Gift Flow

PrivacyTermsData Processing Addendum

Last updated: June 22, 2026

Privacy Policy

This policy explains how Gift Flow collects, uses, protects, and deletes personal data when merchants use the app to offer multi-recipient checkout.

Gift Flow is operated by outBloom Apps and built for Shopify stores. Shopify remains the primary commerce platform and source of truth for products, customers, checkouts, orders, draft orders, refunds, and merchant staff access. Gift Flow processes the app-held data needed to prepare multi-recipient orders, support refunds, and respond to privacy requests.

Who This Policy Covers

This policy applies to merchants and merchant staff who install or use Gift Flow, and to customer or recipient personal data that Gift Flow processes on behalf of a merchant store.

Store customers should normally contact the merchant directly about privacy requests, orders, refunds, or delivery questions. Shopify may also send privacy compliance webhooks to Gift Flow so the app can help the merchant respond.

Data Gift Flow Processes

DataHow it is used
Merchant and shop dataShop domain, app sessions, granted scopes, app settings, plan/status data, gift-option configuration, product or variant targeting, country cache, payment setup state, and merchant-entered Google Maps keys.
Recipient address dataRecipient first name, last name, address lines, city, province/state, postcode/ZIP, country, and selected shipping option. This is used to create recipient draft orders and child orders.
Checkout contact dataCustomer email, phone, Shopify customer ID, cart/session identifiers, and customer address IDs where needed to prepare draft orders, calculate totals, or associate a checkout with a logged-in customer.
Saved customer addressesIf a logged-in customer chooses a saved address, Gift Flow reads available Shopify customer addresses. If the customer chooses to save an address, Gift Flow asks Shopify to create that customer address.
Gift-option and cart dataMerchant-configured gift-option answers, line-item properties, variant IDs, quantities, discount information, shipping choices, totals, and currency codes used to prepare and verify the multi-recipient checkout.
Order, draft order, and refund dataParent payment order IDs, child order IDs, draft order IDs, refund IDs, refund amounts, order status, payment status, and reconciliation data used to create child orders, show status, and mirror linked refunds.
Privacy request dataMinimal Shopify privacy request rows containing request IDs, topic, status, Shopify customer/order IDs, hashed email or phone values, matched-record counts, and timestamps. Gift Flow does not store the full privacy webhook payload.
Operational logs and metricsConcise warning/error logs and aggregate metrics used for reliability, security, API cost monitoring, and incident response. Production logs are designed not to include full webhook payloads, recipient addresses, order IDs, or customer data.

Why Gift Flow Uses Data

  • To let customers assign one cart to one or more recipient addresses.
  • To calculate shipping, discounts, taxes, and totals for recipient groups before checkout.
  • To create Shopify child draft orders, a parent payment checkout, and recipient child orders after supported payment is confirmed.
  • To show merchants and customers the relationship between parent payment orders and recipient child orders.
  • To mirror refunds from linked recipient child orders back to the parent payment order where needed.
  • To process Shopify privacy webhooks for customer data requests, customer redaction, shop redaction, and uninstall cleanup.
  • To secure, monitor, debug, and improve app reliability without using customer data for advertising or unrelated analytics.

What Gift Flow Does Not Do

  • Gift Flow does not sell, rent, or trade personal data.
  • Gift Flow does not use customer or recipient data for advertising, profiling, or unrelated analytics.
  • Gift Flow does not collect payment card numbers. Customer payment is completed through Shopify checkout.
  • Gift Flow does not use personal data for automated decision-making that has legal or similarly significant effects.
  • Gift Flow does not need social security numbers, government IDs, health data, or other sensitive data for normal use.

Third Parties and Subprocessors

ProviderPurpose
ShopifyPrimary commerce platform for products, carts, customers, draft orders, orders, refunds, app installation, access scopes, app proxy, webhooks, and Shopify-hosted checkout.
RenderCurrent public production hosting, database, backups, and application infrastructure for Gift Flow.
cron-job.orgExternal scheduler for authenticated Gift Flow maintenance, retention, redaction, retry, and recovery jobs. It may process scheduler endpoint metadata, the configured schedule secret, request timing/status, and aggregate job summaries. Scheduled job responses do not include customer or recipient data.
Better StackMonitoring and alerting for sanitized operational logs and metrics when configured.
Google Maps PlatformOptional address autocomplete in the browser and optional server-side address validation when Gift Flow or merchant-owned Google Maps keys are configured. Manual address entry remains available.

Retention and Deletion

Gift Flow keeps personal data only for as long as needed to provide the app, support refunds and reconciliation, complete privacy requests, maintain security, or meet operational requirements.

  • Low-risk terminal checkout attempts are deleted after the current 30-day app database retention window when no order linkage, cleanup, conversion, retry, or reconciliation work remains.
  • Converted checkout attempts are minimized after they become stable: recipient, customer, checkout-session, fingerprint, and invoice URL data is removed while order IDs, financial summaries, refund linkage, and retry state needed for operations are retained.
  • Terminal refund mirror rows are deleted after the current 30-day retention window. Shopify refund and order records remain in Shopify.
  • Completed and no-matching-data privacy request rows are deleted after the current 30-day retention window. Pending, processing, or retry-pending rows are retained until they reach a terminal status.
  • On uninstall and Shopify shop redaction, Gift Flow deletes shop-scoped app sessions, settings, country cache, checkout attempts, refund mirror records, child refund locks, and privacy requests, then leaves only a minimal redacted lifecycle tombstone.

Shopify-hosted order, draft order, customer, fulfillment, and refund records remain governed by Shopify platform controls and the merchant's legal retention obligations.

Security

  • Admin pages require Shopify admin authentication.
  • Storefront app-proxy requests are authenticated by Shopify.
  • Webhooks are authenticated by Shopify before processing.
  • Scheduled jobs require a shared schedule secret.
  • Production app traffic uses HTTPS/TLS.
  • Production database records and backups are protected by the hosting/database provider's encryption controls.
  • Production logs are concise and sanitized to avoid customer data, full webhook payloads, order IDs, and large API responses.
  • Authenticated privacy request export views and downloads are logged as sanitized personal-data access audit events without recipient addresses, customer IDs, order IDs, or export JSON.

Merchant and Customer Choices

Merchants can configure Gift Flow settings, decide whether optional Google address services are used, pause Gift Flow checkout during store changes, uninstall the app, and use Shopify privacy request workflows.

Customers should contact the merchant that operates the store to access, correct, or delete order-related personal data. Where Shopify sends a customer data request or redaction request to Gift Flow, the app processes the app-held data it controls for that merchant shop.

Contact and Updates

Use this contact for support, privacy, data protection, and security questions about Gift Flow.

outBloom Apps

hello@outbloom.apps

7 Arlington GardensLondonW4 4EZUnited Kingdom

Gift Flow may update this policy as the app, providers, or legal requirements change. If a UK data protection concern is not resolved, individuals may contact the Information Commissioner's Office.