Effective date: July 16, 2026 · Last updated: July 16, 2026
This Privacy Policy describes how XLOXI PVT LTD (“XLOXI,” “we,” “us,” or “our”) collects, uses, and shares information in connection with the Offrefy Shopify application and related marketing website (together, the “Service”). This is a standard SaaS policy template for a Shopify app — written to be clear and readable, not a substitute for specialized legal advice for your jurisdiction.
1. Who we are
Offrefy is operated by XLOXI PVT LTD. Offrefy is a Shopify embedded app that helps merchants configure quantity-break and volume discount campaigns, display storefront widgets, and apply automatic discounts at cart and checkout via Shopify Discount Functions.
Contact for privacy requests: offrefy@xloxi.com
2. Scope
This policy covers (a) the Offrefy Shopify app used by merchants inside Shopify Admin, (b) related backend services that sync discount rules and analytics, and (c) the Offrefy marketing website. It does not replace Shopify’s own privacy policy or the privacy practices of a merchant’s storefront toward their customers.
3. Information we collect
We collect information needed to operate Offrefy for your shop. We do not sell personal customer PII.
- Shop identifiers: shop domain, shop ID, and related Shopify installation metadata.
- Shop-scoped settings and campaign configurations (offers, tiers, targeting rules, appearance settings, schedules, translations).
- Analytics events generated by the Offrefy widget and web pixel (for example widget impressions, add-to-cart interactions, and conversion-related metrics), stored with shop-scoped analytics identifiers.
- Order attribution signals received via Shopify webhooks (such as orders/paid) for merchant reporting inside Offrefy.
- Support communications you send to offrefy@xloxi.com (name, shop domain, message content).
- Marketing website data: standard server logs and any information you submit via contact forms.
4. Shopify OAuth and Admin API access
When you install Offrefy, you authorize access via Shopify OAuth. We use Admin API access solely to provide the Service — for example reading products/collections needed for offer targeting, managing the Offrefy automatic discount Function, writing metafields or related sync data required for storefront rules, registering webhooks, and reading order data needed for attribution analytics.
We access only what is required for Offrefy’s features under the scopes granted at install. We do not use Admin API access to market unrelated products to your customers.
5. Webhooks and GDPR mandatory topics
Offrefy registers Shopify webhooks required to operate and to comply with Shopify’s mandatory GDPR webhooks, including:
- customers/data_request — to help fulfill customer data requests routed through Shopify.
- customers/redact — to delete or redact customer-related data we may store when Shopify instructs us to do so.
- shop/redact — to delete shop-scoped data after uninstall / redact timelines required by Shopify.
- Operational webhooks such as orders/paid (for attribution) and other topics needed to keep discounts and analytics in sync.
6. Web pixel and consent
Offrefy’s analytics web pixel is configured for analytics purposes. Marketing and preferences consent categories are not used for Offrefy analytics collection, and sale_of_data is disabled. Pixel behavior respects Shopify’s customer privacy / consent settings where applicable. Merchants remain responsible for configuring their storefront privacy banner and regional requirements.
7. Cookies and local storage (marketing site)
The Offrefy marketing website may use essential cookies or local storage needed for basic site function (for example remembering a UI preference if dark mode is enabled by the visitor). We do not use the marketing site to sell personal data. If we add optional analytics cookies in the future, we will update this policy and provide appropriate controls.
8. How we use information
We use collected information to:
- Provide, maintain, and improve Offrefy’s discount engine, widgets, sync, and analytics.
- Authenticate the shop installation and enforce plan limits.
- Respond to support, billing, privacy, and partnership requests.
- Comply with legal obligations and Shopify platform requirements.
- Protect the security and integrity of the Service.
9. Sharing and third parties
We share information only as needed to run the Service:
- Shopify — platform authentication, billing, storefront/checkout execution, and webhook delivery.
- Hosting providers (for example Vercel or equivalent) — application hosting and infrastructure logs.
- Email providers — to send and receive support messages.
- In-app chat (for example Crisp), if enabled inside the Offrefy admin — used for merchant support conversations only; not for selling customer PII.
We do not sell merchant or customer personal information. We may disclose information if required by law, to protect rights and safety, or in connection with a corporate transaction involving XLOXI, subject to appropriate safeguards.
10. Data retention and deletion
We retain shop-scoped configuration and analytics for as long as the app remains installed and as needed to provide historical reporting, then delete or anonymize according to our operational schedules and Shopify’s redact requirements.
On uninstall, Shopify’s shop/redact process triggers deletion of shop data we store for Offrefy after the applicable waiting period. Merchants may also email offrefy@xloxi.com to request deletion assistance.
11. International transfers
XLOXI may process data in countries other than where the merchant or their customers are located. Where required, we use appropriate safeguards for cross-border transfers consistent with applicable law and our subprocessors’ practices.
12. Children’s privacy
Offrefy is directed to businesses (Shopify merchants), not to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact offrefy@xloxi.com and we will take appropriate steps.
13. Security
We implement reasonable technical and organizational measures appropriate to the nature of a Shopify app (access controls, encrypted transport, least-privilege API usage). No method of transmission or storage is perfectly secure; merchants should also protect their Shopify staff accounts with strong authentication.
14. Your choices and rights
Depending on your location, you may have rights to access, correct, delete, or restrict certain personal data, or to object to certain processing. For Offrefy-related requests, email offrefy@xloxi.com. For customer data that lives primarily in Shopify or on your storefront, Shopify’s tools and your own privacy policy may be the primary path.
15. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of Offrefy after an update constitutes acceptance of the revised policy where permitted by law. Material changes may also be communicated in-app or by email when appropriate.
16. Contact
Privacy requests and questions: offrefy@xloxi.com
Operator: XLOXI PVT LTD / Offrefy
Effective date: July 16, 2026