Privacy Policy

Last Updated: January 31, 2026

MustHave ("we," "us," or "our") operates MustHave: Upsell, a Shopify application that helps merchants present post-purchase upsell offers to Shopify store owners ("the App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our App.

By installing or using MustHave: Upsell, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information Collected Through Shopify

When you install MustHave: Upsell, we access specific information from your Shopify store through the Shopify API to enable post-purchase upsell functionality:

  • Product Information: We read your product catalog (names, descriptions, prices, images) to display as upsell options to customers. We may update product data to track upsell performance metrics.
  • File Storage: We read and write files to store upsell offer configurations, templates, and analytics data related to your store.
  • Market Information: We read market data to ensure upsell offers display correctly across different regions and markets your store operates in.
  • Store Metadata: Shop name, shop domain, and subscription status to manage your app installation and billing.

1.2 Information You Provide Directly

We may collect information you voluntarily provide, such as:

  • Communications when you contact our support team
  • Feedback, feature requests, or bug reports
  • Survey responses

1.3 Automatically Collected Information

When you access our App admin dashboard, we automatically collect:

  • Usage data about upsell offer creation and management
  • Performance metrics (offer impressions, conversions, AOV impact)
  • Error logs and diagnostic information for troubleshooting

2. How We Use Your Information

We use the information we collect specifically for providing post-purchase upsell functionality:

  • To deliver upsell offers to your customers - Display relevant product recommendations at post-purchase moments
  • To configure and manage upsell campaigns - Enable you to create, test, and optimize offer flows through our admin dashboard
  • To track offer performance - Measure conversions, AOV impact, and provide analytics to optimize your upsells
  • To process your subscription and billing - Performance of contract
  • To communicate about support and service-related matters - Legitimate interest
  • To detect and prevent technical issues or security vulnerabilities - Legitimate interest

3. Data Storage and Security

3.1 Where We Store Your Data

Your data is stored on secure cloud infrastructure. We utilize industry-standard security measures, including:

  • Encryption of data at rest and in transit (TLS/SSL)
  • Access controls and authentication mechanisms
  • Regular security assessments

3.2 Data Retention

We retain your information for as long as your account is active or as needed to provide you with the App. Specifically:

  • Active accounts: Data is retained for the duration of your subscription
  • Cancelled accounts: Data is retained for up to 90 days to facilitate potential reactivation, after which it is deleted
  • Support communications: Retained for up to 2 years for quality assurance and legal purposes

You may request deletion of your data at any time by contacting us.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Shopify: Hosts the App and processes installation, authentication, and product/file API requests
  • Payment processors: To handle subscription billing
  • Cloud hosting providers: To store offer configurations and performance analytics

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, such as subpoenas, court orders, or government inquiries.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

5. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

5.1 For All Users

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request a copy of your data in a portable format

5.2 For European Economic Area (EEA) and UK Residents

Under the General Data Protection Regulation (GDPR) and UK GDPR, you also have the right to:

  • Object to processing based on legitimate interests
  • Restrict processing of your personal information
  • Withdraw consent at any time (where processing is based on consent)
  • Lodge a complaint with your local data protection authority

5.3 For California Residents

Under the California Consumer Privacy Act (CCPA), you have the right to:

  • Know what personal information is collected, used, and disclosed
  • Request deletion of your personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at musthaveupsell@gmail.com.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer personal information from the EEA, UK, or Switzerland, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequate data protection laws

7. Children's Privacy

MustHave: Upsell is designed for use by Shopify merchants and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

8. Third-Party Links

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy with a new "Last Updated" date
  • Sending an email notification to the address associated with your account (for significant changes)

Your continued use of the App after any changes indicates your acceptance of the updated Privacy Policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

MustHave
Email: musthaveupsell@gmail.com

We will respond to your inquiry within 30 days.

This Privacy Policy is effective as of January 31, 2026.