Privacy Policy

Introduction

Atchoo Analytics ("we," "our," or "us") is a Shopify app that provides analytics and A/B testing services to Shopify store owners. This Privacy Policy explains how we collect, use, and protect information when you use our services.

Information We Collect

Visitor Data (End Customers)

When visitors browse Shopify stores using our app, we automatically collect:

Browsing Behavior:

• Page views and product views
• Add-to-cart events and purchase interactions
• Template and page types viewed
• Session duration and navigation patterns

Technical Information:

• IP address (for analytics and fraud prevention)
• User agent (browser and device information)
• Referrer information (how visitors found the store)
• UTM campaign parameters
• Viewport dimensions

Cookies and Local Storage:

• atchoo_visitor_id: A first-party analytics cookie (expires after 1 year)
• App configuration data in localStorage (temporary, session-based)

Merchant Data (Store Owners)

When Shopify store owners install our app, we collect:

Business Information:

• Shopify store domain and basic store details
• Industry type (for benchmarking purposes)
• Theme template information
• Product catalog data (IDs, titles, prices, availability)

Account Information:

• Shopify user details accessible through our app installation
• App usage preferences and settings
• A/B test configurations and results

Administrative Data:

• Installation and uninstallation events
• App configuration changes
• Support interactions

How We Use Information

Analytics & Performance

• Generate performance metrics and conversion analytics
• Create industry benchmarking data
• Provide insights on visitor behavior and store performance
• Optimize A/B testing algorithms

Service Operations

• Process and display analytics dashboards
• Enable A/B testing functionality
• Prevent abuse and ensure service security
• Provide customer support

Business Intelligence

• Improve our app's features and performance
• Understand usage patterns for product development
• Create anonymized industry reports and benchmarks

Information Sharing and Third-Party Services

Third-Party Service Providers

We use the following trusted service providers:

Turso Database Services

• Purpose: Secure data storage and management
• Data: All analytics and tracking data
• Location: Distributed globally based on shop location
• Privacy: Each store's data is isolated in separate databases

Vercel (Hosting & Storage)

• Purpose: App hosting and file storage
• Data: App functionality and compliance data exports
• Security: HTTPS encryption and secure blob storage

Resend (Email Service)

• Purpose: Compliance notifications only
• Data: Email addresses for data request notifications
• Usage: GDPR/CCPA compliance communications

Shopify Platform

• Purpose: Core app integration
• Data: Store information as permitted by app scopes
• Scope: read_products, read_themes, write_products

Data Isolation

• Each Shopify store's data is stored in a completely separate database
• No cross-store data sharing or access
• Multi-tenant architecture ensures complete data isolation
• Encrypted credential storage for database access

No Data Sales

We do not sell, rent, or trade personal information to third parties for marketing purposes.

Data Security

Technical Safeguards

• Encryption: All data transmitted using HTTPS/TLS encryption
• Database Security: AES-256-GCM encryption for sensitive credentials
• Access Control: Shop-specific database isolation
• Authentication: Shopify OAuth and webhook HMAC verification

Infrastructure Security

• Secure hosting on Vercel with industry-standard protections
• Turso's distributed database architecture with built-in security
• Regular security monitoring and updates
• Principle of least privilege for data access

Data Retention

Visitor Data

• Tracking events: Retained for analytics purposes while the app is installed
• Visitor IDs: Cookie expires after 1 year, automatically renewed on visits
• Session data: 30-minute windows for traffic source attribution

Merchant Data

• Account information: Retained while the app is installed
• Historical analytics: Preserved for trend analysis and reporting
• A/B test results: Retained for statistical analysis and reporting

Automatic Deletion

• When a Shopify store uninstalls our app, all associated data is automatically deleted
• Customer data deletion requests are processed within 7 days
• Compliance with Shopify's data retention requirements

Your Rights and Choices

For Shopify Store Owners

Access and Control:

• View all analytics data through our dashboard
• Export data through our reporting features
• Configure tracking preferences and settings
• Request complete data deletion by uninstalling the app

Industry Benchmarking:

• Opt-in industry selection for anonymous benchmarking
• No individual store identification in benchmark data
• Ability to change industry classification at any time

For End Customers (Store Visitors)

Cookie Control:

• Browser settings can block or delete our analytics cookie
• Incognito/private browsing prevents persistent tracking
• No cross-site tracking outside the specific store

Data Requests:

• Contact the Shopify store directly for data access requests
• We provide tools to store owners for compliance responses
• Automatic processing of deletion requests via Shopify's system

Legal Compliance

GDPR Compliance (EU Users)

• Lawful Basis: Legitimate interest for analytics, consent where required
• Data Subject Rights: Access, rectification, erasure, portability, objection
• Data Protection Officer: Available through our support channels
• EU Representative: Contact information available upon request

CCPA Compliance (California Residents)

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: No sale of personal information (we don't sell data)
• Non-Discrimination: No penalties for exercising privacy rights

Shopify Compliance

• Full compliance with Shopify's App Store requirements
• Automated processing of Shopify's compliance webhooks
• Integration with Shopify's customer data request system

Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately.

International Data Transfers

Data Location

• Data is stored in Turso databases distributed globally
• Database location optimized for performance and compliance
• Adequate protection for international transfers

Transfer Safeguards

• Standard contractual clauses with service providers
• Encryption during transit and at rest
• Compliance with applicable data protection laws

Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable laws. When we make changes:

• Notice: Updated policy posted with new effective date
• Material Changes: Additional notification through our app interface
• Continued Use: Continued use of our service constitutes acceptance

Data Breach Response

In the unlikely event of a data breach:

1. Immediate Response: Contain and assess the incident within 24 hours
2. Authority Notification: Report to relevant authorities within 72 hours if required
3. User Notification: Notify affected users without undue delay
4. Remediation: Take steps to prevent future incidents

Contact Information

General Privacy Inquiries

• Email: blessyou@atchoo.app
• Response Time: Within 5 business days

Data Subject Requests

• Email: compliance@atchoo.app
• Processing Time: Within 30 days (GDPR) or 45 days (CCPA)

Shopify Store Owner Responsibilities

As a Shopify store owner using our app, you are responsible for:

Privacy Notices

• Informing customers about analytics tracking
• Including our data collection in your privacy policy
• Obtaining necessary consents where required by law

Customer Requests

• Responding to customer data requests
• Using our compliance tools for data export/deletion
• Maintaining accurate customer contact information

Legal Compliance

• Ensuring compliance with applicable privacy laws
• Properly configuring tracking preferences
• Monitoring and managing data retention settings

---

Last Review: July 2025
Next Scheduled Review: December 2025

This privacy policy reflects our current data practices. For the most up-to-date information, please check the effective date above and review periodically for changes.