Lucky You

Privacy Policy

Effective date: April 29, 2026

Last updated: April 29, 2026

Introduction

Lucky You values your privacy and is committed to protecting personal data. This Privacy Policy explains how information is collected, used, disclosed, and safeguarded when merchants use the Lucky You Shopify application and when customers interact with storefront experiences powered by Lucky You.

By installing or using Lucky You, merchants acknowledge the practices described in this Privacy Policy.

1. Who We Are

Business name:Lucky You
Jurisdiction:Slovenia / European Union
Contact email:lucky.you.shopify@gmail.com

Lucky You provides Shopify merchants with gamified storefront engagement tools, including popup games, reward systems, email capture functionality, discount generation, and customer interaction tools.

2. Scope of This Privacy Policy

This Privacy Policy applies to:

  • Shopify merchants installing and using Lucky You
  • Storefront visitors interacting with Lucky You-powered widgets
  • Customer data processed through merchant configurations
  • App-related communications, billing, analytics, and support systems (including Crisp for merchant support chat)

This policy does not govern Shopify’s own privacy practices. Merchants and users should also review Shopify’s policies.

3. Information We Collect

A. Merchant Information

When merchants install or use Lucky You, we may collect:

  • Shopify store domain
  • Shopify account and authentication information
  • Session and API tokens
  • Store configuration settings
  • Billing and subscription data
  • App usage metrics
  • Plan details
  • Impression and capacity data
  • Customer engagement metrics
  • Merchant feedback or support submissions
  • Technical logs and operational diagnostics
  • Support chat content and related metadata when you use in-app support (see Support chat and screen assistance below)

B. Customer / Storefront Visitor Information

When customers interact with Lucky You widgets on merchant storefronts, we may collect:

  • Email addresses
  • Email verification status
  • OTP verification data
  • Reward claim history
  • Discount redemption status
  • Visitor session identifiers
  • Browser and device interaction data
  • Cookie identifiers
  • Storefront usage behavior
  • Cooldown eligibility
  • Prize outcome state
  • IP-based abuse prevention metadata
  • Rate limiting data

C. Automatically Collected Information

We may automatically collect:

  • Browser type
  • Device type
  • Operating system
  • Referrer URL
  • Interaction timestamps
  • Session activity
  • Cookie identifiers
  • Local storage/session storage identifiers
  • Security validation data

D. Support chat and screen assistance

We use third-party customer support tools, including Crisp, to provide live chat support, onboarding assistance, troubleshooting, and merchant support services.

When you interact with support chat, Crisp may process:

  • Messages and information you voluntarily provide
  • Shop and account identifiers
  • Browser, device, and technical session metadata
  • App usage context relevant to troubleshooting
  • Support interaction history

For troubleshooting and onboarding purposes, support agents may use session assistance or co-browsing tools that allow limited real-time visibility into your app session to help diagnose issues, guide configuration, or provide technical assistance. This functionality is used solely for support purposes.

Please do not share passwords, payment credentials, API secrets, or other highly sensitive information through support chat.

4. How We Use Information

We use collected data to:

  • Operate Lucky You’s core app functionality
  • Authenticate merchants
  • Manage Shopify integration
  • Deliver storefront experiences
  • Process customer rewards
  • Manage email collection and verification
  • Generate discounts
  • Prevent abuse, fraud, and spam
  • Track impressions and billing limits
  • Provide merchant analytics
  • Improve app performance
  • Maintain app security
  • Comply with legal obligations
  • Respond to support inquiries
  • Provide live chat support, onboarding assistance, troubleshooting, and merchant support through Crisp, including optional session assistance as described in Section 3.D

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process data under:

  • Contractual necessity
  • Legitimate business interests
  • Consent (where applicable)
  • Compliance with legal obligations

Merchants are responsible for obtaining required customer consents for marketing or promotional communications.

6. Cookies and Tracking Technologies

Lucky You uses cookies and similar technologies to:

  • Maintain visitor sessions
  • Prevent abuse
  • Store eligibility and cooldown states
  • Improve user experience
  • Enable storefront functionality
  • Secure sessions

These may include:

  • Essential cookies
  • Functional cookies
  • Security cookies
  • Session storage
  • Local storage identifiers

Lucky You does not currently use independent third-party advertising or behavioral tracking systems.

7. Data Sharing and Disclosure

We may share data with trusted third parties only when necessary, including:

Third-party processors

We may share limited operational data with trusted third-party service providers that help us operate, support, and improve the app, including:

  • Crisp: customer support chat, technical troubleshooting, onboarding assistance, and optional session assistance
  • Hosting and infrastructure providers
  • Analytics and communications providers where applicable

These providers may process data only as necessary to perform services on our behalf or under their applicable privacy terms.

Additional service providers and integrations

  • Shopify (merchant platform, checkout, and authorized APIs)
  • Fly.io
  • PostgreSQL database infrastructure
  • Resend email services
  • Security services

We may disclose data

  • To comply with law
  • To enforce legal rights
  • To prevent fraud or abuse
  • During business transfers if applicable

We do not sell personal data.

8. Merchant Responsibility

Merchants using Lucky You are responsible for:

  • Their own customer privacy disclosures
  • Obtaining lawful consent
  • Compliance with GDPR, CCPA, and local laws
  • Proper use of collected customer emails
  • Managing customer deletion requests when required

Lucky You acts as:

Data processor: for customer data collected on behalf of merchants

Data controller: for operational, billing, and app security data

9. Data Retention

We retain data only as long as necessary for:

  • Operational purposes
  • Legal compliance
  • Billing records
  • Security
  • Fraud prevention
  • Merchant account continuity

Retention periods may vary depending on:

  • Merchant activity
  • Subscription status
  • Legal obligations
  • Security investigations

Upon lawful request, eligible data may be deleted or anonymized.

10. Security Measures

We implement reasonable safeguards including:

  • HTTPS encryption
  • Secure API authentication
  • Secure cookies
  • Session protection
  • Database security controls
  • Access limitations
  • Origin validation
  • Abuse prevention systems
  • Operational monitoring

However, no system can guarantee absolute security.

11. International Data Transfers

Because Lucky You operates online, data may be processed in multiple jurisdictions.

Where required, we use lawful safeguards for international transfers, including GDPR-compliant protections.

12. Your Rights

Depending on applicable law, users may have rights to:

  • Access data
  • Correct data
  • Delete data
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent
  • Lodge complaints with supervisory authorities

Requests may be sent to:

lucky.you.shopify@gmail.com

Where applicable, you may request access to, correction of, or deletion of your personal information, subject to legal, contractual, or operational retention requirements.

13. Children’s Privacy

Lucky You is not intended for children under 13 (or equivalent minimum age in relevant jurisdiction).

We do not knowingly collect children’s personal data.

14. Third-Party Services

Lucky You uses Crisp as a third-party processor for merchant support chat, troubleshooting, onboarding assistance, and optional session assistance, as described in Section 3.D and Section 7. Crisp publishes its own privacy terms; we limit what we send to what is needed for support and describe that processing here.

Lucky You also operates within Shopify’s platform ecosystem; Shopify’s privacy practices are governed by Shopify’s policies.

Other subprocessors (for example hosting, email, and analytics) are listed in Section 7. You should review each provider’s policy for details of their processing.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically.

Changes become effective upon posting updated versions.

Merchants are encouraged to review this policy regularly.

16. Contact Information

For privacy inquiries, legal requests, or data rights requests:

In-app merchant support chat is delivered through Crisp (see Section 3.D and Section 7). For sensitive matters, prefer email to lucky.you.shopify@gmail.com rather than sharing highly sensitive details in chat.

Lucky You

Email: lucky.you.shopify@gmail.com

Location: Slovenia / European Union

17. Shopify Compliance Notice

Lucky You is designed to operate within Shopify’s platform ecosystem and may access Shopify merchant and storefront data as authorized by installed permissions.

Lucky You only accesses data reasonably necessary to provide app functionality.

Summary

Lucky You is committed to:

  • Transparency
  • Security
  • Merchant trust
  • Responsible customer data handling
  • Legal compliance
  • GDPR-aligned operations

Your trust matters, and we take privacy seriously.