Privacy Policy

Last updated: April 21, 2026
This is a standard-practice placeholder policy. A fully reviewed version will replace it before broader launch.

1. Introduction

Valotrix Studio SRL (“Valotrix,” “we,” “our,” or “us”) operates the Valotrix Cart Rewards Shopify app (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to merchants who install and use the Service on their Shopify store and to anonymised shopper interactions processed by the Service on those stores.

The Service operates within the Shopify platform. Shopify’s own Privacy Policy governs the underlying infrastructure and shopper data held by Shopify.

2. Information We Collect

We collect only the minimum data necessary to operate the Service:

  • Merchant account information. When you install the app through Shopify OAuth, we receive your shop domain, shop ID, store name, plan, currency, primary locale, and the email of the installing Shopify user. We do not receive a Shopify admin password.
  • Campaign configuration. The rules, trigger conditions, gift selections, widget settings, and other configuration you create inside the app are stored on our infrastructure.
  • App usage data. Which screens you visit inside the app, which features you use, and error events. This helps us prioritise fixes and improvements.
  • Anonymised shopper interactions. When a campaign fires on your storefront, we record aggregate and per-order events: the campaign that matched, whether a gift was added, order totals, and timing. We do not store shopper names, shipping addresses, or payment details.
  • Support correspondence. If you contact support, we retain the messages and any diagnostic information you include.

3. How We Use Information

We use the information we collect to:

  • Operate, maintain, and secure the Service.
  • Deliver the core functionality you’ve configured: matching rules against carts, adding gifts, rendering widgets, and returning analytics.
  • Provide customer support and respond to your requests.
  • Produce aggregated, de-identified analytics for merchants—for example, the performance dashboards inside the app.
  • Diagnose bugs and improve product quality.
  • Comply with legal obligations.

4. Data Sharing

We do not sell your data and we do not sell shopper data. We share information only as follows:

  • Shopify. The Service runs inside Shopify’s platform and communicates with Shopify APIs to render campaigns, apply discounts, and handle billing.
  • Infrastructure providers. We use industry-standard cloud providers to host the Service. Data is encrypted in transit and at rest.
  • Legal requirements. We may disclose information if required by law, regulation, legal process, or governmental request.

5. Data Retention

We retain merchant data while the Service is installed on your Shopify store. When you uninstall the app, we trigger an automated clean-up:

  • Session tokens and webhook subscriptions are revoked immediately.
  • Merchant data is purged within 30 days of uninstallation, in line with Shopify’s GDPR webhook requirements.
  • Aggregate, anonymised statistics (for example, the count of campaigns across all merchants) may be retained indefinitely because they cannot be traced back to an individual store.

We also honour Shopify’s customers/redact and shop/redact compliance webhooks, which trigger targeted data deletion on request from Shopify.

6. Your Rights

Depending on where you are located, you may have rights under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or similar laws, including:

  • The right to access the personal information we hold about you.
  • The right to request rectification of inaccurate or incomplete data.
  • The right to request deletion (“right to be forgotten”).
  • The right to data portability, where applicable.
  • The right to object to processing or to withdraw consent.

To exercise these rights, email us at valentin@valotrix.com. We will respond within the time frames required by the applicable law.

7. Cookies and Tracking

The Service itself does not use cookies to track shoppers across sites. We use a minimal number of first-party cookies for essential app functionality (session, authentication with Shopify). We do not load third-party advertising or analytics trackers into your storefront.

The marketing website at cart-rewards.valotrix.com does not set analytics cookies. If that changes in the future, this policy will be updated and, where required, consent mechanisms added.

8. Security

We apply industry-standard practices to protect the data we hold: TLS for data in transit, encryption at rest where supported by the underlying infrastructure, principle-of-least-privilege access controls, and audit logging for administrative actions. No system can be made perfectly secure, but we treat security as a first-class product concern and respond promptly to any incident.

9. Children’s Privacy

The Service is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where practical, notify merchants via the app dashboard or email.

11. Contact

Questions about this Privacy Policy or our data practices? Email us at valentin@valotrix.com.

Valotrix Studio SRL · Romania.