Icon search

EasyGift - Privacy Policy

Last updated: 12 June 2026

Your privacy is important to us. Learn how we collect, use, and protect your information when you use the EG Auto Add to Cart Free Gift app ("EasyGift", the "App").

This Privacy Policy ("Policy") explains the information collection, use, and sharing practices of Shop Circle Holdings Ltd (trading as 506), One Kingdom Street, Paddington Central, London W2 6BD, United Kingdom ("we", "us", "506" and "our") in connection with the App.

Shop Circle Holdings Ltd reserves the right to update this Privacy Policy from time to time. Your continued use of our Services after any such changes constitutes your acceptance of the revised Policy.

The App is designed to be used by merchants ("Store Owners") on the Shopify platform. Unless otherwise stated, references to collecting, using, or disclosing personal information in this Policy describe actions taken by the Store Owner (as the data controller), carried out through the functionality of the App.

Before you use or submit any information through or in connection with the Services, please carefully review this Privacy Policy. By using any part of the Services, you understand that your information will be collected, used, and disclosed as outlined in this Privacy Policy.

Information We Collect

We collect information in multiple ways, including when you provide information directly to us, when the Shopify platform provides information to us, and when information is collected automatically.

Information You Provide Directly

Some areas of the Services may require you to submit information in order for you to benefit from specified features (such as support requests or onboarding details) or to participate in a particular activity. You will be informed what information is required and what information is optional.

Information from the Shopify Platform

When you install the App, we receive information from the Shopify platform that is necessary to provide the Services. This includes store data, configuration data and operational data that merchants share with us through installing and using the App.

The specific categories of data we process through EasyGift include: merchant contact information (store owner name, email address, store contact details); store data (store name, domain, Shopify plan, locale, settings); cart and order data (order ID, products ordered, quantities, discounts, promotion rule triggers and outcomes); product and collection data (products, variants, collections, prices); and gift and promotion rule configurations; device and usage information (IP address, browser type, device information, session behaviour); app usage analytics (feature usage, dashboard interactions); and cookie data (session ID, CSRF token, Shopify OAuth tokens).

We do not store the contact details of your store's end customers (such as customer names, email addresses, phone numbers, or shipping addresses). Where end-customer fields are present in data made available to the App through Shopify's APIs, they are displayed directly from those APIs and are not retained in our systems. Where the App provides storefront-facing functionality (such as geotargeted promotion rules), limited visitor device data (such as IP address and approximate location) is processed transiently in order to deliver that functionality and is not stored in our systems.

Information Automatically Collected

We automatically collect certain information when you visit the Services. This information includes your IP address, browser type, device type, operating system, referring URLs, and information about the usage of our Services, including information collected through cookies, pixel tags, and other tracking technologies.

We use Google Analytics and Mixpanel for analytics. Google Analytics and Mixpanel collect and process data about your use of the Services.

Aggregate/De-Identified Information

We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device. We may use such information for any purpose, including without limitation for research and marketing purposes, and may also share such data with third parties.

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve the Services;
  • To communicate with you, including to respond to your comments, questions, and requests;
  • To monitor and analyse trends, usage, and activities in connection with our Services;
  • To detect, investigate, and prevent fraudulent transactions and other illegal activities;
  • To personalise and improve the Services and provide content or features that match your profile and interests;
  • For any other purpose for which the information was collected.

Legal Bases for Processing

Where the UK GDPR or EU GDPR applies and we act as a controller, we rely on the following legal bases to process personal data: (a) performance of a contract, where processing is necessary to provide the Services in accordance with our Terms of Use; (b) our legitimate interests, including improving and securing the Services, analysing usage, and communicating with merchants, except where those interests are overridden by your interests or fundamental rights and freedoms; (c) consent, where required (for example, in relation to certain analytics cookies), which you may withdraw at any time; and (d) compliance with our legal obligations. Where we act as a processor on behalf of the Store Owner, the Store Owner is responsible for establishing the legal basis for the relevant processing.

AI-Powered Features

The App may include features that use artificial intelligence to generate insights or suggestions. Where such features are provided, we use third-party AI providers (currently Anthropic, PBC) to deliver them and take steps to minimise the personal data shared with such providers to what is necessary to provide the relevant feature. End-customer contact details are not shared with AI providers. AI-generated outputs are provided for informational purposes only.

How We Share Your Information

We may share your information in the following situations:

  • With third-party vendors, consultants, and other service providers who need access to such information to carry out work on our behalf;
  • In response to a request for information if we believe disclosure is in accordance with, or required by, any applicable law, regulation, or legal process;
  • If we believe your actions are inconsistent with our user agreements or policies, or to protect the rights, property, and safety of us or others;
  • In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company;
  • With your consent or at your direction.

Third-Party Services and Websites

The Services may contain content from and hyperlinks to websites, locations, platforms, and services operated and owned by third parties. These third parties may use your information in ways that differ from this Privacy Policy. We encourage you to review the privacy policies of these third parties.

Online Analytics

We use third-party analytics services (Google Analytics and Mixpanel) on our Services to collect and analyse usage information through cookies and similar technologies. The information is used to analyse the use of the Services, including the frequency with which users visit various parts of the Services and what features they use.

International Transfers and EU and UK Data Subject Rights

Our primary application infrastructure and data servers are located in the United States. If you are located in the European Economic Area ("EEA") or the United Kingdom, please note that we transfer information, including personal information, to the United States, a jurisdiction that does not have the same data protection laws as your jurisdiction.

Where we transfer personal data outside the EEA or the United Kingdom, we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and/or the UK International Data Transfer Addendum issued by the ICO under Section 119A of the Data Protection Act 2018.

Under certain circumstances, you have rights under data protection laws in relation to your personal data, including the right to:

  • Request access to your personal data
  • Request correction of your personal data
  • Request erasure of your personal data
  • Object to processing of your personal data
  • Request restriction of processing
  • Request transfer of your personal data
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority (in the UK, the Information Commissioner's Office (ICO); in the EU, the relevant national data protection authority)

If you wish to exercise any of these rights, please contact us at support@506.io.

Data Controller and Processor

For the purposes of applicable data protection law, the Store Owner (merchant) is the data controller in respect of the personal data of their store that is processed through the App. Shop Circle Holdings Ltd acts as a data processor on behalf of the Store Owner. In relation to certain analytics, usage data, and account information, Shop Circle Holdings Ltd acts as an independent data controller.

Data Retention

We retain personal data for as long as the App is installed on your store and for as long as necessary to provide the Services. Following uninstallation of the App, personal data is deleted or anonymised in line with the timeframes applicable to Shopify apps, including completion of deletion requests received through Shopify's privacy webhooks within thirty (30) days of receipt, unless a longer retention period is required by applicable law (for example, for tax, accounting, or fraud prevention purposes). Aggregated or de-identified data that can no longer be linked to you or your device may be retained for analytics purposes.

Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us at support@506.io and we will take steps to delete such information.

Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with a supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO) at https://ico.org.uk. In the EU, you may contact your local data protection authority.

Security

We take steps to ensure that your information is treated securely and in accordance with this Privacy Policy. While no method of transmission or storage can be guaranteed to be completely secure, we maintain technical and organisational measures designed to protect your information and we keep those measures under review.

Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. We encourage you to review this Policy periodically.

Governing Law

This Privacy Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of England and Wales. The courts of England and Wales shall have non-exclusive jurisdiction.

Contact

For questions about this Privacy Policy, contact us at support@506.io.

Terms of Use

Data Processing Addendum

Got questions? We have answers.

Help Center
Contact Support

Amazing apps that give your Shopify store superpowers.
Powered by Shop Circle

Links
Images and icons from icons8.com
© 506 is a trading name of FiftyPoint6 Holdings Ltd