Privacy Policy for Tectalic Wine Club

Effective Date: September 17, 2025 Last Updated: February 6, 2026

Introduction

Tectalic (ABN 71 113 915 601) is an Australian business committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Shopify app, Tectalic Wine Club Subscriptions (the “App”). The App provides subscription wine club facilities for Shopify-based wine merchants. By using the App, you consent to the practices described in this Privacy Policy. We comply with applicable data protection laws, including Australia’s Privacy Act 1988 (Cth), the European Union’s General Data Protection Regulation (EU GDPR), the United Kingdom’s General Data Protection Regulation (UK GDPR), and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). If you do not agree with this policy, please do not use the App. This policy applies to Merchants (as defined below) who install and use the App, and to the processing of Merchant Subscriber data that we handle on behalf of Merchants. Merchant Subscribers should refer to the relevant Merchant’s privacy policy for details on how their information is handled.

Definitions

For clarity, we use the following terms in this Privacy Policy:

• Merchant: A wine merchant offering wine club subscriptions through their Shopify store who installs and uses the App.
• Merchant Subscriber: An individual who subscribes to or uses the Merchant’s wine club services facilitated by the App.
• Personal Information: Any information that identifies or can be used to identify an individual, such as names, email addresses, or other contact details. This aligns with definitions under applicable Data Protection Laws (e.g., “personal data” under GDPR).
• Non-Personal Information: Aggregated or anonymized data that does not identify individuals, such as usage statistics or device information without personal identifiers.
• Data Protection Laws: Relevant privacy and data protection regulations, including Australia’s Privacy Act 1988, EU GDPR, UK GDPR, and CCPA.
• Services: The Shopify app providing subscription-based wine club services, including management of subscriptions, orders, and related activities for Merchants.
• Online Platforms: The Shopify App where the Services are accessed and provided.

Information We Collect

We collect information to provide and improve our Services. The types of information we collect depend on your role (e.g., as a Merchant or through Merchant Subscriber data processed on behalf of Merchants).

Merchant Data

• User-Provided Information: When you sign up or use the App as a Merchant, you provide us with information such as your name, email address, organization details, and contact details for billing purposes.

Merchant Subscriber Data

• Subscriber-Provided Information: We process information provided by Merchant Subscribers through the Merchant’s store, including name, email address, phone number, delivery address, wine club subscriptions, orders, and activity related to the wine club.

Merchant and Merchant Subscriber Data

• Automatically Collected Information: We may automatically collect data such as IP addresses, device information (e.g., browser type, operating system), usage statistics, and application performance metrics when interacting with the App.
• Information from Others: We receive data from Shopify, including store configuration, product data, subscription contract data, billing events, and related operational data necessary to provide the Services. We also receive email delivery status information (such as delivery confirmations, bounces, and spam complaints) from our email service provider.

Information We Do Not Collect

We do not collect, store, or process payment data for credit card transactions. Such information is transmitted, stored, and processed directly by Shopify or other payment processors you select.

How We Use Your Information

We use the information we collect for the following purposes, in compliance with Data Protection Laws:

• To deliver the Services to Merchants, including setting up and managing wine club subscriptions.
• To facilitate wine club subscription services for Merchants, such as processing orders and subscriptions.
• To provide support to Merchants, including access to information Merchants use to resolve delivery or chargeback disputes.
• For analytics to improve the App’s performance and user experience.
• For Merchant marketing purposes, such as sending updates or promotions (with opt-out options where required).
• To comply with legal obligations, such as responding to lawful requests or preventing fraud.

We distinguish between Personal Information and Non-Personal Information. Non-Personal Information may be derived from Personal Information but is anonymized so it cannot identify individuals. Under GDPR and UK GDPR, our legal basis for processing include contract performance (for service delivery), legitimate interests (for analytics and marketing), and legal compliance. For CCPA purposes, we use information for business purposes like auditing, security, and service provision.

Email Communications

We send transactional emails using a third-party email delivery service. This includes emails to Merchants (such as account notifications and service updates) and emails to Merchant Subscribers on behalf of Merchants (such as subscription confirmations, order notifications, and delivery updates). We maintain logs of emails sent, including recipient, subject, and delivery status, for service reliability and troubleshooting purposes. Our email service provider processes delivery confirmations, bounces, and spam complaints, which we use to maintain email deliverability and comply with anti-spam requirements.

Sharing Your Information

We may disclose information to trusted parties as necessary for our operations, always in line with Data Protection Laws:

• To our employees and affiliates who need access to perform their duties.
• To third-party service providers who assist in delivering our Services, including:
  • Platform providers (e.g., Shopify) for service operation and integration.
  • Email delivery services for transactional communications to Merchants and Merchant Subscribers.
  • Live chat providers for Merchant support, which may receive Merchant name, email, company name, and Shopify domain.
  • Cloud infrastructure and hosting providers for data storage and encrypted backups.
• As required by law, such as in response to subpoenas or regulatory requests.
• In the event of a business transaction, like a merger or acquisition, with appropriate safeguards.

We do not sell Personal Information as defined under CCPA. Recipients are bound by confidentiality and data protection obligations.

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies on our Online Platforms for the following purposes:

• Essential: To enable core functionality, such as session management.
• Performance: To analyze how users interact with the App.
• Functionality: To remember user preferences.

You can manage these through your browser settings or our opt-out tools. Essential cookies cannot be opted out of without affecting App functionality. Under CCPA, GDPR, and UK GDPR, you have rights to opt out of certain tracking.

Security

We implement commercially reasonable administrative, technical, and physical measures to protect your information from unauthorized access, loss, or alteration. This includes encryption, access controls, and encrypted backups maintained in secure cloud storage for disaster recovery. However, no system is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Data is primarily processed and stored in the United States. For transfers from the EU, UK, or Australia, we use adequate safeguards such as Standard Contractual Clauses or equivalent mechanisms to ensure compliance with Data Protection Laws.

Data Retention

We retain Merchant Data and Merchant Subscriber Data for as long as your account is active and as necessary to provide the Services. Upon uninstallation of the App, we initiate data removal processes in accordance with Shopify’s data protection requirements, including a brief grace period to allow for reinstallation. Certain operational data such as logs may be retained for a limited period for security and troubleshooting purposes. Certain data may be retained for a longer period where required by law (e.g., for tax, audit, or legal compliance purposes). After this period, data is securely deleted or anonymized. We retain Non-Personal Information indefinitely, where it does not identify individuals or is aggregated, and is not subject to retention requirements under applicable Data Protection Laws. Such data is retained for ongoing purposes, including analytics, research, product improvement, and other legitimate business operations.

Your Rights

Merchant Rights

As a Merchant, you have rights under Data Protection Laws, including:

• Access to your Personal Information.
• Correction of inaccurate data.
• Under GDPR and UK GDPR: Erasure (right to be forgotten), restriction of processing, objection to processing, and data portability.
• Under CCPA: Right to know, delete, and opt-out of sales (though we do not sell data).

To exercise these, contact us at privacy@tectalic.com. We respond within required timelines (e.g., 30 days under CCPA, one month under GDPR).

Merchant Subscriber Rights

Merchant Subscribers’ rights are managed by the relevant Merchant. We process Merchant Subscriber Data as a service provider (or “processor” under GDPR) on behalf of the Merchant, who is responsible for handling requests. If we receive a request directly, we will forward it to the Merchant.

Merchant Responsibilities

Merchants are responsible for complying with all Data Protection Laws regarding Merchant Subscriber Data. This includes obtaining necessary consents, providing privacy notices, and facilitating rights requests (e.g., access or deletion). Merchants must assist us in responding to any regulatory inquiries related to their Subscribers.

Exclusions

This policy does not apply to third-party websites or services linked from our App; review their policies separately. It also excludes information you publicly share, which may be visible to others.

Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or laws. We will notify you via email or the App for significant changes. Continued use after updates constitutes acceptance.

Complaints and Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our practices, contact our Data Protection Officer at privacy@tectalic.com. For complaints under Data Protection Laws, contacts include:

• In Australia: Office of the Australian Information Commissioner.
• In the EU: Your local data protection authority.
• In the UK: Information Commissioner’s Office.
• In California: California Privacy Protection Agency

We aim to resolve complaints promptly and fairly.