Back to Home

Privacy Policy

Last Updated: October 21, 2025

1. Introduction

Shopify Audience Generator ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. This policy complies with GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and other applicable data protection laws.

2. Information We Collect

2.1 Account Information

When you connect your Shopify store, we collect:

  • Shopify store domain and store ID
  • OAuth access tokens (encrypted)
  • Email address (if provided)
  • Subscription tier and billing information

2.2 Customer Data from Shopify

To provide audience segmentation services, we access and process:

  • Customer names, email addresses, phone numbers
  • Customer addresses (city, state, ZIP code)
  • Order history and purchase data
  • Total spend and order counts
  • Last order date and customer creation date

2.3 Meta (Facebook) Integration

When you connect Meta:

  • Meta OAuth access tokens (encrypted)
  • Meta Ad Account IDs
  • Custom Audience names and sync history

2.4 Usage Data

  • API requests and usage metrics
  • Feature usage patterns
  • Error logs and performance data
  • Session information

3. How We Use Your Information

We use the collected information to:

  • Provide Services: Calculate RFM scores, create audience segments, sync to Meta
  • Machine Learning: Generate purchase predictions and customer insights
  • Account Management: Manage subscriptions, billing, and authentication
  • Service Improvement: Analyze usage patterns to improve features
  • Communication: Send service updates, billing notifications, and support responses
  • Security: Detect fraud, prevent abuse, and ensure platform security
  • Legal Compliance: Comply with legal obligations and enforce our terms

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contractual Necessity: To fulfill our service agreement with you
  • Legitimate Interest: To improve services, prevent fraud, and ensure security
  • Consent: Where explicitly provided (e.g., Meta connection)
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We share data with:

5.1 Third-Party Services

  • Shopify: To retrieve customer and order data
  • Meta (Facebook): To sync custom audiences (only with your explicit authorization)
  • Shopify: For payment processing through Shopify's billing system
  • Cloud Providers: Database hosting (Neon.tech), monitoring (Sentry)

5.2 Legal Requirements

We may disclose information if required by law, court order, or governmental request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

6. Data Security

We implement industry-standard security measures:

  • Encryption: All access tokens encrypted using AES-256-GCM
  • HTTPS: All data transmission over secure SSL/TLS connections
  • Access Controls: Role-based access and authentication
  • Regular Audits: Security reviews and vulnerability assessments
  • Data Minimization: We only collect data necessary for service provision

7. Data Retention

We retain your data:

  • Active Accounts: For the duration of your account
  • Deleted Accounts: 30-day grace period, then permanent deletion
  • Legal Requirements: May retain certain data longer to comply with legal obligations
  • Backup Data: May persist in backups for up to 90 days after deletion

8. Your Data Rights

Under GDPR and CCPA, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Data Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing of your data
  • Restrict Processing: Request limitation of data processing
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, visit your account settings or contact us at privacy@shopifyaudience.com

9. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising CCPA rights

Note: We do NOT sell your personal information.

10. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

12. Cookies and Tracking

We use cookies and similar technologies for authentication, analytics, and service functionality. See our Cookie Policy for details.

13. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, data requests, or concerns:
Email: privacy@shopifyaudience.com
Data Protection Officer: dpo@shopifyaudience.com

15. Supervisory Authority

EU residents have the right to lodge a complaint with their local data protection authority if they believe their data rights have been violated.

Terms of ServiceCookie Policy

Command Palette

Search for a command to run...