers: Contact the merchant who can relay requests to us
We process data subject requests through Shopify's compliance webhook system, ensuring timely response to data access requests, data deletion requests, and shop data deletion (48 hours after uninstall).
8. GDPR Compliance
For users in the European Economic Area (EEA), we comply with GDPR requirements:
8.1 Legal Basis for Processing
- Contract: Processing necessary to provide our services
- Legitimate Interest: Processing for app functionality and security
- Consent: Where required for optional features
8.2 Data Processing Agreement
Merchants requiring a Data Processing Agreement (DPA) can contact us.
8.3 International Transfers
Data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place.
9. CCPA Compliance
For California residents, we comply with the California Consumer Privacy Act:
- We do not sell personal information
- Consumers can request disclosure of data collected
- Consumers can request deletion of their data
- We do not discriminate against users who exercise their rights
10. Children's Privacy
Our app is not intended for use by children under 13. We do not knowingly collect personal information from children under 13.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify merchants of significant changes via:
- Email notification
- In-app notification
- Update to the "Last Updated" date above
Continued use of the app after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@meshtix.com
Support: support@meshtix.com
13. Shopify App Store
This app is distributed through the Shopify App Store and complies with: