Contact Us

Annex A – Privacy Policy

Introduction

Below is a summary of our practices when it comes to your data collected when you use Shoffr Services which includes our account portal, store concierge applications, end consumer applications and bots, and our developer products and services.

Please note that some Shoffr customers may have special agreements with us that specify the collection, use, and sharing of their data. If those special agreements and this policy conflict, those special agreements will apply.

For purposes of this policy, the words “our,” “us,” “we,” and “Shoffr" refer to Affle International Pte. Ltd. and our affiliates (which includes any person or entity that controls us, is controlled by us, or is under common control with us, such as our subsidiary, parent company, or our employees).

Before you use any of Shoffr’s Services, please carefully review this Policy. By using any part of Shoffr’s Services, you consent to the collection, use, disclosure and sharing of your information as further outlined below in this Policy.

About Shoffr

What is Shoffr? Shoffr is a cloud based omni-channel retail platform. Our customers are generally retail brands and their affiliates. Our customers generally use Shoffr’s Services, which include APIs and SDKs, to build omni-channel retail capabilities into their applications. Our customers then often have their own customers or users of the applications they build using Shoffr’s Services. To avoid confusion, we’ll call the individuals that use our customers’ applications the “end users.”

Shoffr generally does not interact directly with our customers’ end users. Instead, end users interact with our customers’ applications, which in turn interact with our Services. So, if you’re an end user of an application that is integrated with Shoffr’s Services, you should check out that application’s terms of service and privacy policy to find out how that application collects, uses, stores and shares your data. We are not responsible for our customers’ privacy policies or privacy practices.

Categories of Customer Data. There are three general categories of customer data that we collect or generate from our customers’ use of our Services. We’ll call these “Customer Content,” “Customer Account Data,” and “Customer Usage Data.”

  • Customer Content. Customer Content consists of data that are sent through integration with Shoffr’s Services, like the body of a message, your products and services catalogs, your price books, or your in-store inventory. Customer Account Data. Customer Account Data is all the data that relates to the relationship between Shoffr and its customers, like our customers’ names, contact information, and billing information and records. Customer Usage Data. Includes operational data like API requests, orders and reservations, call or messaging logs, or usage information. Customer Usage Data also includes your end users’ name, phone number, email addresses, shipping addresses, and social media profiles
  • Customer Account Data. Customer Account Data is all the data that relates to the relationship between Shoffr and its customers, like our customers’ names, contact information, and billing information and records.
  • Customer Usage Data. Includes operational data like API requests, orders and reservations, call or messaging logs, or usage information. Customer Usage Data also includes your end users’ name, phone number, email addresses, shipping addresses, and social media profiles as requested by your application. If you integrate your payment processors with Shoffr’s Services, we will also store the secure payment profile of your end users as provided by your payment processors.

What data we collect, how we collect it and why

Customer Account Data you share with us directly. When you sign up for an account with Shoffr you’ll be asked to give us your name, email address, telephone number, your company name, and your billing address. You’ll also be asked to create a password. We collect this Customer Account Data so that we know who you are, we can communicate with you about your account, and we can recognize you when you communicate with us through the account portal or otherwise.

Also, we gather information about you when you interact with our customer support team, sales team or account management team. For example, when you contact our customer support team, you will be asked to give your account data and tell us the question you have or any problem you’re experiencing. We gather this information so that we can help you with your question or problem. When you communicate with our sales team or account management team, we’ll gather data about you, such as your use case and your business requirements, so that these teams are better equipped to assist you. We may also use this data so that we can improve our Services and train our team members.

Customer Account Data we generate and collect automatically when you create an account. When you sign up for an account with Shoffr, we’ll assign you an Account SID, which acts as a username, and an Auth Token, which acts as a password. You will need to use these credentials in connection with making requests to our APIs. We keep a record of these credentials, so that when your application makes requests to our API using these credentials, we know that it is you making the requests.

Customer Usage Data we collect from you from your use of our Services, like our APIs. When you use our Services, we collect Customer Usage Data. This may include data like what commands your application has communicated to Shoffr, your IP addresses, how many times you used a Shoffr Service, and when the Service was used by you or your end users.

We collect Customer Usage Data so that you can view it in the account portal and can manage your use of our Services. We also collect it so that we can properly bill you for your use of our Services, appropriately manage customer traffic, analyze and improve our Services, and identify and solve problems that arise.

Customer Account Data we collect from other sources. From time to time, we gather publicly-available information about companies that are our customers, such as where they are located, their website URL, their industry, and their size. Sometimes this type of Customer Account Data is obtained through third-party service providers that specialize in pulling together publicly-available information about companies.

What we use your data for

Generally, we use all the data that you provide to us or that we collect from you to provide our Services to you, to enable you to access and use our Services, to deliver your communications to their intended destination, and to analyze our customers’ use of our Services, to improve our Services, and to detect fraudulent or unlawful activity in connection with Shoffr accounts.

Below are some additional details regarding how we use categories of data we collect.

Customer Content. We use Customer Content for the purposes that you allow us access to it, like conveying it to and from your applications that interface with the end users. We may also use Customer Content stored on our systems to troubleshoot issues such as quality concerns.

Customer Account Information. We use your email address in connection with your account password to authenticate your account and allow you to access your account data through the account portal. And, we use your Account SID and Auth Token to authenticate that it is your application that is making requests to our APIs.

We also use the contact information you provide to Shoffr to communicate information regarding your account and the Services you are using or to respond to an inquiry you have sent us. If you enable two-factor authentication, we’ll use the telephone number you provide in connection with that feature to send you verification codes.

In addition, we will use your email address to send you information about other Shoffr Services, or events that you might be interested in. You can choose not to receive marketing emails from Shoffr. If you wish to stop receiving Shoffr marketing emails you may click on the unsubscribe link that will appear at the bottom of any Shoffr marketing emails or you can contact customer support.

We will use publicly-available Customer Account Data about your company, such as your industry, the size of your company, and your company’s website URL, to help us understand our customer base better and to tailor information we send you about other Shoffr Services, or events.

Customer Usage Data. We use your usage data so we can properly bill you for your use of our Services, appropriately manage customer traffic, analyze and improve our Services, and identify and solve problems with our Services that arise. We also use certain usage data to support regulatory requirements, such as calculation and reporting of tax or similar obligations.

Data collected through tracking technologies like cookies and web beacons. We collect data through tracking technologies so we can understand how customers are using our account portal, store concierge applications, end consumers applications and bots, and what regions our customers are coming from. This helps us understand our customers better and how we can improve our services. We also use this to improve our customer’s navigation experience with our account portal, store concierge applications, and end consumer applications and bots.

Who we may share your data with

Unless you give us your permission, we won’t share your Customer Content, Customer Account Data, or Customer Usage Data with third parties, except as described below:

  • Third-party service providers or consultants. We may share your data stored on our systems with third-party service providers or consultants who need access to the data to perform their work on Shoffr’s behalf, like our storage provider for storing your data on our behalf. These third-party service providers are limited to only accessing or using this data to provide services to us and must provide reasonable assurances that they will appropriately safeguard the data.
  • Compliance with Laws. We may disclose your data stored on our systems to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or a government request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our Services, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If Shoffr is required by law to disclose any of your data that directly identifies you, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
  • Affiliates. We may share your data with our affiliates. We all will only use the data as described in this policy.
  • Business transfers. If we go through a corporate sale, merger, reorganization, dissolution or similar event, customer data we gather from you may be part of the assets transferred or shared in connection with the due diligence for any such transaction. Any acquirer or successor of Shoffr may continue to use your data as set forth in this policy. We will notify you of these events prior to any movement of Customer data.
  • Shoffr Storeboard. If you have authorized a Shoffr Storeboard App to access your Shoffr Account, by the very nature of how the Shoffr Storeboard program works, we will allow the third party developer of the Shoffr Storeboard App access your Shoffr account that you have given the Shoffr Storeboard App access to. This access may include being able to read all your customer data, including your Customer Content. It may also include being able to perform actions on behalf of your account that charge your account.

We do not share your data (including, but not limited to, the personal data of your end users) with third parties for their direct marketing purposes, unless you give us your consent to do so.

Add-ons

Add-ons are additional features, functionality or services offered by Shoffr’s Add-on Partners (third parties not affiliated with Shoffr). Shoffr may make Add-ons available to you through the Shoffr Marketplace. Some Add-ons may need to access or collect some of your Customer Data. If you choose to use an Add-on, Shoffr will share your data with the Add-on Partner as necessary in order for you to be able to use the Add-on. Shoffr does not control Add-on Partners use of your data, and their use of your data will be in accordance with their own policies. If you do not want your data to be shared with an Add-on Partner, then you should not to use the Add-on.

International Operations and Transfers Out of the EEA and Switzerland

Please note that when you use our account portal, or our other Services, your Customer Content, Customer Account Data, or Customer Usage Data may be sent to the United States and possibly other countries. We store customer data on servers located in the United States, and we may also store this data on servers and equipment in other countries.

Shoffr employs appropriate mechanisms for cross-border transfers of personal data, as required by applicable local law. Shoffr complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

Personal Data Protection (Singapore & Malaysia)

During the course of dealings between the Parties and in connection with the performance of this Agreement, the Parties acknowledge that they need to Process (as defined under the Personal Data Protection Act 2012 in Singapore) and (as defined under the Personal Data Protection Act 2010 in Malaysia) Personal Data (as defined under the Personal Data Protection Act 2012 in Singapore) and (as defined under the Personal Data Protection Act 2010 in Malaysia) belonging to or supplied by each Party from time to time by electronic or paper-based means.

By entering into this Agreement, the Parties expressly and explicitly acknowledge and consent to the Processing of such Personal Data by each Party for the purpose of performance of this Agreement and for all other purposes that are necessary, incidental or related to the performance of this Agreement, including Processing of such Personal Data within and, where necessary, outside Singapore and Malaysia, and the transfer and disclosure of such Personal Data to third parties authorised by each Party within and, where necessary, outside Singapore and Malaysia, provided that these third parties undertake to keep such Personal Data confidential, or to any persons, authorities or regulators to whom the Parties are compelled, permitted or required under the law to disclose to. For the purpose of this Clause, “third parties” include but not limited to each Party’s holding or parent company, subsidiaries, related and/or associated companies, business partners, professional advisers, agents, contractors, third party service providers, insurance companies, banks and financial institutions.

To the extent that a Party has disclosed its employees, agents or other third parties’ Personal Data to the other Party, the disclosing Party warrants and represents that it has obtained the relevant individual's consent to disclose such Personal Data to the other Party in accordance with this Clause and for the purpose of the performance of this Agreement, and for all other purposes that are necessary, incidental or related to the performance of this Agreement.

The Parties warrant and represent that all Personal Data disclosed or to be disclosed to the other Party is accurate and complete, and that none of it is misleading or out of date as of the date of this Agreement. The Parties shall promptly update each Party in the event of any change to such Personal Data.

Information from Children

We do not knowingly collect any personal information directly from children under the age of 13. If we discover we have received any personal information from a child under the age of 13 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone under the age of 13, please contact us at privacy@shoffr.io

How we secure your data

We use appropriate security measures to protect the security of your customer data both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note though that no service is completely secure. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

You may access your account through our account portal by using your email address and a password that you chose when you signed up for Shoffr’s Services. To protect the confidentiality of your customer data and protect from unauthorized use of your account, you must keep your password and Auth Token confidential and not disclose it to any other person. Please let us know right away if you think your password or Auth Token was compromised or misused.

How we tell you about changes to our privacy practices

We may change our Services Privacy Policy from time to time. If we make changes, we’ll revise the “Last Updated” date at the top of this policy, and we may provide additional notice such as on the Shoffr Site homepage, account portal sign-in page, or via the email address we have on file for you. We will comply with applicable law with respect to any changes we make to this policy.

How to make choices about your data

Deletion, access, and changes to Customer Data. You may access and make changes to certain of your Customer Account Data through the Account Dashboard in the Shoffr account portal. You will also be able access Customer Content stored on our systems and various types of Customer Usage Data through the account portal as well.

To request deletion of your Shoffr account, email us at privacy@shoffr.io You should know that deletion of your Shoffr account will result in you permanently losing access to your account and all customer data to which you previously had access through your account. Please note that certain data associated with that account may nonetheless remain on Shoffr’s servers in an aggregated or anonymized form that does not specifically identify you. Similarly, data associated with your account that we are required by law to maintain will also not be deleted.

If you are an end user of an application that uses Shoffr’s services, you should direct requests for access and/or deletion of your data associated with that application to the relevant application provider in accordance with that application provider’s own privacy policy.

Promotional communications. You can choose not to receive promotional emails from Shoffr by following the unsubscribe/opt-out instructions in those emails. You can also opt-out by contacting customer support. Please note that even if you opt out of promotional communications, we may still send you non-promotional messages relating to things like updates to our terms of service or privacy policies, security alerts, and other notices relating to your access to or use of our Services.