Privacy Policy

Revised 1/12/2023

Cart Insights

Abstract

Cart Insights is dedicated to customer and user privacy and data protection. We only collect and use data that is needed to provide the App's functionality. We do not use collected data for any purposes other than to provide the App's functionality. We do not share data or sell data to any other third party.

Security

Cart Insights is hosted on the Salesforce-owned Heroku Cloud Application Platform. Heroku regularly performs audits and maintains PCI, HIPAA, ISO, and SOC compliance to further strengthen trust with customers. Read more about Heroku compliance certifications here. All customer and app data is hosted by AWS in the US. Read more about AWS compliance progams and certifications here.

Privacy Policy

Cart Insights "the App" provides shopping cart activity data "the Service" to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store. You can also read about our Protected Customer Data Compliance here.

Personal Information the App Collects

When you install the App, we are automatically able to access certain types of information from your Shopify account as well as subscribed webhooks sent by Shopify to the App:

The following Shopify API access permissions are requested upon installation of the App so that it can function:

read_products - in order to display a shop's customer cart activity, the App requests product data via the Shopify API such as the product title, variant image url, and variant title.

read_customers - in order to display customer data in the context of customer cart activity within the App.

read_orders - in order to display order data in the context of customer cart activity within the App, namely to show when a cart converted into an Order and to be able to create a link to view the Order in the Shopify Admin console.

Data Retention

Data collected and stored by the App is automatically deleted from our database after it is not used by the App or updated by subsequent same customer cart activity webhooks for 31 days.

How Do We Use Your Personal Information?

We use the personal information we collect from you and your customers in order to provide the Service and to operate the App. Additionally, we use this personal information to: Communicate with you; Optimize, troubleshoot, or improve the App; and Provide you with information relating to our products or services.

Sharing Your Personal Information

Information about the shop that has installed the App, and information about any customer activity and data collected by the App is never shared with any third parties.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

GDPR Compliance

The App is compliant with Shopify GDPR Mandatory Webooks as described in the following link: https://help.shopify.com/en/api/guides/gdpr-resources

GDPR customers/redact - Requests deletion of customer data.

GDPR shop/redact - Requests deletion of shop data.

GDPR customers/data_request - Requests to view stored customer data.

Your Rights If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.

Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

Changes

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

Contact Us

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email protected] or by mail using the details provided below:

Data Protection Officer Contact Information:

K. Gorshkov

[email protected]

onspruce solutions

9 Lake Street

Kirkland, WA 98033

US