DeveloppyPartners
Sign inApply

Legal

Privacy Policy

Last updated: May 2026

1. Data controller

The data controller is Developpy, an independent Shopify product studio based in Italy. For any privacy-related question, contact hello@developpy.io.

2. What we collect

  • Account data: full name, email, password (hashed), referral ID, business type.
  • Payout data: PayPal email address.
  • Referral data: Shopify shop domain, customer name, theme charge amount, uploaded receipt files.
  • Transactional data: commissions, payouts, PayPal batch IDs, statuses.
  • Technical data: minimal server logs needed to operate the service securely.

3. Why we process it (legal basis)

  • Performance of contract (Art. 6(1)(b) GDPR) — to run the Program, verify referrals, and pay commissions.
  • Legal obligation (Art. 6(1)(c) GDPR) — to keep accounting and tax records.
  • Legitimate interest (Art. 6(1)(f) GDPR) — to prevent fraud and secure the service.

4. Who processes it

We rely on a small set of vetted processors who act on our written instructions:

  • Lovable Cloud / Supabase — application database, authentication and file storage.
  • PayPal — payout execution.
  • Cloudflare — hosting, CDN, and edge security.

Some processors may transfer data outside the EU under Standard Contractual Clauses.

5. How long we keep it

Account and referral data is retained for as long as you have an active partner account. After deletion, we keep the minimum information required by tax and accounting law (typically 10 years in Italy) and purge everything else.

6. Your rights

Under the GDPR you have the right to access, rectify, delete, restrict, and port your personal data, and to object to its processing. To exercise any of these rights, write to hello@developpy.io. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

7. Security

Receipts and personal data are stored in private buckets and encrypted in transit and at rest. Access is restricted via row-level security policies and admin role checks.

8. Cookies

We use only strictly necessary cookies to keep you signed in. We do not use marketing or analytics cookies on this site at this time.

9. Changes

We may update this Privacy Policy as the service evolves. Material changes will be communicated by email to your registered partner address.