Privacy Policy

Effective: February 27, 2026 · Last updated: May 13, 2026

The canonical privacy policy for Valotrix Cart Rewards is published inside the app at valotrix.com/terms-privacy. This page summarises that policy in plain language for shoppers and merchants visiting the marketing site. If anything below conflicts with the in-app version, the in-app version controls.

1. Introduction

Valotrix Studio SRL (“Valotrix,” “we,” “our,” or “us”) operates the Valotrix Cart Rewards Shopify app (the “Service”). This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to merchants who install and use the Service on their Shopify store and to anonymised shopper interactions processed by the Service on those stores.

The Service operates within the Shopify platform. Shopify’s own Privacy Policy governs the underlying infrastructure and shopper data held by Shopify.

2. Information We Collect

We collect only the minimum data necessary to operate the Service:

  • Merchant account information. When you install the app through Shopify OAuth, we receive your shop domain, shop ID, store name, plan, currency, primary locale, and the email of the installing Shopify user. We do not receive a Shopify admin password.
  • Campaign configuration. The rules, trigger conditions, gift selections, widget settings, and other configuration you create inside the app are stored on our infrastructure.
  • App usage data. Which screens you visit inside the app, which features you use, and error events. This helps us prioritise fixes and improvements.
  • Anonymised shopper interactions. When a campaign fires on your storefront, we record aggregate and per-order events: the campaign that matched, whether a gift was added, order totals, and timing. We do not store shopper names, shipping addresses, or payment details.
  • Shopper email (only on a GDPR data request). When Shopify forwards a customers/data_request webhook on a shopper's behalf, the payload includes the shopper's email. We persist that email on a GdprDataRequest row so the merchant can identify which shopper to respond to. Outside this controller-flowed legal request, we do not store shopper emails.
  • Support correspondence. If you contact support, we retain the messages and any diagnostic information you include.

3. How We Use Information

We use the information we collect to:

  • Operate, maintain, and secure the Service.
  • Deliver the core functionality you’ve configured: matching rules against carts, adding gifts, rendering widgets, and returning analytics.
  • Provide customer support and respond to your requests.
  • Produce aggregated, de-identified analytics for merchants—for example, the performance dashboards inside the app.
  • Diagnose bugs and improve product quality.
  • Comply with legal obligations.

4. Data Sharing & Sub-processors

We do not sell your data and we do not sell shopper data. We share information only as follows:

  • Shopify. The Service runs inside Shopify’s platform and communicates with Shopify APIs to render campaigns, apply discounts, and handle billing.
  • Render (US). Application hosting and Postgres database. Data resides in Render’s US region.
  • PostHog (EU instance, eu.i.posthog.com). Product analytics for the embedded admin app. Events identify the shop by domain and include plan and admin-page path. The SDK runs with persistence: "memory" and session recording disabled, so it does not set tracking cookies, does not record sessions, and does not persist across reloads. No shopper data is sent to PostHog.
  • Sentry (US ingest). Server- and client-side exception aggregation for the embedded admin. Cross-border transfers are governed by the Standard Contractual Clauses incorporated into Sentry’s DPA. No shopper PII is captured.
  • Google. Used as the Identity Provider when Valotrix Cart Rewards staff sign in to internal admin routes. Merchants and shoppers do not authenticate through Google.
  • Resend / SendGrid (US). Optional transactional email delivery for alert emails when a merchant enables them.
  • Chatwoot Cloud (US). In-app, marketing-site, and docs-site live chat. Conversation transcripts and contact records are stored on Chatwoot Cloud's US infrastructure under Chatwoot's data processing terms.
  • Anthropic (US, Claude Haiku 4.5). Powers the AI agent that answers the first message in every support conversation. Reads the merchant's question + our public docs corpus and returns a reply. Anthropic does not train on commercial-tier inputs per their commercial terms.
  • Upstash Redis (multi-region). Distributed cache and rate limiting for the API surface. Stores ephemeral keys only.
  • Legal requirements. We may disclose information if required by law, regulation, legal process, or governmental request.

We have data-processing agreements / DPAs in place with each sub-processor and rely on the Standard Contractual Clauses where data leaves the EEA / UK.

5. Data Retention

We keep merchant data while the Service is installed on your Shopify store, and apply targeted retention windows to specific data classes whether or not the Service is installed:

  • Run logs — 7 days, then auto-pruned.
  • Engine event logs (cart events, gift-add/remove, choice-shown) — 30 days.
  • Per-event analytics rows — 90 days.
  • Daily aggregate analytics — 365 days (these are roll-ups, not per-shopper rows).
  • GDPR data-request snapshots — 60 days after fulfilment, then deleted.
  • Merchant audit log (MerchantAction) — 30 days, with an immediate scrub of rows referencing a redacted customer when we receive customers/redact.
  • Custom Blocks (Block table) — merchant-configured storefront block names + per-block JSON config (no PII). Retained until the merchant deletes the block or uninstalls the app, then cascade-removed on shop/redact.
  • A/B test exposure rows (ExperimentExposure) — pruned 90 days after the parent experiment is concluded or archived. Customer IDs and cart tokens on these rows are NULL’d out immediately on customers/redact (the rows themselves stay so merchant-facing experiment stats remain stable).
  • A/B test result snapshots (ExperimentResult) — daily nightly aggregates from compute_experiment_stats. Aggregate counts only (visitors per variant, conversions per variant); no per- shopper rows. Retained for the lifetime of the parent experiment + 90 days of trailing aggregation.
  • Per-customer redemption counts (VltrxRedemption) — integer count per (shop, customer, campaign) for per-customer redemption limits. Deleted immediately on customers/redact; cascade-removed on shop/redact.

Uninstallation vs. compliance redact: when you uninstall the app, session tokens and webhook subscriptions are revoked immediately and the rest of the merchant data is purged within 30 days. Shopify’s compliance webhooks (customers/data_request, customers/redact, shop/redact) trigger targeted deletion regardless of install state — we honour both. Aggregate, anonymised statistics (for example, the count of campaigns across all merchants) may be retained indefinitely because they cannot be traced back to an individual store. The canonical retention table lives in docs/PRIVACY_POLICY.md.

6. Your Rights (Controller / Processor split)

For shopper personal data, the merchant is the data controller and Valotrix Studio SRL acts as a data processor. If you are a shopper exercising GDPR / CCPA rights, please contact the merchant whose store you shopped on. The merchant flows the request to Valotrix Cart Rewards through Shopify’s compliance webhooks (customers/data_request, customers/redact, shop/redact) which we honor on the merchant’s behalf within Shopify’s mandatory deadlines.

Merchants and other Valotrix Cart Rewards customers have the following rights under GDPR / CCPA and similar laws, including:

  • The right to access the personal information we hold about you.
  • The right to request rectification of inaccurate or incomplete data.
  • The right to request deletion (“right to be forgotten”).
  • The right to data portability, where applicable.
  • The right to object to processing or to withdraw consent.

To exercise these rights, email us at valentin@valotrix.com. We will respond within the time frames required by the applicable law.

7. Cookies and Tracking

The Service does not use cookies to track shoppers across sites or load third-party advertising or analytics trackers into your storefront. Inside the embedded admin app we use:

  • First-party cookies for essential app functionality (Shopify session, App Bridge authentication).
  • On the storefront, one first-party cookie may be written: vltrx_reminder_shown (24-hour TTL, SameSite=Lax) - used by the reminder widget when the merchant configures it with Show once per day frequency, so a returning shopper isn't shown the same gift-reminder banner twice within the same day. No tracking, no third-party recipients.
  • When a Scale-plan merchant runs an A/B test, the storefront writes a single browser localStorage key, vltrx_visitor_id, with a random opaque value used to keep the same shopper in the same A/B variant across page loads. Essential-functionality storage; no tracking, no cross-site identifiers, no third-party recipients. The localStorage value is cleared when the shopper clears their browser storage. The server-side row that links this visitor identifier to a Shopify customer is NULL'd out on receipt of a customers/redact GDPR webhook (we cannot reach into a shopper's browser from the server).
  • For each running A/B test the storefront also writes a cart attribute prefixed _vltrx_exp_ pinning the shopper's assigned variant for the lifetime of that cart. Visible only to the merchant in the Shopify Admin; contains no personal data - only the experiment ID and the assigned variant ID.
  • The PostHog SDK is initialised with persistence: "memory", so it does not set tracking cookies and does not persist identifiers across page reloads.
  • Sentry uses no cookies; its error capture relies on in-page instrumentation only.
  • Chatwoot sets its own first-party support-chat cookies on the domain where the widget is loaded (the embedded admin app, the marketing site, and the docs site) so a returning visitor keeps their conversation thread.

The marketing website at cart-rewards.valotrix.com does not set analytics cookies. If that changes in the future, this policy will be updated and, where required, consent mechanisms added.

8. Security

We apply industry-standard practices to protect the data we hold: TLS for data in transit, encryption at rest where supported by the underlying infrastructure, principle-of-least-privilege access controls, and audit logging for administrative actions. No system can be made perfectly secure, but we treat security as a first-class product concern and respond promptly to any incident.

9. Children’s Privacy

The Service is not directed at children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where practical, notify merchants via the app dashboard or email.

11. Contact

Questions about this Privacy Policy or our data practices? Email us at valentin@valotrix.com.

Valotrix Studio SRL · Romania.