Skip to content
Features
Loyalty Program Wallet Pass Omnichannel Automation All Features
Resources
Case Studies Use Cases Partners Blog Support API Docs
Pricing
Book a Demo Start Free Trial

Privacy Policy

Last updated: March 21, 2026

Leuqim OÜ (registry code 17195491), trading as JeriCommerce, with registered address at Männimäe/1, 74626 Kuusalu vald, Harju maakond, Estonia ("we", "us", "our"), is the data controller for the personal data processed through the website jericommerce.com and the JeriCommerce application.

Contact: hello@jericommerce.com

1. Data We Collect

1.1 Merchant Data (our direct customers)

  • Account information — name, email address, company name, Shopify store URL.
  • Billing information — processed and stored by Shopify; we do not store payment card details.
  • Usage data — feature usage, login events, IP address, browser type, device information.
  • Support communications — emails, chat messages, and any attachments you send us.

1.2 End-Customer Data (your customers)

When merchants use JeriCommerce, we process certain data about their customers on the merchant's behalf as a data processor:

  • Identification data — name, email, phone number (as provided by the merchant's Shopify store).
  • Loyalty data — points balance, tier status, reward redemptions, referral activity.
  • Wallet pass data — pass serial number, device type (Apple/Google), installation status, push notification tokens.
  • Transaction data — order history synced from Shopify to power loyalty features.

1.3 Website Visitors

  • Analytics data — pages visited, referral source, session duration, device and browser information.
  • Contact form data — name, email, company, and message content submitted voluntarily.

2. Legal Basis for Processing (GDPR Art. 6)

Purpose Legal Basis
Providing the JeriCommerce service Performance of a contract (Art. 6(1)(b))
Processing end-customer data on behalf of merchants Legitimate interest of the merchant / Data Processing Agreement (Art. 6(1)(f), Art. 28)
Sending service-related communications Legitimate interest (Art. 6(1)(f))
Marketing emails (only if opted in) Consent (Art. 6(1)(a))
Website analytics Legitimate interest (Art. 6(1)(f))
Legal obligations (tax, fraud prevention) Legal obligation (Art. 6(1)(c))

3. How We Use Your Data

  • Provide, maintain, and improve the JeriCommerce platform.
  • Process loyalty transactions — points accrual, reward redemptions, tier calculations.
  • Deliver wallet passes and push notifications to end customers.
  • Respond to support requests and communicate service updates.
  • Analyze usage to improve features and user experience.
  • Comply with legal obligations.

4. Data Sharing

We do not sell personal data. We share data only with:

  • Shopify Inc. — billing, app hosting, and order/customer data sync.
  • Apple Inc. / Google LLC — wallet pass delivery and push notification infrastructure.
  • Klaviyo — when the merchant activates the Klaviyo integration, loyalty data is synced to Klaviyo.
  • PostHog — product analytics (website and app usage).
  • Hosting providers — Cloudflare (website), cloud infrastructure for the application.
  • Legal authorities — when required by law or valid legal process.

5. International Data Transfers

Some of our service providers are based outside the European Economic Area (EEA). When data is transferred outside the EEA, we rely on:

  • European Commission adequacy decisions.
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • The service provider's participation in recognized frameworks (e.g., EU-U.S. Data Privacy Framework).

6. Data Retention

  • Merchant account data — retained while your account is active, plus 12 months after deletion for legal purposes.
  • End-customer data — retained as long as the merchant's account is active; deleted within 30 days of account termination.
  • Website analytics — aggregated and anonymized after 26 months.
  • Support communications — retained for 24 months after resolution.

7. Your Rights (GDPR)

If you are located in the EEA, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict processing in certain circumstances.
  • Data portability — receive your data in a machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time (where consent is the legal basis).

To exercise any of these rights, email us at hello@jericommerce.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In Estonia, this is the Estonian Data Protection Inspectorate (aki.ee).

8. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know — what personal information we collect, use, and disclose.
  • Right to delete — request deletion of your personal information.
  • Right to opt out — of the sale or sharing of personal information. We do not sell personal data.
  • Right to non-discrimination — for exercising your privacy rights.

To exercise these rights, email hello@jericommerce.com. We will verify your identity and respond within 45 days.

9. End-Customer Rights

If you are an end customer of a merchant using JeriCommerce, the merchant is the data controller for your personal data. Please contact the merchant directly to exercise your data rights. We will assist the merchant in fulfilling such requests.

10. Cookies & Tracking

Our website uses:

  • Essential cookies — required for the website to function (session, language preference).
  • Analytics cookies — PostHog for anonymous usage analytics. No personal data is shared with third-party advertisers.

We do not use third-party advertising cookies or tracking pixels.

11. Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (TLS), access controls, regular security reviews, and infrastructure monitoring.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach, in accordance with GDPR Art. 33. Where the breach is likely to result in a high risk, we will also notify the affected individuals without undue delay (GDPR Art. 34).

Where we act as data processor, we will notify the affected merchant (data controller) without undue delay after becoming aware of the breach.

13. Children

JeriCommerce is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will promptly delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered merchants by email of material changes at least 14 days before they take effect. The "Last updated" date at the top indicates the most recent revision.

15. Contact

Leuqim OÜ (trading as JeriCommerce)
Männimäe/1, 74626 Kuusalu vald, Harju maakond, Estonia
Registry code: 17195491 · VAT: EE102848500
Email: hello@jericommerce.com