top of page

Circle Menu Privacy Policy

1. Introduction

Circle Menu (the “App”) is an application developed and licensed by Hurdle Apps, a company incorporated under the United States, TN law with its corporate seat in 100 Cherokee Blvd, Ste 122, Chattanooga, TN 37405, (the “App Provider”, “we”, “us”, “our”). The App provides the option of creating a story-style menu (the “Service") to merchants who use Shopify to power their stores (the “Merchant”, “you”). This Privacy Policy helps you understand how personal information is collected, used, and shared when you, as a Merchant, install or use the App in connection with your Shopify-supported store.

By installing and using the App in connection with your Shopify-supported store you are accepting and consenting to the practices set out in this Privacy Policy.

When you install the App, we are automatically able to access certain types of information from your Shopify account: Your Personal Data, Access to your Theme files, Access to add Shopify Script Tags to your Website, Products, Collections, Pages, Blogs, Blog Posts, Locales.

Our Privacy Policy is subject to updates from time to time in order to reflect operational, legal or regulatory reasons. When we do so, we will give you notice of such changes by posting the revised policy on our Website, or within the App, and where appropriate, by other means, so you can always have access to details about the information we collect, how we use it, and under what circumstances, if any, we disclose it. Any such change, material or otherwise, shall enter into force with immediate effect at the publishing date. By continuing to use our App after the updated Policy is posted, you agree to the revised Policy.

2. Personal Information the App Collects and Processing Purposes
2.1. Information from Merchants

When you install and use our App, we are automatically able to access certain types of information from your Shopify account such as: your name, company name, your Shopify-supported store URL, address, email address.

We will also collect and process data that you provide directly to us, for example your selected membership plan or any changes thereof. Additionally, we collect data such as how and when you access your account (access logs), including information about the device and browser you use, your network connection and your IP address, the configuration you choose to make to our App, history of payments and logs of install/uninstall or any other actions or activity while using our App.

We use this information to give you access and provide you with our Services; for example, to confirm your identity, provide you access on the Settings page of our App, to contact you in order to provide support, confirm install or uninstall actions for our App; end of trial period notifications; to conduct customer satisfaction surveys; automatic out-off-the-office notifications; notifications for updates to the App; end of discounts period and history of your payments with Shopify for your membership plan through the Shopify Billing API and to make sure that we comply with legal requirements. We also use it to make our App interface easier to use and to personalize the Services for you; for example to translate the App in your language.

In certain cases, in order to solve technical issues, we might request access to some sections of your Shopify Admin. It is your responsibility to allow us access only to the sections we requested and once the technical problem is solved you agree to delete our access from your Shopify Admin.

Your data shall be used only for the above processing purposes for which they were originally collected. The data may be processed for a legitimate purpose different than the above processing purposes only if such legitimate purpose is closely related to the processing purposes. In case of any intention to further process the data for a purpose other than the processing purposes under this Privacy Policy, we shall provide you, prior to that further processing, with relevant and detailed information on the envisaged processing.

2.2. Information from Merchant's customers and visitors of the Merchant’s store

When you install and use our App, we do not collect, process or retain any personal data of the customers or visitors or your Shopify store.

2.3. Information from Hurdle Apps website visitors

As you visit or browse our websites, we collect information about the device and browser you use, your network connection, your IP address, and information about the cookies installed on your device. We also collect this information when you engage with us either by email or web form. We also collect any additional information that you might provide to us. We use this information, to provide and enhance our Services, including supporting or servicing your account, if applicable.

2.4. Information from cookies and similar tracking technologies

“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.

We use cookie technology for our App [functional cookies] to recognize your device and to keep you logged into your account. We also use them to provide and enhance our Services, including supporting or servicing your account, if applicable.

We may also use cookies [behavioral cookies] to serve targeted ads from Google, Facebook, and other third-party vendors, conditioned by your opt-in consent.

We are using Google Analytics to analyse information gathered from you when using the App in the Shopify Admin. Google Analytics uses cookies [behavioral cookies] as well. This information allows us to better understand the users of the App, and how they use the App in order to improve our Services.

For more information about cookies, and how to disable cookies, visit

If you decide to opt out of certain types of this processing, disable the storage of cookies or remove registered cookies, please see the links above.

We also use “Log files” to track actions occurring on the Hurdle Apps websites, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. This information is collected for security purposes in order to prevent different types of attacks such as a DDOS attack.

“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Site.

Google Analytics uses "web beacons" and "tags" only when using the App in the Shopify Admin. This information allows us to better understand the users of the App, and how they use the App in order to improve our Services.

3. How Do We Use Your Personal Information?

We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Additionally, we use this personal information to: Communicate with you; Optimize or improve the App; and Provide you with information or advertising relating to our products or services, as detailed in Section 2 above.

4. Sharing Your Personal Information

It is our policy that this Data will not be disclosed, shared with, sold or rented to third parties other than expressly provided under this Privacy Policy.

We may share your data, by disclosure or providing remote access, exclusively to the extent necessary to serve the applicable processing purposes for which your data is collected and processed and only through secured applications, to third parties such as commercial partners, acting as data processors for and on behalf of the App Provider (e.g. e-mail services provider, hosting, cloud - based help desk solution, legal and financial advisors, payment processor provider, technical support service providers or service providers providing dispatch support), with whom we made the necessary contractual agreements required by EU and national regulations.

Please note that some of these recipients may be located outside EU, and your personal information may be stored and processed in such jurisdictions for the processing purposes described in this Privacy Policy. You expressly agree to the transfer of your personal data to such data processors.

In addition, we may disclose the data in order to comply with the law or in response to a request from a court or other legal authority, such as a warrant or a subpoena. We might also share the information if we believe, in good faith, that it is necessary to prevent or address frauds, protect our legitimate interests or to enforce the Terms and Conditions.

5. Retention Period

Personal data collected and used for the supply of the Services by the App Provider will be stored:

  • personal data of the Merchant for a period of 60 days after uninstallation, to ensure technical assistance, if needed, after uninstalling the App;

  • name and e-mail address of the Merchant in an archive of Accepted Terms and Conditions and Privacy Policy records for a period of 10 years after uninstallation for complying with our legal obligations (such as maintain business records for legal, administrative, audit and taxation purposes).

  • support e-mails are kept for 120 days after the support ticket has been closed. After which it will be archived 10 years for legal purposes.

  • log files are only kept for a period of 30 days.

Promptly after the applicable storage period has ended, the data shall be:

  • (a) securely deleted or destroyed; or

  • (b) transferred to an archive (unless this is prohibited by law or an applicable records retention regulation); or

  • (c) anonymized in the case of information related to website visits, without identifiers, in order to improve our services.

6. Security

We are aware that the security of your private information is an important concern. The protection of your personal data is highly important for us, data protection and the protection of personal privacy being a priority for our business.

The following principles are central to how we process the Data:

  • Transparency and fairness: When we collect and process your personal information, we inform you as to who collects and receives these data, and the reasons for this. When required by law, we always seek your prior consent (e.g. before collecting any sensitive information). We never use your personal information for purposes that are incompatible with the processing purposes outlined herein.

  • Legitimacy: We do not collect or process personal information without a lawful reason. We use your personal information only for appropriate business purposes (e.g. to provide the Services, manage relationships with Merchants, perform accurate invoicing, to better serve customers, to conduct satisfaction surveys or draft reports and comply with our legal obligations).

  • Minimization: We only collect the personal information strictly necessary for data processing, as set out in this Privacy Policy. We collect sensitive information only where relevant. We take all reasonable measures to ensure that your personal data on record is accurate, complete and up to date.

  • Privacy: We endeavor to ensure privacy when implementing personal data processing. To this end we also carry out privacy impact assessments to ensure that our safeguards are appropriate and that your information is protected.

We have taken technical and organizational measures to ensure a level of security appropriate to the risks that are presented by processing, in particular from misuse or accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition or access, willful or accidental manipulation, access by third parties, deletion and modification. We have taken technical measure to ensure that the access to our Site/App related databases by our employees and/or commercial Partners acting as administrator of the Site is granted only for the processing purposes detailed under this Privacy Policy.

We follow industry standards on information security management to safeguard personal information entrusted to us. Nevertheless no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your personal information.

You shall be notified with respect to a data security breach, within a reasonable period of time following discovery of such breach, unless a law enforcement official determines that notification would impede a criminal investigation or cause damage to national security. In this case, notification shall be delayed as instructed by such law enforcement official. We shall promptly respond to your enquiries relating to such data security breach.

7. Data Subjects Rights with respect to processing of their personal data

According to applicable data privacy regulation, including without limitation the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), you have the following rights:

Access. You have the right to obtain a confirmation (free of charge if once per year) as to whether or not data concerning you is being processed and, where the case, access to the data and the following information: purpose of the processing, personal data concerned, recipients of the data, storage period, your rights under the data protection regulations and the source of the data.

Rectification. You have the right to obtain, without undue delay, the rectification of inaccurate personal data. You can do this by changing the information from your Shopify Account settings page, or by emailing us at

Erasure. You have the right to request erasure of your personal data provided that conditions for such operation are met under the applicable law. You can request the deletion of your personal information in the following cases:

  • if your personal information is no longer necessary for the purpose of the data processing;

  • if you have withdrawn your consent for data processing based exclusively on such consent;

  • if you objected to the data processing;

  • if the personal information must be erased to comply with a legal obligation to which the App Provider is subject.

It’s important to remember that if you erase your personal information, the Services may not function properly.

Restriction. You have the right to request restriction of the processing in the following cases:

  • for a period enabling the App Provider to verify the accuracy of your personal data in the event you challenge the accuracy of your personal information;

  • if the processing is unlawful and you wish to restrict your personal information rather than deleting it;

  • if you wish the App Provider to keep your personal information because you need it for your defense in the context of legal claims;

  • if you have objected to the processing but we need to check whether we have legitimate grounds for such processing which may override your own rights.

It’s important to remember that if you restrict the use of your personal information, the Services may not function properly.

Portability. You have the right to Data portability (receiving your personal data in a structured, commonly used and machine-readable format and transmitting those data to another controller) and a right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling, if the processing of personal data is based on legitimate interest pursued by the App Provider or a third party.

Except for cases when processing of your personal data is necessary for performance of the Services, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Complaint. You may exercise your rights freely and at any time, by sending a written and dated request accompanied by a proof of your identity by sending an e-mail to Requests for access, correction, restriction of processing or erasure are subject to applicable legal restrictions.

We encourage you to contact us immediately if you believe that your personal data was provided without consent, by sending us a written and dated request accompanied by a proof of your identity using the contact details in the final section of this Privacy Policy.

Contact Information

If you have any further questions about how we process your personal information, or if you would like to exercise any of your rights under this policy, please send us a written and dated request accompanied by a proof of you identity, using the following contact details:

We shall ensure adequate steps are taken to address your request without undue delay and, in any event, within 30 (thirty) days of receipt of the request. The information shall be provided by electronic means where possible, unless otherwise expressly requested by you in writing.

Last updated: June 21, 2022

bottom of page