LEGAL

Privacy Policy

Effective Date: March 19, 2026

This policy applies to CrushSuite Compliance, CrushSuite Clubs, and CrushSuite Seats.

1. Who We Are

CrushSuite ("CrushSuite," "we," "us," or "our") is a software company that develops and operates a suite of Shopify applications — CrushSuite Compliance, CrushSuite Clubs, and CrushSuite Seats — designed for wineries, cideries, breweries, and other alcohol beverage producers selling direct-to-consumer through Shopify.

This Privacy Policy explains how we collect, use, share, and protect information in connection with our apps and website at https://crushsuite.com. By installing or using any CrushSuite app, you agree to the practices described in this policy.

Questions? Contact us at admin@crushsuite.com.

2. Information We Collect

2.1 Information from Merchants (Shopify Store Owners)

When you install a CrushSuite app, we receive information from Shopify necessary to operate the app. This includes:

  • Your Shopify store name, domain, and store ID
  • Your account email address and contact information
  • Your billing information (processed by Shopify — we do not store payment card data)
  • Store configuration data, including product catalogs, inventory, and shipping settings
  • Order data, including order IDs, line items, quantities, shipping destinations, and order status
  • Customer records from your store (names, shipping addresses, email addresses, purchase history)
  • App configuration settings you configure within CrushSuite

2.2 Information from Your Customers (End Users)

When your customers interact with CrushSuite features within your Shopify storefront or checkout, we may process:

  • Name, shipping address, and email address (from Shopify checkout)
  • Date of birth or age verification responses submitted through our age gate
  • State of residence for shipping eligibility determination
  • Order details sufficient to apply compliance rules and calculate fees

We process this data on behalf of you, the merchant, as a data processor. Your customers' relationship is with your store. We do not use your customers' data for our own marketing purposes.

2.3 CrushSuite Compliance — Additional Data

For merchants using CrushSuite Compliance, we additionally process:

  • VinoShipper account credentials and license data (when VinoShipper integration is enabled)
  • State-by-state DTC shipping license status and volume limits
  • Compliance fee calculations applied per order
  • Age verification records, including method of verification and outcome
  • Cumulative shipping volumes per customer per state for volume limit enforcement

2.4 CrushSuite Clubs — Additional Data

For merchants using CrushSuite Clubs, we additionally process:

  • Wine club membership records, including tier, join date, and status
  • Release schedule data and member allocation preferences
  • Recurring billing records, including billing cycle, amounts, and payment status
  • Member customization preferences (e.g., build-a-box selections)
  • Club cancellation and pause records

2.5 CrushSuite Seats — Additional Data

For merchants using CrushSuite Seats, we additionally process:

  • Reservation records, including date, time, party size, and guest name
  • Event and ticketing data, including event details, ticket types, and attendee information
  • Guest contact information provided at booking
  • Walk-in and waitlist records

2.6 Information Collected Automatically

When you use our website or apps, we automatically collect certain technical data:

  • IP address and approximate geographic location
  • Browser type, device type, and operating system
  • Pages visited, time spent, and navigation patterns
  • Referring URLs and exit pages
  • App performance data and error logs

3. How We Use Information

We use the information we collect for the following purposes:

3.1 Operating and Delivering the Apps

  • Enforcing state-by-state shipping rules and compliance restrictions at checkout
  • Calculating and applying alcohol compliance fees
  • Running age verification and address validation
  • Syncing data with VinoShipper and other integrated compliance partners
  • Managing wine club memberships, billing cycles, and release fulfillment
  • Processing tasting room reservations and event ticket sales
  • Generating compliance reports required by state regulators

3.2 Account and Billing Management

  • Creating and managing your CrushSuite merchant account
  • Processing subscription payments via Shopify's billing API
  • Sending billing confirmations, renewal notices, and payment failure alerts

3.3 Support and Communications

  • Responding to support requests and technical inquiries
  • Sending product updates, new feature announcements, and operational notices
  • Providing onboarding guidance and setup assistance

3.4 Improvement and Analytics

  • Analyzing usage patterns to improve app performance and features
  • Identifying and fixing bugs and errors
  • Developing new features based on merchant needs and feedback

3.5 Legal Compliance

  • Complying with applicable laws, regulations, and legal process
  • Enforcing our Terms of Service and other agreements
  • Protecting against fraud, abuse, and security threats

4. How We Share Information

We do not sell your data or your customers' data. We share information only in the following circumstances:

4.1 Shopify

Our apps operate within the Shopify platform. Shopify processes data in connection with your store in accordance with Shopify's Privacy Policy.

4.2 VinoShipper and Compliance Partners

If you have enabled VinoShipper integration within CrushSuite Compliance, we share order data, customer shipping information, and compliance-relevant details with VinoShipper solely for the purpose of fulfilling compliance obligations. This data sharing is governed by your agreement with VinoShipper.

4.3 Service Providers

We engage third-party service providers who assist us in operating CrushSuite, including cloud hosting providers, analytics services, and customer support tools. These providers are contractually required to handle data only as directed by us and in accordance with this policy.

4.4 Legal Requirements

We may disclose information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of CrushSuite, our merchants, or the public.

4.5 Business Transfers

If CrushSuite is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify affected merchants before any such transfer occurs.

5. Data Retention

We retain merchant and customer data for as long as your CrushSuite subscription is active and for a period of 90 days following account termination or app uninstallation, after which data is deleted or anonymized.

Compliance records — including age verification logs, shipping records, and tax calculation history — may be retained for up to 7 years where required by applicable state alcohol regulations or tax law.

You may request earlier deletion of your data by contacting us at admin@crushsuite.com. Requests will be processed within 30 days, subject to any legal retention obligations.

6. Shopify GDPR Compliance

In compliance with Shopify's requirements and applicable data protection law, CrushSuite supports the following data subject rights through Shopify's mandatory webhooks:

  • Customer Data Request: Upon receiving a request via Shopify's customers/data_request webhook, we will provide a report of personal data we hold for the specified customer within 30 days.
  • Customer Data Erasure: Upon receiving a request via Shopify's customers/redact webhook, we will delete or anonymize personal data associated with the specified customer, subject to legal retention requirements.
  • Shop Data Erasure: Upon receiving a request via Shopify's shop/redact webhook following app uninstallation, we will delete all merchant and customer data associated with the store within 90 days.

7. Your Privacy Rights

7.1 Merchants (GDPR / EEA)

If you are located in the European Economic Area, you have the right to access, correct, delete, or restrict processing of your personal data. You also have the right to data portability and the right to object to processing based on legitimate interests. To exercise these rights, contact us at admin@crushsuite.com.

7.2 California Residents (CCPA)

California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. CrushSuite does not sell personal information. To submit a CCPA request, contact us at admin@crushsuite.com.

7.3 All Users

Regardless of location, you may contact us at any time to request access to, correction of, or deletion of personal data we hold about you, subject to applicable legal requirements.

8. Security

We implement industry-standard technical and organizational measures to protect data against unauthorized access, loss, or destruction. These measures include encrypted data transmission (TLS), encrypted data storage, access controls, and regular security reviews.

No system is completely secure. In the event of a data breach that affects your data, we will notify you as required by applicable law.

9. Cookies and Tracking

Our website uses cookies and similar technologies to maintain session state, analyze usage, and improve performance. We use Vercel Analytics for anonymous, aggregate usage analytics. We do not use cookies to track your customers across third-party websites.

You can disable cookies through your browser settings, though doing so may affect the functionality of our website.

10. Children's Privacy

CrushSuite is designed for use by businesses and is not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. Age verification data collected through CrushSuite Compliance relates to your store's customers and is processed on your behalf as part of regulatory compliance.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice in the CrushSuite app at least 14 days before the changes take effect. Your continued use of CrushSuite after the effective date constitutes your acceptance of the updated policy.

The current version of this policy is always available at https://crushsuite.com/privacy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

CrushSuite

Email: admin@crushsuite.com

Website: https://crushsuite.com

Note: This Privacy Policy was last updated on March 19, 2026. While CrushSuite makes every effort to keep this policy accurate and current, merchants should consult with qualified legal counsel to ensure their own compliance obligations are met.