abibolabs.com

Abibo Labs
Legal

Privacy Policy

Abibo Wishlist — how we handle personal data.

Last updated: June 21, 2026

This Privacy Policy explains how the Abibo Wishlist app (“the App”, “we”, “us”), provided by Abibo Labs, collects, uses, stores, and protects personal data when a merchant installs the App on their Shopify store and when that store’s customers use the wishlist features. It is written to meet Shopify’s protected customer data requirements and applies in addition to the merchant’s own privacy policy.

Contact: care@abibolabs.com

1. Who is responsible for the data

  • The merchant (the Shopify store owner) is the data controller for their customers’ personal data.
  • Abibo Labs acts as a data processor on the merchant’s behalf, processing personal data only to provide the App’s functionality.

By installing the App, the merchant agrees to this Policy, which forms the data processing agreement between the merchant and Abibo Labs.

2. What personal data we process

We follow the principle of data minimization and process only what is needed to run the wishlist:

  • Saved product references (product IDs a shopper adds to their wishlist) — core functionality: store and sync the shopper’s wishlist across their devices when they are logged in. Stored as a customer metafield on the shopper’s Shopify customer record.
  • Customer email address — only to send opt-in notifications the shopper requested: back-in-stock alerts, price-drop alerts, and wishlist reminders for items they saved.
  • Customer ID and store (shop) domain — to associate a wishlist with the correct logged-in shopper and store.
  • App session / OAuth tokens (merchant-level) — to securely connect the App to the store’s Shopify APIs.

We do not collect or use customer name, phone number, or postal/billing address. We do not sell personal data, and we do not use personal data for automated decision-making with legal or significant effects.

3. How we use the data

  • Provide the wishlist: save, sync, and display a shopper’s saved products.
  • Send opt-in back-in-stock, price-drop, and reminder emails (only where the shopper has chosen to receive them).
  • Produce aggregate, product-level reports for merchants (for example, most-wishlisted products and total saves). These reports are not tied to identifiable individuals.

We limit all processing to these stated purposes.

4. How we store and protect the data

  • Wishlist data is stored in Shopify as a customer metafield within the merchant’s store. Email used for alerts is processed only to deliver the requested notifications.
  • App session data is stored in our hosted backend.
  • Data is encrypted in transit (HTTPS/TLS) and encrypted at rest, including backups.
  • We keep test and production data separate, maintain access logs for customer data, limit staff access to those who need it, and require strong authentication for staff accounts.
  • We maintain a data-loss-prevention approach and a written security incident response policy.

5. Data retention

  • Wishlist and email data are retained only while the App is installed and the data is needed to provide the service.
  • When a merchant uninstalls the App, or upon a verified deletion request, we delete or hand back the associated personal data within a reasonable period.
  • We honor Shopify’s mandatory privacy webhooks: customers/data_request, customers/redact, and shop/redact.

6. Sharing and sub-processors

We do not sell personal data. We share data only with infrastructure sub-processors strictly necessary to run the service (for example, our cloud hosting provider) and with Shopify. All sub-processors are bound by appropriate data protection terms.

7. Customer and merchant rights

  • Shoppers may request access to or deletion of their data through the merchant. We support these requests via Shopify’s data-request and redaction webhooks.
  • Merchants can remove all App data by uninstalling the App.
  • We respect applicable consent and opt-out decisions, including opt-out of alert emails.

8. International processing

Personal data may be processed in data centers outside the merchant’s or shopper’s country. Where required, we rely on appropriate safeguards for such transfers.

9. Changes to this Policy

We may update this Policy to reflect changes to the App or legal requirements. Material changes will be communicated to merchants, and the “Last updated” date above will change.

10. Contact

Questions or data requests: care@abibolabs.com