Privacy Policy

Last updated: October 2025

Ultimate Social Proof ("we", "our", or "us") respects your privacy and is committed to protecting the personal information collected through our Shopify app. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

1. Data We Collect

From Shopify Stores

When you install Ultimate Social Proof, we collect:

  • Store Information: Your shop domain and store owner details via Shopify OAuth
  • Order Data: Order events (order ID, timestamp, product information) received via the orders/create webhook
  • Product Data: Product information for display in social proof widgets
  • Customer Data: Minimal customer information for social proof display (no personally identifiable information is stored long-term)

Visitor Analytics

To provide you with conversion tracking and analytics, we collect:

  • Page visits and visitor sessions
  • Widget impressions and views
  • Unique impressions per visitor
  • Session exposure to social proof
  • Assisted orders (attributed to social proof)
  • Revenue attribution

All analytics data is stored in aggregated hourly metrics in our PostgreSQL database.

2. How We Use Your Data

We use the collected data to:

  • Display social proof widgets on your storefront (recent purchases, visitor activity, reviews)
  • Provide analytics and conversion attribution in your dashboard
  • Track the performance of social proof notifications
  • Improve our service and develop new features
  • Provide customer support

3. Data Retention

Data retention varies based on your subscription plan:

  • FREE Plan: 7 days of analytics history
  • BASIC Plan: 30 days of analytics history
  • PLUS Plan: 90 days of analytics history
  • PRO Plan: 365 days of analytics history

After your plan's retention period, analytics data is automatically deleted.

4. Technical Infrastructure

Data Processing

  • Cloudflare Workers: Process visitor events in real-time
  • PostgreSQL Database: Stores aggregated hourly metrics
  • Cloudflare KV: Stores temporary real-time counters

Shopify OAuth Scopes

We request the following Shopify permissions:

  • write_products - To access product data for widget display
  • read_orders - To track order events for social proof notifications

Webhooks

We subscribe to the following Shopify webhooks:

  • orders/create - Real-time order notifications
  • app/uninstalled - App removal and data cleanup
  • app_subscriptions/update - Billing events
  • Compliance webhooks: customers/data_request, customers/redact, shop/redact

5. Third-Party Services

HelpScout

We use HelpScout's Beacon widget for customer support. The widget identifies users by their Shopify store domain only. No additional personal data is shared.

Shopify

Our app is hosted on Shopify infrastructure and uses Shopify OAuth for authentication. We comply with all Shopify App Store policies and requirements.

Cloudflare

We use Cloudflare Workers for event processing and Cloudflare KV for temporary storage. Data is processed in accordance with Cloudflare's data protection standards.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (HTTPS/TLS)
  • Secure database access controls
  • Regular security audits
  • Minimal data retention policies

7. Cookies and Tracking

We use cookies and tracking technologies for:

  • Tracking visitor sessions for analytics
  • Measuring widget impressions
  • Attributing orders to social proof exposure

These cookies are necessary for our service to function and provide you with accurate analytics.

8. Your Rights (GDPR)

If you are located in the European Union, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Request a copy of your data in a machine-readable format
  • Objection: Object to processing of your data

To exercise these rights, please contact us at the email address below.

9. CCPA Compliance (California Users)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it's used
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell personal information)

10. Data Deletion Requests

To request deletion of your data:

  1. Uninstall the Ultimate Social Proof app from your Shopify store
  2. Contact us at support@ultimatesocialproof.com

We will delete your data within 30 days of app uninstallation, except where required by law to retain it longer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or through the app dashboard.

12. Contact Information

For privacy inquiries, data requests, or questions about this policy, contact us:

Email: support@ultimatesocialproof.com

Mailing Address: Ultimate Social Proof [Address to be added]

This policy is effective as of October 2025.