Privacy Policy

1. Data we process (data minimization)

Cart Revive processes only the minimum personal data required to recover abandoned carts on a merchant's behalf:

• Shop data: shop domain, shop name, owner email, currency, plan.
• Abandoned-checkout data: customer email, customer first/last name, cart line items, total price, currency, abandoned-at timestamp, Shopify checkout token.
• Order data: order id, total, currency, created-at — used solely for attribution of recovered revenue.

We do not request or store customer addresses, phone numbers, payment details, IP addresses, browsing history, or any other Shopify Protected Customer Data field beyond email and name.

2. Purpose limitation

Personal data is used exclusively to: (a) detect abandoned checkouts, (b) create a Shopify draft order on the merchant's store, (c) trigger Shopify's own invoice email to the shopper, and (d) report recovered revenue in the merchant dashboard. We do not profile shoppers, run automated decision-making with legal effects, sell data, or share data with third parties.

3. Consent & opt-out

Recovery emails are sent by Shopify itself (via the merchant's store) using Shopify's standard invoice-email mechanism, which includes Shopify's unsubscribe and consent controls. We honor any customer consent and opt-out decisions surfaced by Shopify webhooks.

4. Storage & security

All data is stored encrypted at rest (AES-256) in our managed Postgres database and transmitted over TLS 1.2+. Database backups are encrypted. Shopify access tokens are stored in server-only columns and never exposed to the browser. Test and production environments are fully isolated (separate databases and credentials). Staff access is role-based and logged.

5. Retention

Abandoned-checkout rows containing personal data are automatically deleted 90 days after the abandoned-at timestamp by a daily retention job, regardless of recovery status. Recovered-order attribution records (which contain no email or name) are kept for the lifetime of the install for reporting.

On app uninstall we revoke the access token immediately. When Shopify sends the shop/redact webhook (~48 h after uninstall) we delete all remaining shop data within 30 days. We honor customers/redact within 30 days by deleting matching rows from abandoned_checkouts and recovered_orders.

6. Shopify Protected Customer Data compliance

Cart Revive is approved (or has applied) for Shopify Protected Customer Data access at Level 2 with the email and name fields only. We implement all Level 1 and Level 2 requirements: data minimization, purpose limitation, transparency, encryption at rest and in transit, encrypted backups, environment separation, role-based access, access logging, and a documented security incident response policy.

7. GDPR / CCPA

Merchants and their customers may exercise data-subject rights through the Shopify-mandated webhooks (customers/data_request, customers/redact, shop/redact), which we implement with HMAC verification and acknowledge within Shopify's 5-second SLA. Requests are logged in compliance_logs for audit.

8. Sub-processors

Supabase (managed Postgres + edge runtime) and Cloudflare (TLS edge). Both are SOC 2 Type II compliant and bound by data-processing agreements.

9. Contact

Questions or data requests: support@cart-revive.app