Pricing FAQ
Legal

Privacy Policy

Last Updated: July 1, 2026

Welcome to Shoptin ("Shoptin," "we," "us," or "our"), a Shopify application owned and operated by Opt to Shop, LLC, a California limited liability company ("Company"). Shoptin is the product and brand name under which the Company offers its Shopify application and related Services. Our goal is to help Shopify merchants ("Merchants") dynamically optimize marketing consent at checkout and boost subscriber growth. This Privacy Policy describes how we collect, use, store, disclose, and otherwise process your information when you (i) visit or use our website or services (collectively, the "Services"), or (ii) install and use the Shoptin application through Shopify.

By using our Services, you agree to the practices and policies outlined in this Privacy Policy. If you do not agree, please do not use our Services. If you have any questions, please contact us using the information in the Contact Us section below.

1. Scope

This Privacy Policy applies to personal information processed by Shoptin in connection with your use of our Services. Any personal information that Merchants process about their end customers (e.g., buyers at checkout, subscribers) is governed by the Merchants' own privacy policies. We process such data only as necessary to provide Services on behalf of Merchants and in accordance with our agreements with them.

2. Personal Information We Collect

We collect information directly from Merchants, from Merchants' Shopify stores via Shopify's APIs, and from Merchants' customers. This may include:

  • Customer Consent Data: Information about whether a customer opted in to marketing, including region-specific consent settings.
  • Store Details: Basic store information (name, URL) to configure and personalize the Shoptin consent experience.
  • Merchant Contact Details: When you sign up or interact with us (e.g., by sending support requests), we collect the information you provide such as your name, email address, or phone number.
  • Log and Performance Data: Usage and performance data to monitor, improve, and personalize our Services (e.g., opt-in rates, CLV analysis dashboards).
  • Cookies and Similar Technologies: Certain features (like live dashboards or testing environments) may use cookies or tracking pixels to improve functionality or analyze performance.

We do not request or store any Shopify data beyond what is necessary to provide Shoptin's core Services.

3. How We Use the Information We Collect

We use the information described above for purposes including:

  • Providing and Maintaining Our Services: Managing dynamic consent flows, updating store settings, and ensuring compliance.
  • Improving and Personalizing the Services: Analyzing opt-in rates, subscriber vs. non-subscriber CLV, and checkout performance to enhance Shoptin's impact.
  • Communicating with You: Sending support responses, service updates, or optional marketing messages.
  • Monitoring and Analyzing Trends: Aggregated insights on opt-in performance across regions, industries, or campaigns.
  • Enforcing Agreements and Legal Compliance: Ensuring adherence to our Terms of Service and applicable data regulations (e.g., GDPR, CCPA, TCPA).

Legal Bases for Processing (EEA, UK, and Switzerland): With respect to Customer Personal Data (as defined in our data processing agreement with the Merchant) — including Customer Consent Data and Store Details — Opt to Shop acts solely as a processor, not a controller; the Merchant, as controller, determines the purposes and legal basis, and our obligations are governed by Article 28 GDPR and our data processing agreement with the Merchant. Three narrow categories fall outside that processor role, each described in the bullets below: Merchant Contact Details we use for our own communications with the Merchant; Service Data (aggregated, de-identified usage metrics, telemetry, billing records, and audit trails that do not reasonably identify a Merchant or Data Subject), which we process for our own limited business purposes; and our own investigation of suspected fraud or a Terms of Service breach. Where the GDPR, UK GDPR, or Swiss FADP applies, the following maps each purpose in this Section to its legal basis:

  • Providing and Maintaining Our Services: Processed as a processor on the Merchant's documented instructions; the Merchant, as controller, determines the applicable legal basis (typically contract or consent). Our processing in that capacity is governed by our data processing agreement with the Merchant.
  • Improving and Personalizing the Services: Processed as a processor on the Merchant's documented instructions, since generating a given Merchant's own opt-in and CLV dashboards involves that Merchant's data; the Merchant, as controller, determines the applicable legal basis.
  • Communicating with You: Performance of our own contract with the Merchant (Article 6(1)(b)) for service-related communications (e.g., support responses, service updates about your Shoptin account), and consent (Article 6(1)(a)) for optional marketing messages, which you may withdraw at any time.
  • Monitoring and Analyzing Trends: This is the Service Data exception described above, not a broader basis for identifiable data. Legitimate interests (Article 6(1)(f)) support this narrow, independent processing of aggregated, de-identified usage data that does not reasonably identify a Merchant or Data Subject, namely understanding aggregate performance across Merchants, regions, and campaigns to improve the Services.
  • Enforcing Agreements and Legal Compliance: Legal obligation (Article 6(1)(c)) where compliance with applicable law requires it — processor-consistent processing expressly permitted by Section 4.1(b) of our data processing agreement with the Merchant; and, narrowly, our own legitimate interests (Article 6(1)(f)) where we investigate suspected fraud or a breach of our Terms of Service by a Merchant.

We do not sell your personal information or your customers' personal information to third parties.

4. How We Share Your Information

We only share your information in limited circumstances:

  • With Your Consent: When you explicitly authorize sharing.
  • Service Providers and Partners: With third parties who perform services on our behalf (hosting, analytics, or support).
  • Legal Compliance and Protection: If required by law or to protect our rights and users.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

5. Data Retention

We retain personal information according to the criteria below, which vary by data type:

  • Merchant/Store Data (store details and merchant contact information): Retained for the duration of the Merchant's app installation and active use of the Services. We are not obligated to delete this data automatically upon uninstallation or termination of the Merchant relationship; it is retained until we receive the Merchant's written deletion request or a Shopify data-redaction webhook (see our data processing agreement with the Merchant), except where retention is required to comply with legal, tax, or accounting obligations.
  • Customer Consent Data: Retained until we receive the Merchant's written deletion request or a Shopify data-redaction webhook, including the customer-initiated customers/redact webhook, consistent with our data processing agreement with the Merchant, at which point it is deleted or anonymized. Data retained in backup systems is deleted in the ordinary course under our backup rotation policies.
  • Logs & Telemetry: Retained for 30 days for security, debugging, and service-reliability purposes, after which it is rotated or deleted, except where aggregated or anonymized data is retained longer for analytics.
  • Support/Contact Data: Retained for 24 months after a support request is resolved, to allow for follow-up and quality review, after which it is deleted or anonymized.

Merchants may request earlier deletion of data by contacting us (see Contact Us), subject to our legal and contractual obligations.

6. International Data Transfers

The Company is based in the United States. If you access our Services from outside the U.S., your data may be transferred and processed in jurisdictions that may not provide the same level of protection. By using our Services, you consent to these transfers.

7. Security of Your Information

We take reasonable administrative, technical, and physical measures to protect your information from loss, misuse, or unauthorized disclosure. No method of storage or transmission is 100% secure.

8. Children's Privacy

Our Services are intended for businesses and individuals at least 18 years old. We do not knowingly collect data from children under 13.

9. Your Choices and Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal information.

  • Opt-Out of Marketing Communications: Use the "unsubscribe" link or contact us.
  • Cookies: You can manage cookies through browser settings.
  • Lodge a Complaint: If you are located in the EEA, the UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal information violates applicable law.

End customers of a Merchant should direct requests to that Merchant's privacy team.

10. Do Not Track

Shoptin does not track online activity across third-party websites, and does not respond to "do not track" browser signals.

11. Changes to This Privacy Policy

We may update this Policy to reflect changes in practices, laws, or features. If changes are material, we will notify you via email or within the Shoptin app.

12. Contact Us

If you have any questions about this Privacy Policy or your personal information, please reach us at:

Email: support@shoptin.io

Find Out

Measure your missing LTV

Use this prompt with Shopify Sidekick to see how much LTV you're leaking today.

Please retrieve each of the following metrics and summarize in a table: 1. average monthly web orders over the last 12 months 2. first time purchase rate (use this: FROM sales SHOW orders, orders_first_time SINCE -12m UNTIL today) 3. LTV of customers that are NOT SUBSCRIBED to email marketing (filter out customers that have spent more than 1000 since they are b2b) 4. LTV of customers that are SUBSCRIBED to email marketing (filter out customers that have spent more than 1000 since they are b2b) 5. for all orders that were a customer's first purchase in the last 60 days, how many are in each bucket of email subscription status NOT SUBSCRIBED, SUBSCRIBED, UNSUBSCRIBED Using these metrics, tell me roughly how much LTV i am leaving on the table each month via customers that dont subscribed to email marketing (not subscribed).