Privacy Policy

Last updated: 2026-02-21

SleekPass (“we”, “our”, “us”) is operated by Itod Inc. SleekPass provides Apple Wallet and Google Wallet loyalty cards for Shopify merchants (“merchants”). This policy describes how we collect, use, store, and protect data when merchants install SleekPass and when their customers (“customers”) receive loyalty passes.

What Data We Collect

From Shopify (via the merchant’s store)

When a merchant installs SleekPass, we request the following Shopify access scopes:

• read_customers and write_customers — to look up and create customer records
• read_customer_email and read_customer_name — to personalize loyalty passes
• read_orders — to detect purchases and update pass data
• read_locations — to display store locations on passes

For each customer who receives a loyalty pass, we read the following from Shopify:

• Name: display name, first name, last name
• Email address
• Order count: total number of orders placed
• Total amount spent: lifetime spend amount and currency
• Account creation date
• Customer metafield values: only when the merchant configures custom fields to display on passes (e.g., loyalty tier, points balance)

This customer data is cached in our database as part of the pass record so that passes can be generated and updated without repeated Shopify API calls.

From Merchants

• Store domain (e.g., example.myshopify.com)
• Store name
• Pass design settings: colors, field layout choices, uploaded logo images
• Shopify API access token (encrypted at rest)

From Customers Directly

When a customer enrolls via a walk-in enrollment page (QR code at the store counter):

• Email address (required)
• Name (optional)

This information is used to find or create a Shopify customer record in the merchant’s store and generate wallet passes.

From Devices

When a customer adds an Apple Wallet pass to their device, Apple’s PassKit protocol provides:

• Device library identifier: a unique ID for the device, used to register the device for push updates
• Push token: used to notify the device when the pass has been updated

These are stored solely to deliver pass updates (e.g., when order count changes) via Apple Push Notification Service.

Scan Events

When a merchant’s staff scans a customer’s QR code at point of sale, we record:

• Timestamp of the scan
• Scan result (success, expired, revoked, or invalid)
• Shopify location ID (which store location)
• Staff ID (which POS user performed the scan, if available)

Scan events are used for merchant analytics and are not shared with third parties.

What We Do NOT Collect

• Payment card or billing information: we never access or store credit card numbers, bank accounts, or payment methods
• Browsing or tracking data: we do not track customers across websites or use cookies for advertising
• Location data from customers: we do not access GPS or location data from customer devices
• Customer passwords: we never access Shopify customer account credentials
• Order details: we read only order count and total spend, not individual order contents, items purchased, or shipping addresses

How We Use Data

• Generate wallet passes: customer name, order count, and total spend are displayed on Apple and Google Wallet loyalty cards as configured by the merchant
• QR code verification: when staff scan a customer’s QR code at point of sale, we verify the signed token and display the customer’s name and loyalty summary
• Pass updates: when a customer places an order, we refresh the cached data on their pass (updated order count and spend) and push the update to their device
• Merchant analytics: scan event counts and pass generation metrics are shown in the merchant’s SleekPass admin dashboard
• Error monitoring: we use Sentry for error tracking in production. Error reports may include the merchant’s store domain for debugging purposes. No customer PII is sent to Sentry.

Data Storage and Security

• Database: customer pass data and merchant settings are stored in a managed PostgreSQL database hosted by DigitalOcean (Toronto region)
• Application hosting: the application runs on Fly.io (Toronto region)
• Asset storage: merchant-uploaded logos are stored on Cloudflare R2
• Encryption: Shopify API tokens are encrypted at rest using Active Record Encryption. QR code tokens are signed with ES256 (ECDSA) and cannot be forged or tampered with
• No plaintext secrets: all sensitive credentials (API keys, signing keys, certificates) are stored in Rails encrypted credentials or as environment variables on the hosting platform, never in source code

Data Sharing

We share data with the following third parties solely to deliver the service:

Third Party	What We Share	Why
Apple (PassKit / APNs)	Pass content (customer name, loyalty data as configured by merchant), device push tokens	To deliver and update Apple Wallet passes
Google (Google Wallet API)	Pass content (customer name, loyalty data as configured by merchant)	To create and update Google Wallet passes
Sentry	Error stack traces, merchant store domain	Error monitoring and debugging
Cloudflare	Merchant logo images	CDN and asset storage

We do not sell, rent, or share customer data with advertisers, data brokers, or any other third parties.

Data Retention and Deletion

When a Merchant Uninstalls SleekPass

1. Immediately: Shopify API access tokens are deleted. The merchant’s store is marked as uninstalled.
2. After 30 days: if the merchant has not reinstalled, all shop data, passes, and scan events are permanently deleted. Google Wallet pass objects are expired.
3. If the merchant reinstalls within 30 days: existing passes are preserved and the shop is reactivated.

Shopify GDPR Webhooks

We implement all three mandatory Shopify GDPR webhooks:

• Customer data request (customers/data_request): we compile and log all data stored for the requested customer, including pass records and cached customer data.
• Customer redact (customers/redact): we anonymize the customer’s pass records by clearing all personal data (name, email, order history) from the cached data, replacing the Shopify customer ID with a redacted placeholder, and invalidating any outstanding QR codes. Google Wallet objects are expired.
• Shop redact (shop/redact): we anonymize all passes for the shop, clear all merchant settings, and expire Google Wallet objects. This is called 48 hours after uninstall per Shopify’s requirements.

Customer-Initiated Deletion

Customers who wish to have their loyalty pass data deleted should contact the merchant directly. The merchant can delete the customer from Shopify, which triggers our customer deletion webhook. This webhook:

1. Invalidates all QR codes for that customer
2. Permanently deletes all pass records for that customer

Scan Event Retention

Scan events are retained for merchant analytics purposes. After a customer’s passes are deleted or anonymized, scan events no longer contain any link to identifiable customer data.

Children’s Privacy

SleekPass is a business tool for Shopify merchants. We do not knowingly collect personal information from children under 13. If you believe a child’s information has been collected, please contact us.

Changes to This Policy

We may update this privacy policy from time to time. The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of SleekPass after changes constitutes acceptance of the updated policy.

Contact

For privacy-related questions or data requests:

• Email: support@sleekpass.com
• Company: Itod Inc.