Data Protection

Increlon Affiliate - E2E is operated by Intulon under the Increlon Affiliate brand as a subsidiary business line of Intulon LLC.

Intulon aims to collect the minimum information required to authenticate merchants, run affiliate operations, and support attribution and commission workflows inside Shopify.

The current application stores shop records, app session records, affiliate records, campaign configuration, product snapshots, orders, commissions, and merchant-defined email template content.

Shopify requires public apps to subscribe to and respond to the mandatory privacy-law compliance webhooks for customer data requests, customer redaction requests, and shop redaction requests.

Increlon Affiliate - E2E is implemented to validate Shopify webhooks before processing them and to route privacy events through a dedicated webhook endpoint.

• customers/data_request: used to support requests to view stored customer data associated with the app.
• customers/redact: used to support deletion or anonymization requests related to customer-linked data.
• shop/redact: used after uninstall to erase shop-level data retained by the app.

• Customer data request events are recorded for compliance handling so Intulon can respond through the appropriate merchant-support process.
• Customer redaction events trigger anonymization of matching affiliate records when the stored affiliate email matches the email supplied in the Shopify webhook payload.
• Shop redaction events trigger deletion of the shop record and clearing of stored app sessions for that shop.

Operational data is retained for only as long as needed to provide the app, maintain merchant-visible history, satisfy recordkeeping needs, and comply with applicable legal obligations.

Where deletion is not immediately possible because retention is legally required, Intulon should limit further use of that data to the reason requiring retention.

• Use Shopify's app authentication and webhook-verification patterns before processing sensitive events.
• Restrict access to production data to authorized operational needs.
• Use secured transport and hosted infrastructure appropriate for a merchant-facing SaaS application.
• Review and update data-handling practices as the product, integrations, or regulatory expectations change.

Merchants seeking help with access, deletion, correction, or redaction requests should contact Intulon at support@intulon.com.

If Intulon appoints a dedicated privacy or data-protection contact in the future, this page should be updated to include those direct details.