This Privacy Policy explains how Rezz ("Rezz", "we", "our") collects, uses, and protects information and personal data when merchants install and use the Rezz digital gifting app in the Shopify App Store.
Rezz acts as a data processor; the merchant remains the data controller at all times.

Questions? Contact us at: moc.tfigzzer%40troppus

1. Who we are

Rezz is a digital gifting technology that enables merchants on Shopify to offer gifting functionality to their customers. Rezz is operated by THE SUNNY FIG FZCO, a free zone company registered in the UAE.
Rezz acts solely as a technical intermediary and data processor. The merchant (the Store) remains the data controller and is responsible for determining the purposes and means of processing personal data collected through their store.

2. What Data We Collect

When a merchant installs Rezz, we access and process the following categories of data through Shopify's APIs and the gifting flow:

2.1 Data Collected via Shopify APIs

Merchant information
• Merchant store name• Store email• Store domain• Shopify store owner contact information• Store settings and configuration
This information is used solely to operate the App and provide our services.
Order and Product Information
To enable gifting functionality, we may access:

• Product information
• Product pricing
• Product images
• Product inventory status
• Order information related to gifts created through Rezz

Gift Recipient Information
When a merchant's customer sends a gift using Rezz, we may process limited information about the recipient, including:

• Receiver information: Email address or phone number (if provided)
• Gift message content
• Gift redemption status
• Order and transaction status data
• Conversion event data (e.g., gift-to-store-credit conversions)
• Delivery address (only if the recipient accepts delivery)

This data is processed solely to deliver and manage the gift experience.

2.2 Technical & Usage Information

We may collect technical data including:
• App usage events
• Log files
• Device information
• IP address (anonymised where possible)
• API call logs and error logs for debugging and service reliability

This helps us maintain security and improve the app.

3. How We Use the Data We Collect

We use the data we collect solely to provide and improve the Rezz service. Specifically, we use data to:• Operate the digital gifting flow of Rezz• Generate gift links and redemption pages• Allow recipients to choose delivery or store credit• Process gift redemptions• Improve app performance and user experience• Provide support to merchants• Maintain security and prevent fraud
• Transmit Receiver delivery addresses to the merchant's fulfillment system• Provide merchants with usage analytics and reporting within the Rezz dashboard• Detect and prevent fraud, abuse, or suspicious activity• Respond to merchant and customer support requests• Comply with applicable legal obligations
We do not sell personal data.
Important: Rezz does not sell, rent, or share personal data with third parties for advertising, marketing, or commercial purposes. Data is processed solely to deliver the Rezz gifting service. Information is shared with Shopify as required to operate the app within the Shopify ecosystem.

3. Sharing of Information

We only share information when necessary to operate the App.
ShopifyInformation is shared with Shopify as required to operate the app within the Shopify ecosystem.
Service Providers• We may use trusted third-party services to operate the platform, such as:• Hosting providers• Email and messaging providers• Analytics tools• Cloud infrastructure providers
These providers process data only on our behalf.

4. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy or as required by applicable law:• Gifting transaction data (buyer/receiver details, order data): retained for up to 24 months from the date of the transaction, unless the merchant requests deletion earlier• Merchant account data: retained for the duration of the merchant's active relationship with Rezz, and for up to 12 months following account termination• Activity logs: retained for up to 12 months for security and audit purposes• Support communications: retained for up to 36 months• Voucher data: We retain limited data required for voucher access and redemption
Merchants may request deletion of their data at any time by contacting .moc.tfigzzer%40troppus

5. Data Sharing & Third-Party Services

Rezz relies on the following categories of third-party services to operate. All sub-processors are contractually obligated to protect personal data in accordance with applicable laws:
• Shopify (e-commerce platform APIs) for accessing order and merchant data
• Cloud hosting providers for storing and processing data securely
• Email delivery services for sending gift notifications to Receivers
• Analytics providers for monitoring platform performance (anonymised data only)
Rezz does not share personal data with unaffiliated third parties except as required by law, court order, or to protect the rights and safety of Rezz, its merchants, and users.

6. International Data Transfers

Rezz is operated from the UAE. Data may be processed by our hosting and infrastructure providers in servers located outside the UAE, including in the European Economic Area (EEA), United Kingdom, or United States.
Where personal data is transferred outside the country of origin, Rezz ensures adequate safeguards are in place, including:
• Standard Contractual Clauses (SCCs) for transfers involving EEA or UK data
• Adequacy decisions where applicable
• Binding contractual protections with all sub-processors

7. Individual Data Rights

Depending on your jurisdiction, individuals (including merchants' customers) may have the following rights regarding their personal data:• Right of access — to request a copy of the data we hold• Right to rectification — to correct inaccurate data• Right to erasure — to request deletion of personal data• Right to restriction — to limit how we process data• Right to data portability — to receive data in a structured, machine-readable format• Right to object — to object to processing based on legitimate interests
Since the merchant is the data controller, requests from end users relating to data held within a merchant's store should be directed to the merchant. Where requests relate to data Rezz holds as a processor, merchants may submit them on behalf of their customers to: moc.tfigzzer%40troppus

8. Security Measures

Rezz implements reasonable and appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure. These include:
• Encryption of data in transit (TLS) and at rest
• Encrypted storage of gift card codes
• Access controls and role-based permissions for Rezz staff
• Regular security reviews and vulnerability assessments
• Fraud monitoring to detect and block suspicious activity

In the event of a data breach that poses a risk to individuals, Rezz will notify affected merchants and, where required by law, relevant data protection authorities, without undue delay.

9. Cookies & Tracking Technologies

Rezz uses cookies and similar tracking technologies on Rezzgift.com and within the Rezz gifting widget embedded in merchant stores. These are used to:
• Ensure the gifting widget functions correctly
• Analyse traffic and usage patterns to improve the service
• Maintain session state during a gifting flow

Merchants are responsible for ensuring their store's cookie policy and consent mechanism covers the use of Rezz tracking technologies. Rezz does not use cookies for advertising or cross-site tracking purposes.

10. Merchant Responsibilities

As the data controller, the merchant is responsible for:
• Ensuring their own privacy policy discloses the use of Rezz and its data practices
• Informing their customers that gifting services are provided through Rezz
• Obtaining any necessary consents from end users for data processing activities
• Responding to data subject requests from their customers
• Complying with all applicable privacy and data protection laws in their jurisdiction relating to customer data

By installing Rezz, the merchant authorises Rezz to access and process personal data as a data processor solely for the purposes described in these terms and this Privacy Policy.

11. Shopify API Data Usage & Compliance

Rezz uses the Shopify API to access and process certain store and customer data necessary to operate the App. Rezz only accesses Shopify data that is required to provide the gifting functionality, such as product information, order information, and limited customer data related to gift transactions.
Rezz commits to the following with respect to Shopify API data:
• Only use Shopify API data for the purposes described in this Privacy Policy
• Not sell, rent, or share Shopify merchant data with third parties for marketing or advertising purposes
• Not use Shopify API data for unrelated services or applications
• Process Shopify data only as necessary to provide the App's gifting functionality to merchants

Rezz complies with the requirements of the Shopify API License and Terms of Use regarding the use and protection of Shopify data.

12. Data Deletion After App Uninstall

If a merchant uninstalls the Rezz app from their Shopify store, Rezz will delete or anonymise all stored Shopify store data associated with that merchant within 365 days of uninstall, unless retention is required for legal or security purposes.
After uninstall:
• Access to the merchant's Shopify store data is immediately revoked
• Any stored merchant-related data is scheduled for deletion
• Backup systems containing merchant data are overwritten during routine backup cycles

Merchants may also request earlier deletion of their data by contacting .moc.tfigzzer%40ofni Please include your store name and Shopify store domain in the request.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we do, we will update the 'Last Updated' date at the top of this document and notify merchants via the Rezz dashboard or by email for material changes.
Continued use of Rezz following notification of changes constitutes acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of personal data, please contact us at:
Rezz Privacy Team — THE SUNNY FIG FZCO
Email: moc.tfigzzer%40troppus
Website: www.rezzgift.com
Jurisdiction: Dubai, UAE (Free Zone)

For data deletion or access requests, please include your store name and
the nature of your request so we can respond promptly.