pixel

Withfriends Trust & Privacy

We connect to your bookstore’s POS/e‑commerce (Bookmanager, IndieCommerce, Basil, Square, Anthology, Eventbrite, Shopify, and others) to run memberships. We process customer name, email, phone, and order info to power upsells, subscriber self‑serve, perks, and support, and we also provide them analytics on their memberships—only at your instruction. We don’t sell or share personal information for targeted advertising.

How we use your store data

We use customer name, email, phone, and order/ticket info to:

  • tailor checkout upsells that convert customers to members;
  • power a self‑serve membership dashboard and member perks (discounts, early access); and
  • generate conversion and discount usage reports for your dashboard;
  • tag active members in your POS/E‑commerce where possible;
  • help retain members by showing the value they received; and
  • support fraud prevention and audit if perks are abused.

Security & Vendors

We safeguard personal information using:

  • Encryption in transit and at rest
  • Least‑privilege staff access with enforced 2FA
  • Access logging and monitoring
  • A documented incident response process

Where data flows: we connect to Merchant‑selected POS/e‑commerce systems (Bookmanager, IndieCommerce, Basil, Square, Anthology, Eventbrite, Shopify, and others). These are integrations—systems you control. We process and return data only at your instruction to operate memberships (upsells, subscriber self‑serve, perks, support).

Subprocessors (short list): Stripe (payments) and optional Printful (perk fulfillment when a Merchant chooses to fulfill via Printful). A more detailed vendor list is available on request.

Shopify merchants: we honor Shopify’s mandatory GDPR webhooks—customers/data_request, customers/redact, and shop/redact. These allow us to fulfill access/deletion requests and remove shop data on uninstall.

DPA on Request & State Privacy

Need a Data Processing Addendum? We’ll sign the Common Paper DPA (v1.1). For a current view of the U.S. state privacy landscape, see the IAPP U.S. State Privacy Tracker. If you don’t require a standalone DPA, our Merchant Agreement includes Short Processor Terms designed for U.S. state contract requirements.

Request a DPA: privacy@withfriends.co

References