Privacy Policy

Last updated: May 26, 2026

Overview

PrizeBee ("we," "our," or "us") operates a sweepstakes platform for Shopify merchants. This policy explains what personal information we collect from sweepstakes participants, how we use it, how we protect it, and what rights you have over it. It does not cover the privacy practices of individual merchants whose stores display PrizeBee — each merchant has their own privacy policy governing your relationship with them.

The PrizeBee banner is only displayed to customers located in the United States. If you are outside the United States, no PrizeBee banner will be shown and no personal data about you is collected by PrizeBee.

Information We Collect

We collect personal information only from individuals who voluntarily opt in to a sweepstakes. What we collect depends on how you enter:

Purchase Entries (via cart checkout)

  • Full name (from billing address, customer profile, or shipping address — in that order of preference)
  • Email address
  • Phone number (if provided on your order)
  • Billing or shipping address
  • Order ID and subtotal (to calculate entry weight and prevent duplicate entries)
  • Opt-in confirmation (a record that you checked the sweepstakes checkbox)

Mail-In Entries (AMOE)

  • Full name
  • Email address
  • Mailing address

We do not collect payment card details, Social Security numbers, or government ID numbers.

How We Use Your Information

  • Entering you into the applicable sweepstakes drawing
  • Notifying you if you are selected as a winner and coordinating prize fulfillment with the merchant
  • Preventing duplicate entries and fraudulent participation
  • Complying with legal obligations, including applicable sweepstakes laws and tax reporting requirements
  • Responding to customer support requests

We do not use your information for marketing or advertising, and we do not build profiles for any purpose beyond administering the sweepstakes.

Data Security

We take security seriously:

  • Encryption at rest: All personal data fields (name, email, phone, and address) are individually encrypted in our database using AES-256 symmetric encryption. Even if the database were accessed without authorization, personal information cannot be read without the encryption key, which is stored separately.
  • Encryption in transit: All data transmitted between your browser, the store, and our servers is protected by TLS (HTTPS).
  • Access controls: Row-level security restricts database queries so that each merchant can only access data from their own store. Decryption of personal information is restricted to authorized administrative operations only.
  • No PII in logs: Decrypted personal information is never written to application logs or error reports.

Data Sharing

We do not sell, rent, or trade your personal information. We may share it only in these limited circumstances:

  • Infrastructure providers: We use Supabase for database hosting and Stripe for merchant billing. These providers process data only as necessary to deliver their services and are not permitted to use participant data for their own purposes.
  • Participating merchants (winners only): If you win, your contact details are shared with the relevant merchant solely for the purpose of prize notification and fulfillment.
  • Legal requirements: We may disclose information if required by law, court order, or government authority.

Data Retention

We retain sweepstakes entry data for the duration of the applicable sweepstakes period plus any legally required retention period thereafter.

  • If an order that generated an entry is refunded, the corresponding entry is deleted immediately and automatically.
  • You may request deletion of your entry at any time by contacting us (see below). Deletion removes you from future drawings in the current period but cannot undo a drawing that has already been completed.

Cookies & Cart Attributes

The PrizeBee banner does not set cookies or use tracking pixels. Your opt-in preference is stored as a Shopify cart attribute — a server-side value associated with your active cart session. This is not a browser cookie; it is cleared automatically when your cart is emptied or your checkout session ends.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data.
  • Restriction: Request that we limit how we process your data.
  • Portability: Receive your data in a portable, machine-readable format.
  • Objection: Object to processing based on our legitimate interests.
  • California residents (CCPA): You have the right to know what personal information is collected about you, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, email us at hello@prizebee.io. We will respond within 30 days.

Contact

For privacy-related questions, requests, or complaints, contact us at hello@prizebee.io or visit our Support page.