Lookya

Privacy Policy

Effective Date: April 18, 2026

This Privacy Policy describes how Tim Wessels UG (haftungsbeschränkt) (“we”, “us”, or “Lookya”) collects, uses, and processes personal data in connection with the Shopify app Lookya (the “App”).

We are committed to protecting personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Controller Information

Tim Wessels UG (haftungsbeschränkt)
Blockener Str. 38
28816 Stuhr
Germany

Email: support@mapmigo.io

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • The Lookya Shopify app used by merchants
  • The storefront lookbook widget displayed in Shopify stores

Merchants using the App are the data controllers for any personal data of their customers.
We act as a data processor on behalf of the merchant for such data.

For data related to merchant accounts and app usage, we act as the data controller.

3. Data We Process

3.1 Merchant Data

We process the following data about merchants:

  • Shop domain
  • Shopify OAuth tokens
  • Merchant user information (such as name, email, and user ID)

This data is required to provide and operate the App.

3.2 Lookbook Configuration Data

We store merchant-created content, including:

  • Product IDs and references
  • Lookbook layouts and settings
  • Hotspot positioning data
  • Uploaded or linked images

This data does not include personal data of shoppers.

3.3 Product Data

We access product data from Shopify, including:

  • Product IDs
  • Titles
  • Images
  • Variants and pricing

This data is primarily retrieved directly from Shopify and is not permanently stored, except where necessary for configuration.

3.4 Order Data

We process limited order data via Shopify webhooks, including:

  • Order ID
  • Total price and currency
  • Product IDs, quantities, and prices
  • Cart line item properties used for attribution

We do not process or store customer personal data such as names, email addresses, or addresses.

3.5 Shopper Interaction Data (Analytics)

When shoppers interact with a lookbook, we process:

  • Lookbook ID
  • Product ID
  • Timestamp
  • Event type (view, add-to-cart, purchase)
  • Shopify customer ID (only if provided by Shopify for logged-in users)

We do not collect IP addresses, user agents, or referrer data.

4. Purposes of Processing

We process data for the following purposes:

  • Providing and operating the App
  • Displaying lookbooks on storefronts
  • Measuring performance (views, clicks, purchases)
  • Attributing revenue to lookbooks
  • Maintaining and improving the App
  • Providing customer support

5. Legal Basis for Processing

Where applicable under GDPR, we rely on the following legal bases:

  • Contract performance (Art. 6(1)(b) GDPR) – to provide the App to merchants
  • Legitimate interests (Art. 6(1)(f) GDPR) – to improve functionality and analytics
  • Legal obligations (Art. 6(1)(c) GDPR) – where required by law

6. Shopify Data Access

The App uses the following Shopify API permissions:

  • read_products
  • read_orders
  • write_files
  • read_files
  • read_themes
  • read_locales
  • write_app_proxy

These permissions are limited to what is necessary for the App to function.

7. Analytics and Attribution

Lookya measures:

  • Lookbook views
  • Add-to-cart events
  • Purchases linked to lookbooks
  • Revenue generated from lookbooks

Attribution is performed using Shopify cart line item properties:

  • _lookbook_id
  • _impression_id

No tracking across sessions or devices is performed.

8. Cookies and Tracking Technologies

Lookya does not set cookies or use local storage for tracking purposes.

No tracking technologies are used to identify users across sessions or websites.

Shopify may set cookies necessary for store functionality, which are outside our control.

9. Data Sharing and Subprocessors

We only share data with necessary service providers:

  • Shopify (platform services)
  • DigitalOcean (hosting and database infrastructure in the EU)
  • Slack (internal notifications)
  • Crisp (merchant support chat)

We do not sell personal data.

10. International Data Transfers

Data is primarily processed within the European Union.

Where data is transferred outside the EU, appropriate safeguards such as Standard Contractual Clauses are used.

11. Data Retention

  • Data is retained only as long as necessary to provide the App
  • Data is deleted after uninstall via Shopify’s shop/redact process (typically within 48 hours)
  • OAuth session data is deleted immediately upon uninstall
  • Backup data is retained for a limited period by our hosting provider

12. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest
  • Access controls and authentication
  • Secure webhook validation
  • Regular system updates

13. Data Subject Rights

Under applicable law, individuals may have rights to:

  • Access personal data
  • Request correction
  • Request deletion
  • Restrict or object to processing

Store visitors should contact the respective merchant directly, as the merchant is the data controller.

Merchants may contact us directly.

14. Contact

Tim Wessels UG (haftungsbeschränkt)
Blockener Str. 38
28816 Stuhr
Germany

Email: support@mapmigo.io

Imprint