Privacy Policy
How Lyst handles data for the merchants who install our app and the shoppers who use it.
Introduction
Lyst ("Lyst", "we", "us") is a wishlist application for Shopify, operated by happyapps.cz, based in Prague, Czech Republic. This Privacy Policy explains what data we process when a merchant installs Lyst on their Shopify store and when shoppers use wishlist features on that store.
We act as a data processor on behalf of the merchant for shopper data, and as a data controller for the merchant account information we hold. We are committed to processing only the data we need to make the app work.
Information we collect
From merchants
- Store details provided by Shopify on install: store name, domain, email, plan, and country.
- App configuration you set, such as button placement, colors, and enabled features.
- Billing status, managed through Shopify's billing system.
From shoppers
- Products added to a wishlist and the wishlists they belong to.
- If a shopper opts in to alerts: an email address used only to send the alerts they requested.
- Anonymous usage events (for example, "item saved") used to power store analytics.
We never collect payment card details, and we do not sell personal data to anyone, ever.
How we use data
We use the data above only to operate and improve the wishlist experience:
- To save, display, and sync wishlists across a shopper's visits and devices.
- To send the price-drop and back-in-stock alerts a shopper has explicitly requested.
- To show merchants aggregate analytics about what their customers save.
- To provide support, prevent abuse, and keep the service reliable.
Data retention
Wishlist and configuration data is retained while the app is installed. If a merchant uninstalls Lyst, we delete the associated store and shopper data within 30 days, except where we are legally required to retain limited records.
Shoppers can clear their own wishlist at any time, which removes the underlying records.
Security
Data is encrypted in transit using TLS and encrypted at rest. Access to production systems is restricted to authorized personnel, logged, and protected by multi-factor authentication. We review our security practices regularly.
Your rights
Depending on where you live, you may have rights under the GDPR, CCPA, or similar laws, including the right to access, correct, export, or delete your personal data.
- Shoppers: contact the store you shopped with, or email us and we will route your request to the merchant who controls the data.
- Merchants: email us to exercise any of your rights regarding your account data.
We respond to verified requests within the timeframes required by applicable law.
Changes to this policy
We may update this policy as the app evolves or as the law changes. When we make material changes we will update the date at the top and, where appropriate, notify merchants in the app.
Contact us
Questions about privacy or a data request? Email [email protected] or use our contact page. Prague, Czech Republic.