Privacy Policy

Effective Date: January 1, 2026  |  Last Updated: January 29, 2026

1. Introduction

Infinite Scroll (“we,” “our,” or “us”) is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, store, share, and protect information when you install and use our Shopify application (“the App”) or visit our website.

This policy is designed to comply with the General Data Protection Regulation (GDPR) (EU Regulation 2016/679), the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), the UK Data Protection Act 2018, the Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada), and other applicable data protection laws worldwide.

2. Data Controller

For the purposes of the GDPR and other applicable data protection laws, the data controller responsible for your personal data is:

Infinite Scroll

Email: support@laparaneza.com

If you have any questions or concerns about how we handle your data, you may contact our Data Protection Officer (DPO) at support@laparaneza.com.

3. Information We Collect

We collect and process the following categories of personal data:

3.1 Information You Provide Directly

  • Account & Store Information: Your Shopify store URL, store name, owner name, and email address provided during app installation via Shopify OAuth.
  • Communication Data: Any information you provide when contacting our support team, including name, email, and the content of your messages.
  • Payment Information: Billing details processed through Shopify's secure billing system. We do not directly store credit card numbers or financial account details.

3.2 Information Collected Automatically

  • Usage Data: Information about how you configure and interact with the App, including feature usage, settings preferences, and configuration changes.
  • Technical Data: IP address, browser type and version, operating system, device type, screen resolution, referring URLs, and pages visited.
  • Log Data: Server logs that may include your IP address, access times, app features used, and error reports.
  • Cookies & Tracking Technologies: We use cookies, local storage, and similar technologies to maintain session state and improve the user experience. See Section 10 for details.

3.3 Information from Third Parties

  • Shopify API Data: When you install the App, we receive data from Shopify's API, including store information, theme configuration, and collection data necessary for the App to function.

4. Legal Basis for Processing (GDPR — Article 6)

We process your personal data only when we have a valid legal basis to do so. The legal bases we rely on include:

  • Performance of a Contract (Art. 6(1)(b)): Processing is necessary to provide and maintain the App as part of our agreement with you when you install and use our service.
  • Legitimate Interests (Art. 6(1)(f)): We process certain data for our legitimate business interests, such as improving the App, preventing fraud, and ensuring security. We balance these interests against your rights and freedoms.
  • Consent (Art. 6(1)(a)): Where required, we obtain your explicit consent before processing data, such as for marketing communications or non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): We may process data to comply with legal requirements, such as tax obligations, fraud prevention, or lawful government requests.

5. How We Use Your Information

We use the collected information for the following purposes:

  • Service Delivery: To provide, operate, and maintain the Infinite Scroll application.
  • Account Management: To manage your account, process transactions, and handle billing through Shopify.
  • Communication: To send you service-related notices, updates, security alerts, and support messages.
  • Improvement & Analytics: To analyze usage patterns, diagnose technical issues, and improve the App's functionality and performance.
  • Security: To detect, prevent, and address fraud, abuse, security vulnerabilities, and technical issues.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Marketing (with consent): To send promotional materials only when you have opted in. You can opt out at any time.

6. Data Sharing & Third-Party Processors

We do not sell, rent, or trade your personal data to third parties. We may share data with the following categories of recipients:

  • Service Providers (Data Processors): Trusted third-party vendors who assist in hosting, analytics, customer support, and payment processing. All processors are bound by Data Processing Agreements (DPAs) ensuring GDPR-compliant handling of your data.
  • Shopify: As the platform provider, Shopify processes certain data in accordance with their own privacy policy and terms of service.
  • Legal Authorities: We may disclose data if required by law, court order, or governmental regulation, or to protect the rights, property, or safety of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

7. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA) or the United Kingdom.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs): EU-approved contractual terms that provide adequate data protection guarantees.
  • Adequacy Decisions: Transfers to countries recognized by the European Commission as providing an adequate level of data protection.
  • Additional Safeguards: Encryption, access controls, and supplementary measures as required under GDPR Chapter V.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Specific retention periods include:

  • Account Data: Retained for the duration of your active use of the App. Upon uninstallation, account data is deleted within 30 days.
  • Usage & Analytics Data: Retained in aggregated, anonymized form for up to 24 months for product improvement purposes.
  • Support Communications: Retained for up to 12 months after the last communication for quality and training purposes.
  • Billing & Transaction Records: Retained for up to 7 years to comply with tax and accounting regulations.
  • Log Data: Automatically purged after 90 days.

When data is no longer needed, it is securely deleted or anonymized in accordance with our data destruction procedures.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • TLS/SSL encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and vulnerability assessments
  • Role-based access controls limiting data access to authorized personnel
  • Secure development practices (OWASP guidelines)
  • Incident response procedures with notification within 72 hours of a confirmed breach (as required by GDPR Article 33)

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We encourage you to use strong passwords and keep your Shopify account credentials confidential.

10. Cookies & Tracking Technologies

We use cookies and similar technologies on our website and within the App. These include:

  • Strictly Necessary Cookies: Required for the App to function properly (e.g., session management, authentication). These cannot be disabled.
  • Analytics Cookies: Used to understand how users interact with the App to improve performance and usability. These are only set with your consent.
  • Preference Cookies: Remember your settings and customization choices for a better experience.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the App. For EU/UK users, non-essential cookies are only placed after explicit consent in compliance with the ePrivacy Directive.

11. Your Rights Under GDPR & Other Laws

Depending on your location, you have the following rights regarding your personal data:

GDPR Rights (EU/EEA/UK Residents)

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements.
  • Right to Restrict Processing (Art. 18): Request that we limit the processing of your data in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV).
  • Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7(3)): Withdraw previously given consent at any time, without affecting the lawfulness of prior processing.
  • Right Not to be Subject to Automated Decision-Making (Art. 22): We do not use automated decision-making or profiling that produces legal or similarly significant effects.

CCPA / CPRA Rights (California Residents)

  • Right to Know: Request information about the categories and specific pieces of personal data we have collected.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: We do not sell personal information. If this changes, we will provide an opt-out mechanism.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA.

Exercising Your Rights

To exercise any of the above rights, please contact us at support@laparaneza.com. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before fulfilling your request. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, CNIL in France, or the relevant Data Protection Authority in your EU member state).

12. Children's Privacy

The App is intended for use by Shopify merchants who are at least 18 years of age. We do not knowingly collect personal data from children under the age of 16 (or the applicable minimum age in your jurisdiction). If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete that information.

13. Data Protection Impact Assessments (DPIA)

In compliance with GDPR Article 35, we conduct Data Protection Impact Assessments when introducing new features or processing activities that may present a high risk to the rights and freedoms of data subjects. DPIA results inform our data protection strategies and are available for review by supervisory authorities upon request.

14. Sub-Processors

We use the following categories of sub-processors to deliver our service:

CategoryPurposeLocation
Cloud HostingApplication hosting & data storageUSA / EU
AnalyticsUsage analytics & performance monitoringUSA / EU
Customer SupportSupport ticket managementUSA / EU
Payment ProcessingBilling via Shopify Billing APIUSA / Canada

All sub-processors are bound by Data Processing Agreements and are required to maintain equivalent data protection standards. We will notify you of any material changes to our sub-processor list.

15. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
  • Notify affected data subjects without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34).
  • Document all breaches, including facts, effects, and remedial actions taken.
  • Implement measures to mitigate the effects and prevent future occurrences.

16. “Do Not Track” Signals

We respect “Do Not Track” (DNT) browser signals. When we detect a DNT signal, we will not place non-essential tracking cookies or collect analytics data beyond what is strictly necessary for the service to function.

17. Third-Party Links

Our App or website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal data.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you via email or through a prominent notice within the App at least 30 days before the changes take effect. Your continued use of the App after the updated policy becomes effective constitutes your acknowledgment of the changes.

19. Governing Law & Jurisdiction

This Privacy Policy is governed by and construed in accordance with applicable data protection laws. For EU/EEA residents, the GDPR applies. For California residents, the CCPA/CPRA applies. Any disputes will be resolved under the jurisdiction of the applicable data protection authority or courts.

20. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

Email: support@laparaneza.com

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. A list of EU Data Protection Authorities can be found on the European Data Protection Board (EDPB) website.