Udeely is an affiliate-tracking application for Shopify stores, provided by WordCat Edutech (Y-tunnus: 3460399-3), a Finnish toiminimi operated by Andrew Campbell. This policy explains what data we collect, why, where it lives, and how long we keep it.
This policy applies to three groups of people:
- Merchants — Shopify store owners who install Udeely.
- Affiliates — people who sign up to a merchant's referral program through Udeely.
- Customers — shoppers who place orders on a merchant's store that may have been referred by an affiliate.
1. Data we collect
From merchants
When you install Udeely, Shopify provides us with your shop domain, store name, contact email, and an OAuth access token scoped to the permissions you grant. We do not collect billing information; subscription billing is handled by Shopify.
From affiliates
When someone joins a merchant's referral program through Udeely, we collect: name, email address, payout method preference (PayPal email, Wise account identifier, or manual bank instructions), and the merchant's commission program assignment. Affiliates set their own password to access their dashboard.
From customers
We process a one-way cryptographic hash (HMAC-SHA256) of customer email addresses on order events. The raw email is never stored. The hash is used solely to detect self-referral fraud — i.e., to verify that the person placing an order is not the same person who owns the referral link. The hash cannot be reversed to recover the email.
We do not request or store customer names, phone numbers, addresses, order history, or any other customer-identifying data.
2. Why we collect it
| Data | Purpose |
|---|---|
| Merchant shop domain, access token | Install and run the app on your store |
| Affiliate name, email, payout details | Create the affiliate account, send commission notifications, process payouts |
| Customer email hash | Self-referral fraud check (one comparison, at the moment the order webhook arrives) |
| Order metadata (ID, amounts, financial status, discount code) | Calculate commission for the attributed affiliate |
We do not use any of this data for marketing, profiling, advertising, or sale to third parties.
3. Where it's stored
- Database: PostgreSQL hosted by Neon (US-East region), AES-256 encryption at rest, TLS 1.2+ in transit, point-in-time recovery enabled.
- Application: Fly.io (compute), TLS 1.3 on
udeely.comandudeely.fly.dev. - Background queues: Upstash Redis (encrypted in transit and at rest).
- Transactional email: Postmark (sender:
noreply@udeely.com). - CSV payout files: Cloudflare R2 (private buckets, signed-URL access only).
- Error monitoring: Sentry, configured with
sendDefaultPii: falseso user identifiers are stripped before transmission. - Logs: Axiom (log aggregation).
Production credentials live in Fly.io secrets and are not accessible to any human outside the operator.
4. Sub-processors
We use the following sub-processors. Each has its own privacy policy and DPA, available on their websites.
| Sub-processor | Purpose | Region |
|---|---|---|
| Shopify | Source of order/refund webhooks; OAuth provider | Global |
| Neon | Primary database | US-East |
| Fly.io | Application hosting | Global edge |
| Upstash | Background job queue (Redis) | US-East |
| Postmark | Transactional email delivery | US |
| Cloudflare R2 | Payout CSV storage | Global |
| Sentry | Error monitoring (PII-stripped) | US |
| Axiom | Log aggregation | US |
We will give 30 days' notice before adding a new sub-processor that processes affiliate or customer data.
5. Retention
| Data | Retention | Reason |
|---|---|---|
| Customer email hash | 7 years from order date | Financial record-keeping (commission ledger) |
| Conversion records (order ID, amounts, attribution) | 7 years | Same |
| Affiliate account (name, email, payout details) | While the affiliate is active + 7 years after deactivation | Tax-year aggregation for 1099 reporting |
| Merchant shop record + access token | While Udeely is installed; deleted on shop/redact (48 hours after uninstall) | App Store requirement |
| Server logs (Axiom) | 30 days | Operational debugging |
6. GDPR / customer redaction
When Shopify sends a customers/redact request, we replace the relevant customerEmailHash value with the literal string "REDACTED" and retain the rest of the conversion record (financial data required by law). When Shopify sends a shop/redact request (48 hours after a merchant uninstalls), we cascade-delete every row tied to that shop, including all customer email hashes and affiliate records.
If you are an affiliate and want your data deleted before the 7-year retention period ends, email the address below. We will delete your account, but conversion records linked to your referral code may be retained in anonymized form (the affiliate ID is unlinked, but the commission amounts remain in the merchant's ledger).
7. Your rights
Depending on where you live, you may have the right to:
- Access the data we hold about you
- Request correction or deletion
- Object to specific processing
- Lodge a complaint with your local data protection authority
To exercise any of these rights, email us. We will respond within 30 days.
8. Changes to this policy
We will update this page when we change how we collect, use, or store data. The “Last updated” date at the top reflects the most recent change. Material changes (new sub-processors handling affiliate or customer data; expanded data collection) will be communicated to merchants via the in-app inbox and to affiliates via email.
9. Contact
Privacy questions: privacy@udeely.com.