Privacy Policy

1. Introduction

Clovia ("we", "our", or "us") operates as a Shopify application that provides forensic checkout analytics. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you install and use our application through the Shopify App Store.

By installing Clovia, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not install or use our application.

2. Information We Collect

2.1 Information from Shopify

When you install Clovia, we access certain information from your Shopify store through the Shopify API, including:

• Store name, domain, and contact email
• Checkout session data (cart contents, checkout steps completed, errors encountered)
• Order information (order IDs, timestamps, completion status)
• Customer session identifiers (anonymized)
• Browser and device information from checkout sessions
• Payment gateway response codes and error messages

2.2 Information You Provide

We collect information you voluntarily provide, including:

• Email addresses for alert notifications
• Slack webhook URLs for integration
• Team member accounts and preferences
• Support inquiries and communications

2.3 Automatically Collected Information

We automatically collect usage data when you access our dashboard, including pages viewed, features used, and interaction patterns. This helps us improve our application and user experience.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Checkout Diagnostics: Analyzing checkout sessions to identify failures, errors, and friction points
• Root Cause Analysis: Determining why checkouts fail and providing actionable recommendations
• Alerting: Sending real-time notifications about checkout issues via email or Slack
• Reporting: Generating analytics dashboards and insights about your checkout performance
• Service Improvement: Enhancing our algorithms and features based on aggregated, anonymized data
• Customer Support: Responding to your inquiries and providing technical assistance
• Billing: Processing subscription payments through the Shopify billing system

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Service Providers: We use third-party services for hosting, analytics, and infrastructure (e.g., cloud providers) who are contractually obligated to protect your data
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
• With Your Consent: We may share information when you explicitly authorize us to do so

5. Data Retention

We retain your data for as long as your Clovia subscription is active. Specifically:

• Session Data: Checkout session data is retained for 90 days for analysis purposes
• Aggregated Analytics: Anonymized, aggregated data may be retained indefinitely for service improvement
• Account Information: Retained until you uninstall the application or request deletion

Upon uninstallation, we will delete your store data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

5.1 Shopify GDPR Webhooks

We fully comply with Shopify's mandatory webhooks for data protection. When a store owner or a shopper requests data deletion or access through Shopify, we automatically process these requests:

• Customer Redact: If a shopper requests their data to be deleted from your Shopify store, we automatically receive a webhook notification and permanently delete or anonymize all session data associated with that specific customer from our records within 30 days.
• Customer Data Request: If a shopper requests a copy of their data, we will provide you with any identifiable session data we hold for that customer so you can fulfill the request.
• Shop Redact: If you uninstall our application and request to delete your store data from Shopify, we will receive a webhook notification and purge all your store's data and associated sessions from our active databases within 30 days.

6. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Regular security audits and vulnerability assessments
• Access controls and authentication for all team members
• Secure cloud infrastructure with SOC 2 compliance
• Regular backups with encrypted storage

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal data:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data
• Portability: Request your data in a machine-readable format
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us at privacy@clovia.app. We will respond to your request within 30 days.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable.

9. Children's Privacy

Clovia is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we may also send you an email notification. Your continued use of Clovia after any changes constitutes acceptance of the updated policy.