Privacy Policy

What We Collect

• Order data — order number, customer name, and email from the Shopify Orders API. Used to match orders to marketing sessions for attribution.
• Session data — page URLs, UTM parameters, and click IDs (fbclid, gclid) collected via our web pixel. No personal browsing history is stored.
• Store information — shop domain and Shopify access token, required for the app to function.

How We Use It

All data is used solely to provide attribution analytics to the merchant who installed the app. We match visitor sessions to completed orders so merchants can see which ads drive real sales.

Data Storage & Security

• Data is stored in a secured Supabase (PostgreSQL) database with Row Level Security.
• Each merchant can only access their own store's data.
• All data is encrypted in transit (HTTPS/TLS) and at rest.
• Access tokens are stored server-side and never exposed to the browser.

Data Sharing

We do not sell, rent, or share merchant or customer data with any third party. Conversion signals are sent to Meta and Google only when the merchant explicitly configures these integrations for their own ad accounts.

Data Retention

Session and order data is retained for up to 12 months. When a merchant uninstalls the app, their access token is revoked immediately. Merchants can request full data deletion by contacting us.

Merchant Rights

Merchants may request access to, correction of, or deletion of their data at any time by contacting us at the email below.

Contact

For privacy questions or data requests:
GrowthPartners
connect@growthpartners.agency