← Back
Privacy Policy
Last updated: February 7, 2026
Daffiliates ("we", "us", "our") operates an affiliate marketing platform for Shopify merchants. This Privacy Policy explains how we collect, use, and protect personal data when you use our application and affiliate portals.
1. Data We Collect
Affiliate Account Data
- Email address
- First and last name (optional)
- Chosen affiliate code
- Password (stored as a salted hash; we never store plaintext passwords)
Referral Tracking Data
- Cookie identifier (random UUID, not personally identifiable)
- Referring URL and landing page URL
- Timestamp and cookie expiration date
Order Attribution Data
- Shopify order ID and order number
- Order total and currency
- Attribution method (discount code, referral link, or manual)
- Discount code used (if any)
Merchant User Data
- Email address
- First and last name (optional)
- Password (stored as a salted hash)
- Role and permissions
2. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|
| Account authentication | Email, password hash | Contract performance |
| Referral tracking & attribution | Cookie ID, URLs, order data | Legitimate interest / consent |
| Commission calculation & payouts | Order data, affiliate ID | Contract performance |
| Platform operation & security | All data | Legitimate interest |
3. Cookies
We use the following first-party cookies on the merchant's Shopify storefront:
| Cookie | Purpose | Duration |
|---|
affiliate_ref | Stores the affiliate referral code for attribution | Configurable by merchant (default: 30 days) |
affiliate_cookie_id | Unique identifier to link clicks to conversions | Same as above |
These cookies are only set after the visitor arrives via a referral link (?ref=CODE) and, where applicable, after marketing consent has been granted through the Shopify Customer Privacy API.
4. Data Retention
- Referral clicks: Automatically deleted after expiration (default: 30 days) if unconverted.
- Affiliate accounts: Retained while the account is active. Deleted upon account deletion request.
- Order attributions & commissions: Retained as long as the affiliate account exists.
- Merchant user accounts: Retained while active. Deleted upon account deletion or store uninstall.
5. Third-Party Sharing
We share data only with:
- Shopify: We operate as a Shopify app and interact with the Shopify platform to read order data and manage discount codes. Data remains within the Shopify ecosystem.
We do not sell, rent, or share personal data with any other third parties for marketing purposes.
6. Your Rights
You have the right to:
- Access: View all personal data we hold about you through your portal dashboard.
- Correction: Update your name and profile information in your account settings.
- Deletion: Delete your account and all associated data from the Settings page. This action is irreversible and removes all clicks, orders, commissions, and payout records linked to your account.
- Withdraw consent: You may withdraw consent at any time by deleting your account.
- Data portability: Contact us to receive a copy of your data in a structured format.
7. Data Security
We protect your data through:
- Passwords stored using bcrypt hashing with salt
- JWT-based authentication with expiration
- HTTPS encryption for all data in transit
- CORS restrictions limiting API access to authorized domains
8. GDPR Compliance
For users in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). We process data under the legal bases of contract performance, legitimate interest, and consent as described above. We respond to Shopify's mandatory GDPR webhooks for customer data requests, customer data erasure, and shop data erasure.
9. Children's Privacy
Our service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
For privacy-related questions, data requests, or concerns, please contact us at:
Email: privacy@daffiliates.com