Back to Home

FavCRM

Privacy Policy

Last updated: May 31, 2026

This policy applies to FavCRM, including the FavCRM: WhatsApp & Loyalty Shopify app, the FavCRM web app, and related merchant services operated by Fav Limited. It does not replace the separate FavPass consumer app privacy policy.

Who we are

Fav Limited (“Fav Limited”, “FavCRM”, “we”, “us”, or “our”) provides CRM, messaging, loyalty, booking, automation, and commerce tools for merchants. You can contact us about privacy questions or data requests at [email protected].

Scope and roles

Merchants use FavCRM to manage their own customers, orders, messages, bookings, loyalty records, and campaigns. For personal data that a merchant imports, syncs, or collects through FavCRM, the merchant is usually the data controller and Fav Limited acts as a processor or service provider on the merchant's instructions.

For account administration, billing, support, website analytics, security, and our own business operations, Fav Limited may act as a controller.

Data we collect

Depending on the products and integrations a merchant enables, we may process:

  • Merchant account data — name, email, phone number, company details, login information, workspace settings, billing state, support messages, and audit logs.
  • Customer profile data — customer names, phone numbers, email addresses, tags, notes, consent status, loyalty membership, tiers, points, and interaction history.
  • Commerce and booking data — orders, products, checkouts, carts, appointments, invoices, payments metadata, discount codes, campaign attribution, and related operational records.
  • Messaging data — WhatsApp, email, SMS, and other conversation content, delivery status, templates, replies, attachments, and metadata needed to route and record conversations.
  • Usage and device data — IP address, browser, device, pages viewed, diagnostic logs, timestamps, and security events.

Shopify app data

When a merchant installs FavCRM: WhatsApp & Loyalty from Shopify, we request Shopify access scopes needed to provide the app's features. These may include access to customers, orders, products, checkouts, and discounts.

We use Shopify data to:

  • provision and authenticate the merchant's FavCRM workspace;
  • sync customers, products, orders, carts, and abandoned checkouts;
  • show customer and order context in the WhatsApp inbox and CRM;
  • create Shopify discount codes for campaigns and loyalty redemptions;
  • power cart recovery, segmentation, automation, reporting, and loyalty rewards;
  • run the storefront WhatsApp chat widget and checkout loyalty extensions.

We also receive Shopify webhooks, including customer, order, product, checkout, app uninstall, scope update, and Shopify privacy webhooks. Shopify privacy webhooks include customers/data_request, customers/redact, and shop/redact. We use these webhooks to export, delete, or anonymize data as required by Shopify's privacy requirements.

WhatsApp and messaging providers

If a merchant connects WhatsApp, Meta and WhatsApp process message delivery, template approval, business account, and phone-number information under their own terms and policies. FavCRM stores and displays messaging records so merchants can manage customer conversations, campaigns, templates, and automations.

Merchants are responsible for having a lawful basis and required consent to send marketing or transactional messages to their customers.

How we use data

  • Provide, secure, maintain, and improve FavCRM services.
  • Authenticate users and prevent fraud, abuse, or unauthorized access.
  • Sync integrations selected by merchants, including Shopify and WhatsApp.
  • Deliver customer messages, campaigns, reminders, loyalty rewards, and automations.
  • Provide support, troubleshoot issues, and communicate service updates.
  • Comply with legal, tax, accounting, platform, and security obligations.

How we share data

We do not sell personal data. We may share data with:

  • Merchants and their authorized users — inside their FavCRM workspace and connected channels.
  • Integration platforms — such as Shopify, Meta/WhatsApp, payment, calendar, email, SMS, or automation providers, when the merchant connects or uses those features.
  • Service providers — hosting, database, analytics, security, messaging, email, support, and infrastructure vendors that process data on our instructions.
  • Legal and safety parties — when required by law, to protect rights and safety, or in connection with a merger, acquisition, financing, or asset sale.

Retention and deletion

We retain data only for as long as needed to provide FavCRM, support the merchant's workspace, comply with legal obligations, resolve disputes, enforce agreements, and maintain security. Retention periods vary by data type and product configuration.

When a merchant uninstalls the Shopify app, we stop active Shopify sync and process Shopify uninstall and privacy webhooks. Where required, we delete or anonymize Shopify-related shop and customer data unless we must keep limited records for legal, security, billing, accounting, fraud-prevention, or dispute-resolution purposes.

Security

We use administrative, technical, and organizational safeguards designed to protect data in transit and at rest. Access is limited to authorized personnel and systems that need it to provide or support the service. No online service can guarantee absolute security, but we work to reduce risk through access controls, logging, encryption, and secure development practices.

International transfers

Fav Limited operates from Hong Kong, and our service providers may process data in other countries. Where data is transferred internationally, we use appropriate contractual, technical, and organizational safeguards.

Your choices and rights

Merchants can update workspace settings, disconnect integrations, manage authorized users, and request export, correction, deletion, or restriction of personal data by contacting us. Customers of a merchant should normally contact that merchant first because the merchant controls how customer data is used in FavCRM.

We will assist merchants with privacy requests and will respond directly where Fav Limited is the controller. Contact [email protected].

Cookies and website analytics

Our website and app may use cookies or similar technologies for sign-in, security, preferences, analytics, and performance. We avoid collecting data we do not need and use privacy-protective defaults where practical.

Children

FavCRM is designed for businesses and is not directed to children under 13. We do not knowingly collect personal data from children under 13.

Changes

We may update this policy from time to time. We will post the revised policy on this page and update the date above. Material changes may also be communicated through the app or by email where appropriate.

Contact

Fav Limited
Privacy contact: [email protected]
Website: https://favcrm.io