New: Loyalty Engine is live|Learn more
Syncube

Gift Card Hero - Privacy Policy

Last updated: April 13, 2026

Introduction

This Privacy Policy describes how Gift Card Hero ("the App", "we", "us", or "our"), a Shopify application operated by Syncube, collects, uses, and protects information when you install and use our app. Gift Card Hero enables Shopify merchants to create, sell, and manage digital gift cards, store credit wallets, loyalty programs, and related features. This policy applies to all merchants who install the app, their staff members, and end customers who interact with Gift Card Hero features on merchant storefronts.

Information We Collect

When you install Gift Card Hero, we access information from your Shopify store as authorized by the permissions you grant during installation. This includes: your store URL, store name, email address, currency, language settings, and location data. We collect gift card data including balances, codes, expiration dates, and transaction history. We access customer information such as customer IDs, email addresses, names, and purchase history to associate gift cards and store credit with the correct accounts. For POS (Point of Sale) users, we store usernames, names, and securely hashed passwords and PINs. We also collect usage analytics including IP addresses, browser type, user agent, referrer URLs, landing pages, and UTM campaign parameters for attribution tracking.

Shopify API Permissions

Gift Card Hero requests the following Shopify API scopes to provide its functionality: reading orders and gift card data; creating and managing gift cards and gift card transactions; reading and writing customer records; managing draft orders and fulfillment; reading product and location data; and accessing checkout information for storefront gift card features. These permissions are required for core app functionality and are used only for the purposes described in this policy.

How We Use Information

We use collected information to: provide and operate gift card, store credit, and loyalty features on your store; process gift card transactions and manage balances; send transactional emails on your behalf, including gift card delivery notifications, balance reminders, and review requests; associate gift cards and store credit with the correct customer accounts; provide the POS interface for in-store gift card operations; track attribution and conversion analytics to measure app performance; provide customer support; improve and develop new features; and comply with legal obligations.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process personal data based on the following legal grounds: performance of a contract (to provide Gift Card Hero services after installation); legitimate interests (to improve the app, ensure security, prevent fraud, and track attribution); compliance with legal obligations; and your consent where required. You may withdraw consent at any time by contacting us or uninstalling the app.

Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information. We share data with the following categories of service providers to operate the App: Shopify (platform integration, billing, and OAuth authentication); Mailgun (transactional email delivery for gift card notifications and reminders); Amazon Web Services / AWS S3 (storage of merchant-uploaded gift card images); Google Analytics 4 (usage analytics via the Measurement Protocol); Sentry (error tracking and monitoring to maintain app reliability); and MongoDB hosting providers (database storage). All third-party providers are contractually obligated to protect your data and use it only for the specified purposes. We may also disclose data when required by law or to protect our legal rights.

Cookies and Tracking

Gift Card Hero uses cookies and similar technologies for: session management and authentication (JWT tokens); attribution tracking including Google Click ID (gclid), Facebook Click ID (fbclid), and UTM parameters; and analytics to understand how merchants interact with the app. Attribution data has a 2-hour matching window and is used to measure conversion performance. We do not use cookies for third-party advertising purposes. You can control cookie preferences through your browser settings, though disabling essential cookies may affect app functionality.

Data Security

We implement industry-standard security measures including: encryption in transit via TLS/SSL; password hashing with bcrypt for user accounts; SHA-256 hashing for POS PINs; HMAC-SHA256 webhook validation; rate limiting on sensitive endpoints such as the balance checker (configurable limits with TTL); bot protection via Cloudflare Turnstile or Google reCAPTCHA v3; and restricted access to customer data on a need-to-know basis. While we take reasonable precautions, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain your data for as long as Gift Card Hero is installed on your Shopify store. Upon uninstallation, we delete or anonymize merchant data in accordance with Shopify's requirements. Gift card transaction records may be retained longer to support merchant accounting and audit requirements. Analytics and attribution data is retained in aggregated form to improve our service. Aggregated, anonymized data may be retained indefinitely.

International Data Transfers

Your data may be processed and stored on servers located in the United States and other jurisdictions where our service providers operate. If you are located outside the United States, your data will be transferred internationally. Our key service providers (AWS, MongoDB, Mailgun, Google, Sentry) are certified under the EU-US Data Privacy Framework (DPF), which the European Commission has recognized as providing an adequate level of data protection. As an additional safeguard, we also maintain Standard Contractual Clauses (SCCs) approved by the European Commission with our providers, ensuring continued protection in the event of any changes to the DPF adequacy decision.

Your Rights

Depending on your jurisdiction, you may have the following rights: the right to access and obtain a copy of your data; the right to rectify inaccurate or incomplete data; the right to erasure ("right to be forgotten"); the right to restrict processing; the right to data portability; the right to object to processing; and the right to withdraw consent. California residents have additional rights under the CCPA, including the right to know what data is collected, the right to delete data, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise any of these rights, contact us at privacy@syncube.io. We will respond to verified requests within 30 days as required by applicable law. You can also submit data requests through Shopify's built-in GDPR tools, which are integrated with our app.

Children's Privacy

Gift Card Hero is a business-to-business platform designed for Shopify merchants and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy within the app and updating the "Last Updated" date. Your continued use of Gift Card Hero after changes are posted constitutes acceptance of the revised policy.

Contact Us

If you have questions or concerns about this Privacy Policy or wish to exercise your data rights, please contact us at privacy@syncube.io or write to: Syncube, Attn: Privacy, Austin, TX, United States.