Privacy Policy · Effective 2026-06-01 · Last updated 2026-06-05
1. Who We Are
Zigana ("we", "us", "our") is a Shopify email-marketing application operated by Harun Ketenci / AI Saturn. Contact: destek@harunketenci.com.
This policy explains what data we collect, how we use it, and the rights available to merchants and their customers when they use Zigana.
2. Data We Collect
From merchants (Shopify store owners):
Shop domain and access tokens (required to operate the app inside Shopify).
Popup configurations, including text, colours, discount codes, and trigger settings you create in the admin panel.
Support messages you send us through the in-app help centre.
From storefront visitors (your customers):
Email address — collected only after the visitor voluntarily submits the popup form. Stored as a pending subscriber until they confirm via the double opt-in email. Confirmed email and consent status are synced to the merchant's Shopify Customer record.
Aggregate event counts (impressions, form submissions, confirmations, dismissals) — no individual tracking, no IP, no device fingerprint stored in these counters.
We do not collect payment card data, passwords, browsing history outside of Zigana popups, or any Sensitive Personal Information as defined by applicable law.
3. How We Use the Data
To display and operate the popups and spin-wheel experiences on your storefront.
To send the double opt-in confirmation email to subscribers (transactional only — we never send marketing email to visitors on your behalf without your explicit campaign instruction).
To display analytics in the Zigana admin dashboard (aggregate counts only).
To provide customer support when you open a request.
To comply with Shopify's Platform requirements and applicable law.
We do not sell, rent, or share personal data with third parties for advertising purposes.
4. Legal Basis (GDPR)
Where GDPR applies, we process data under the following bases:
Contract performance — processing merchant account data to deliver the service.
Legitimate interest — aggregate analytics to improve the product.
Consent — storefront visitor email collection is based on the visitor's freely given, specific, informed consent (via the popup form and confirmed via double opt-in).
5. Data Retention
Merchant and popup data: retained for the duration of the app installation, then purged within 48 hours of uninstall (triggered by Shopify's shop/redact webhook).
Subscriber data: retained until the merchant deletes the subscriber, the subscriber unsubscribes, or the shop is redacted.
Support messages: retained until the ticket is closed and 90 days thereafter.
6. Your Rights (Visitors / Data Subjects)
If you are a visitor who signed up through a Zigana popup on a merchant's store, your data is processed on behalf of that merchant. To exercise your rights (access, rectification, erasure, portability), please contact the merchant directly — they are the data controller for your email address. Merchants may also submit a Subject Access Request on your behalf through Shopify's privacy tools, which will automatically notify us.
Merchants may also contact us at destek@harunketenci.com to exercise their own rights or to report a concern.
7. Security
We implement industry-standard safeguards: HTTPS everywhere, HMAC-verified webhooks, bot-protection on all form submissions (Cloudflare Turnstile + honeypot + rate-limiting), multi-tenant data isolation (every database query is scoped by shop), and no personal data in application logs.
All processors operate under Data Processing Agreements compliant with GDPR.
9. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated to active merchants via a banner in the Zigana admin panel at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.