Privacy Policy

We are UpPromote, a part of Secomapp group. UpPromote (“us”, “we”, or “our”) operates the website (“website” or “site”) and provides Software-as-a-Service products to our business customers, including merchants, affiliates and others who have an account with UpPromote (“merchants”, “affiliates”) and customers of merchants (“customers”). This Privacy Policy will explain how our website uses the personal data we collect from you when you use our website.

By accessing or using this website or any of our apps or services, you signify your approval of the terms set out in this Privacy Policy and other terms and policies posted on our website. If you do not agree to this Privacy Policy, you must leave this website and discontinue all use of any of our Services.

1. What data do we collect?

UpPromote only collects necessary information in order to allow the app to function properly, we collect the following data through Shopify APIs:

  • Merchant information (Name, email address, phone number, address.)

  • Data from your store: products, orders, discounts, customers (customer ID, name, email, phone, address)

2. How do we use your data?

We do not sell your personal data to other organizations for commercial purposes. We only use your data for your affiliate program. If our service is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to provide our services to you.

We only use your data for reasons that we have a legal basis to do so.

Here’s how we use it:

To run your affiliate program

Managing different parts of your affiliate program like logging you into your UpPromote dashboard, settings and preferences, processing payments, tracking referrals and how Affiliates use your affiliate program, inviting Customers to take part, and sending you updates about the affiliate program.

To improve UpPromote

Tracking the experience of using UpPromote, testing features, getting feedback, managing landing pages, researching and analyzing data including profiling and, in some instances, using third parties to do this.


Provide support and resolve issues via live chat or email, informing you about changes to our service and how the affiliate program is doing.


Sending emails and messages to you about updates to your affiliate program, changes to the service, new features, products and services and content.

Personal information may also be shared with a company that acquires our business, whether through merger, acquisition, bankruptcy, dissolution, reorganization, or other similar transaction or proceedings. If this happens, we will post a notice on our home page.

3. Use of UpPromote by Children

UpPromote is not intended for children. If you are under 13, you may use the site and services only with the supervision of your parents or guardian.

4. Your privacy choices

You can choose not to provide us with personal data

In cases where you are presented with the option of providing us with personal data, you can decline to do so. If you decline to do so, you can still browse our website page, but we will not be able to run an affiliate program for you.

You are able to turn off cookies in your browser

You can change the settings in your browser to turn off cookies. You can also delete cookies in your browser settings. Note that certain features of our service may not function properly without the aid of cookies.

Opt out of Emails

Merchants and Affiliates can always opt out of receiving emails from UpPromote by following unsubscribe instructions in emails sent by UpPromote or by emailing us at

5. What are your data protection rights?

You have the following data protection rights:

Right to access information

If you request it, we will provide you with this information within one month of the request unless doing so would adversely affect the rights and freedoms of others. We will let you know if we are unable to do so because of that reason.

Right to rectify inaccurate personal data

You are able to change personal data (name, contact information) in your UpPromote account. If you want us to correct any other personal data that you aren't able to correct yourself, you can directly contact us via live chat or email us at with a request to do so.

Right to object to the use of your data for profiling or making automated decisions about you

We use your data to figure out what information is relevant to you to give you a better experience (like using your usage information to determine the content of emails sent to you or determining what to show you on your account). We will only do this to provide and improve your experience with the UpPromote service.

Right to port your data to another service

If you request it, we will hand you a copy of your data in CSV format within one month of request so you can provide it to another service. We will not do so if the request adversely affects any rights and freedoms of others.

Right of erasure

You can ask us to delete any personal data that we have about you, provided that it is no longer needed for us to use that data for purposes of your use of UpPromote.

Right to lodge a complaint regarding our use of your data

You can address any complaints to the supervisory authority in the Member State of your residence or place of work. Before you do so, please bring it up with us so we can address your concerns.

To exercise any of these rights, please contact us at

If you are a merchant’s customer and wish to exercise these rights, please contact the merchants you interacted with directly — we serve as a processor on their behalf and can only forward your request to them to allow them to respond.

6. Retention

Your personal data and the store's data will be deleted within 48h after the app is uninstalled. If you wish to make a request to have your data removed immediately, either as a merchant of the platform or as a buyer from a store, please contact us through We may require that you provide us with acceptable verification of your identity before providing access to such information.

7. How we protect your data

We take data protection seriously. We have a variety of administrative and electronic measures that are designed to protect your personal data against unauthorized access, usage or disclosure.

Third parties who process your data

We use third parties to help us to offer and run the affiliate program for you more effectively. When we do this, sometimes we need to share your data with them for their services to work well. The sharing only happens when it is strictly necessary and done so with the safeguards and practices detailed in this privacy policy.

There are also instances where you voluntarily connect third-party services to your UpPromote account. When you do so, we may need to share your data with them in order to provide you with a seamless experience when running your affiliate program.

Customer Information provided to UpPromote is also subject to the Merchant's Privacy Policy.

We recommend that you read the privacy policies of the Merchant and third-party service providers so you can understand the manner in which your personal information will be handled by them.

8. How long do we store your data?

We keep your data as long as you're using UpPromote. When you uninstall the app, we will erase all your personal data and customer data on your store (if it is saved in the system) within 48 hours.

9. Data loss prevention policy

We keep the daily data backups within 30 days and within the latest 24 hours, we create the data backups every one hour.

10. Where do we store your data?

Your data is stored through Digital Ocean’s databases on a secure server behind a firewall. We might transfer and store the data we collect from you somewhere outside the European Economic Area (‘EEA’).

11. Cross-border transfer

UpPromote processes and stores personal information using our server(s) based in the United States.

If you are located outside of the United States, note that your personal information and other information that we collect through this website and our apps may be transferred to the United States. By accepting this Privacy Policy, using our website, or providing us with any personal information, you agree to the transfer of information to the United States.

12. How we respond to Do Not Track (DNT)

Because there is no legal or industry standard at this time, we do not respond to "DNT" signals. We are closely monitoring the work of the privacy community to determine when such a response is appropriate and what form it should take.

13. Cookies

We use cookies when you interact with UpPromote. You can always choose to block cookies using your browser settings. UpPromote and third parties that we use set cookies whenever you interact with UpPromote. These cookies may be session cookies which are deleted when you leave UpPromote, or persistent cookies which do not delete themselves and enable us to recognize you when you return so we can provide a better experience for you.

14. Security incident response policy

The purpose of this policy is to provide a structured approach for detecting, reporting, assessing, and responding to security incidents in order to minimize the impact of incidents on the businesses' operations, reputation, and assets.

Incident severity scales

  • Level 1 (Low): Incidents that have minor impact and can be resolved quickly without causing significant damage.

  • Level 2 (Moderate): Incidents that have a noticeable impact on the organization and require immediate attention to avoid further damage.

  • Level 3 (High): Incidents that have a severe impact on the organization's operations and require immediate action to contain and resolve the incident.

Roles and responsibilities

  • Incident Response Team (IRT): The team responsible for responding to security incidents, consisting of IT staff, security personnel, and any other relevant stakeholders.

  • Incident Coordinator: The individual responsible for managing the incident response process, including coordinating with the IRT and other stakeholders, assessing the severity of the incident, and ensuring that the response is effective.

  • IT/Security Staff: Responsible for identifying, investigating, and resolving security incidents.

Escalation paths

  • Incident Reporting: All incidents must be reported to the Incident Response Team (IRT) as soon as they are identified. This can be done through a dedicated incident reporting system, an email address, or a phone number. The incident report should include a description of the incident, the impact it is having on the organization, and any relevant evidence.

  • Initial Assessment: The IRT will conduct an initial assessment of the incident to determine its severity and impact. Based on this assessment, the IRT may decide to escalate the incident to a higher level.

  • Level 1 Escalation: For low-level incidents, the IRT may be able to resolve the incident without escalating it further. This may involve implementing temporary fixes, applying security patches, or updating security policies.

  • Level 2 Escalation: For moderate-level incidents, the IRT will escalate the incident to the Incident Coordinator. The Incident Coordinator will assess the incident and determine the appropriate response, which may involve involving additional resources or experts. The Incident Coordinator will also communicate with relevant stakeholders, such as management and legal, to keep them informed of the incident and any response actions.

  • Level 3 Escalation: For high-level incidents, the IRT will escalate the incident to senior management or executive leadership. This may involve activating the organization's emergency response plan or bringing in outside experts or consultants to assist with the response. The Incident Coordinator will continue to coordinate the response but with additional oversight from senior management or executive leadership.

Evidence collection

As soon as an incident is detected or reported, all relevant systems, devices, and logs will be preserved to prevent any further modifications or deletions of data. This includes collecting and preserving electronic data, such as system logs, network traffic, and application data.

Required actions

  • Incident Identification: All employees will be trained to identify and report any security incidents as soon as they are detected. This includes reporting any suspicious activities, unauthorized access, data breaches, malware infections, and other security-related incidents.

  • Incident Categorization: The IRT will conduct an initial assessment of the incident to determine its severity and impact. The incident will be categorized based on a predefined severity scale to determine the appropriate level of response.

  • Incident Containment: The IRT will take immediate action to contain the incident to prevent further damage or loss of data. This may involve isolating affected systems, disabling network connections, or shutting down affected services.

  • Incident Analysis: The IRT will analyze the incident to determine the root cause and identify any indicators of compromise. This may involve collecting and analyzing system logs, network traffic, and other relevant data.

  • Incident Response: The IRT will develop a response plan based on the severity of the incident and the impact it is having on the organization. The response plan should include clear procedures for communication, coordination, and collaboration among the IRT members and other relevant stakeholders.

  • Incident Recovery: The IRT will work to restore normal operations as soon as possible while ensuring the security of the systems and data. This may involve restoring from backups, patching vulnerabilities, or rebuilding systems.

  • Incident Review: After the incident has been resolved, the IRT will conduct a post-incident review to identify any lessons learned or areas for improvement. This review will be used to update the organization's security incident response policy and procedures to better prepare for future incidents.

15. Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon our posting on the website. If we make material changes to this policy, we will notify you here that it has been updated so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

16. How to contact us

If you have any questions regarding this Privacy Policy, please contact us by emailing

Last updated