Privacy Policy
Last Updated: July 1, 2026
Welcome to Shoptin ("Shoptin," "we," "us," or "our"), a Shopify application owned and operated by Opt to Shop, LLC, a California limited liability company ("Company"). Shoptin is the product and brand name under which the Company offers its Shopify application and related Services. Our goal is to help Shopify merchants ("Merchants") dynamically optimize marketing consent at checkout and boost subscriber growth. This Privacy Policy describes how we collect, use, store, disclose, and otherwise process your information when you (i) visit or use our website or services (collectively, the "Services"), or (ii) install and use the Shoptin application through Shopify.
By using our Services, you agree to the practices and policies outlined in this Privacy Policy. If you do not agree, please do not use our Services. If you have any questions, please contact us using the information in the Contact Us section below.
1. Scope
This Privacy Policy applies to personal information processed by Shoptin in connection with your use of our Services. Any personal information that Merchants process about their end customers (e.g., buyers at checkout, subscribers) is governed by the Merchants' own privacy policies. We process such data only as necessary to provide Services on behalf of Merchants and in accordance with our agreements with them.
2. Personal Information We Collect
We collect information directly from Merchants, from Merchants' Shopify stores via Shopify's APIs, and from Merchants' customers. This may include:
- Customer Consent Data: Information about whether a customer opted in to marketing, including region-specific consent settings.
- Store Details: Basic store information (name, URL) to configure and personalize the Shoptin consent experience.
- Merchant Contact Details: When you sign up or interact with us (e.g., by sending support requests), we collect the information you provide such as your name, email address, or phone number.
- Log and Performance Data: Usage and performance data to monitor, improve, and personalize our Services (e.g., opt-in rates, CLV analysis dashboards).
- Cookies and Similar Technologies: Certain features (like live dashboards or testing environments) may use cookies or tracking pixels to improve functionality or analyze performance.
We do not request or store any Shopify data beyond what is necessary to provide Shoptin's core Services.
3. How We Use the Information We Collect
We use the information described above for purposes including:
- Providing and Maintaining Our Services: Managing dynamic consent flows, updating store settings, and ensuring compliance.
- Improving and Personalizing the Services: Analyzing opt-in rates, subscriber vs. non-subscriber CLV, and checkout performance to enhance Shoptin's impact.
- Communicating with You: Sending support responses, service updates, or optional marketing messages.
- Monitoring and Analyzing Trends: Aggregated insights on opt-in performance across regions, industries, or campaigns.
- Enforcing Agreements and Legal Compliance: Ensuring adherence to our Terms of Service and applicable data regulations (e.g., GDPR, CCPA, TCPA).
Legal Bases for Processing (EEA, UK, and Switzerland): With respect to Customer Personal Data (as defined in our data processing agreement with the Merchant) — including Customer Consent Data and Store Details — Opt to Shop acts solely as a processor, not a controller; the Merchant, as controller, determines the purposes and legal basis, and our obligations are governed by Article 28 GDPR and our data processing agreement with the Merchant. Three narrow categories fall outside that processor role, each described in the bullets below: Merchant Contact Details we use for our own communications with the Merchant; Service Data (aggregated, de-identified usage metrics, telemetry, billing records, and audit trails that do not reasonably identify a Merchant or Data Subject), which we process for our own limited business purposes; and our own investigation of suspected fraud or a Terms of Service breach. Where the GDPR, UK GDPR, or Swiss FADP applies, the following maps each purpose in this Section to its legal basis:
- Providing and Maintaining Our Services: Processed as a processor on the Merchant's documented instructions; the Merchant, as controller, determines the applicable legal basis (typically contract or consent). Our processing in that capacity is governed by our data processing agreement with the Merchant.
- Improving and Personalizing the Services: Processed as a processor on the Merchant's documented instructions, since generating a given Merchant's own opt-in and CLV dashboards involves that Merchant's data; the Merchant, as controller, determines the applicable legal basis.
- Communicating with You: Performance of our own contract with the Merchant (Article 6(1)(b)) for service-related communications (e.g., support responses, service updates about your Shoptin account), and consent (Article 6(1)(a)) for optional marketing messages, which you may withdraw at any time.
- Monitoring and Analyzing Trends: This is the Service Data exception described above, not a broader basis for identifiable data. Legitimate interests (Article 6(1)(f)) support this narrow, independent processing of aggregated, de-identified usage data that does not reasonably identify a Merchant or Data Subject, namely understanding aggregate performance across Merchants, regions, and campaigns to improve the Services.
- Enforcing Agreements and Legal Compliance: Legal obligation (Article 6(1)(c)) where compliance with applicable law requires it — processor-consistent processing expressly permitted by Section 4.1(b) of our data processing agreement with the Merchant; and, narrowly, our own legitimate interests (Article 6(1)(f)) where we investigate suspected fraud or a breach of our Terms of Service by a Merchant.
We do not sell your personal information or your customers' personal information to third parties.
4. How We Share Your Information
We only share your information in limited circumstances:
- With Your Consent: When you explicitly authorize sharing.
- Service Providers and Partners: With third parties who perform services on our behalf (hosting, analytics, or support).
- Legal Compliance and Protection: If required by law or to protect our rights and users.
- Business Transfers: In connection with a merger, acquisition, or sale of assets.
5. Data Retention
We retain personal information according to the criteria below, which vary by data type:
- Merchant/Store Data (store details and merchant contact information): Retained for the duration of the Merchant's app installation and active use of the Services. We are not obligated to delete this data automatically upon uninstallation or termination of the Merchant relationship; it is retained until we receive the Merchant's written deletion request or a Shopify data-redaction webhook (see our data processing agreement with the Merchant), except where retention is required to comply with legal, tax, or accounting obligations.
- Customer Consent Data: Retained until we receive the Merchant's written deletion request or a Shopify data-redaction webhook, including the customer-initiated customers/redact webhook, consistent with our data processing agreement with the Merchant, at which point it is deleted or anonymized. Data retained in backup systems is deleted in the ordinary course under our backup rotation policies.
- Logs & Telemetry: Retained for 30 days for security, debugging, and service-reliability purposes, after which it is rotated or deleted, except where aggregated or anonymized data is retained longer for analytics.
- Support/Contact Data: Retained for 24 months after a support request is resolved, to allow for follow-up and quality review, after which it is deleted or anonymized.
Merchants may request earlier deletion of data by contacting us (see Contact Us), subject to our legal and contractual obligations.
6. International Data Transfers
The Company is based in the United States. If you access our Services from outside the U.S., your data may be transferred and processed in jurisdictions that may not provide the same level of protection. By using our Services, you consent to these transfers.
7. Security of Your Information
We take reasonable administrative, technical, and physical measures to protect your information from loss, misuse, or unauthorized disclosure. No method of storage or transmission is 100% secure.
8. Children's Privacy
Our Services are intended for businesses and individuals at least 18 years old. We do not knowingly collect data from children under 13.
9. Your Choices and Rights
Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal information.
- Opt-Out of Marketing Communications: Use the "unsubscribe" link or contact us.
- Cookies: You can manage cookies through browser settings.
- Lodge a Complaint: If you are located in the EEA, the UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe our processing of your personal information violates applicable law.
End customers of a Merchant should direct requests to that Merchant's privacy team.
10. Do Not Track
Shoptin does not track online activity across third-party websites, and does not respond to "do not track" browser signals.
11. Changes to This Privacy Policy
We may update this Policy to reflect changes in practices, laws, or features. If changes are material, we will notify you via email or within the Shoptin app.
12. Contact Us
If you have any questions about this Privacy Policy or your personal information, please reach us at:
Email: support@shoptin.io