Privacy policy

Attravo (“Attravo,” “we,” “us,” or “our”) builds Shopify apps and runs done-for-you services for Shopify brands. This privacy policy explains how we handle data across both surfaces.

Our apps are listed on the Shopify App Store and operate under the scopes verified and approved by Shopify. Our services engagements involve direct access to a customer’s Shopify store, analytics tools, and email service providers under signed agreements.

Contact: team@attravo.com.

This policy covers:

• Our Shopify apps: Drawer Cart, Bundle Builder, Product Quiz, and any future apps published under the Attravo developer account.
• Services engagements: Conversion Rate Optimization, Retention Marketing, Theme Development, and custom work.
• Our marketing surfaces: attravo.com, waitlists, newsletters, and contact forms.

When a Shopify merchant installs one of our apps, we receive only the data permitted by the scopes the merchant approves during installation. Every scope is reviewed and verified by Shopify before our apps are published.

Store data

• Shop name, domain, primary email, plan, currency, and timezone.
• Products, collections, variants, and inventory levels required to render bundles, cart upsells, and quiz recommendations.
• Order data from the last 60 days, used for analytics, attribution, and revenue reporting back to the merchant.
• Discount codes and promotions tied to the app.

Customer-facing app data

• Anonymized device and activity data (geolocation, IP address, browser, operating system) for app analytics.
• Quiz answers and email or phone numbers explicitly submitted by shoppers through Product Quiz.

Staff data

• Store owner contact details (name, email, address) used for billing and support.

Services engagements involve direct, scoped access to the customer’s tooling under a signed Master Services Agreement and the associated DPA.

• Shopify admin access with role-based permissions (limited to what the engagement requires).
• Read or read/write access to your ESP (Klaviyo, Postscript, Attentive, Mailchimp), CDP, analytics (GA4, Heap, Mixpanel), and testing tools (Convert, VWO, Optimizely) as relevant to the engagement.
• Anonymized customer and order data used for cohort analysis, retention modeling, and CRO test design.
• Stakeholder contact data (name, email, role) for project communication.

Access is revoked at engagement close. Data extracted during the engagement is deleted within 30 days of project close, unless retention is requested for a follow-on sprint.

• Contact form submissions: name, work email, store URL, interest area, and message body.
• Waitlist signups: email and any context you submit.
• Standard analytics: page views, referrer, device, IP address. We use privacy-respecting analytics and do not sell or share data with advertising networks.

For details on cookies and similar technologies, see our cookies policy.

Our apps and infrastructure run on Google Cloud Platform (GCP) in regions chosen for compliance and latency. All data in transit is encrypted with TLS 1.3. All data at rest is encrypted using GCP-managed keys.

• Production data is logically isolated per Shopify shop.
• Backups are encrypted, retained for 30 days, and automatically purged on schedule.
• Access to production systems is restricted by role, protected by SSO and multi-factor authentication, and audited.
• We follow standard industry protocols for incident response, vulnerability management, secrets management, and least-privilege access.

We use the following sub-processors to operate the apps and services. Each is bound by a written data processing agreement consistent with this policy.

• Google Cloud Platform — application hosting, database, storage, and analytics infrastructure.
• Shopify — app installation, OAuth, billing, and order webhooks.
• Stripe — payment processing for services invoices.
• Resend / Postmark — transactional email for app and account notifications.
• Sentry / Datadog — error monitoring and performance telemetry. No customer PII is forwarded.

A current list of sub-processors is available on request. Email team@attravo.com.

When a merchant uninstalls one of our apps, we trigger our deletion routines automatically. Within 48 hours:

• All shop-specific data is purged from production databases.
• Quiz responses, bundle configurations, cart data, and analytics records associated with the uninstalled shop are deleted.
• Encrypted backups containing the shop’s data are flagged for purge on the next backup rotation cycle (max 30 days).

We honor Shopify’s mandatory GDPR webhooks: customers/data_request, customers/redact, and shop/redact. Manual deletion requests are honored within 30 days.

Depending on your jurisdiction (GDPR, UK GDPR, CCPA, CPRA, LGPD), you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your personal data.
• Request a portable copy of your data.
• Object to or restrict certain processing.
• Withdraw consent where processing relies on consent.
• Lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, email team@attravo.com. We respond within 30 days.

Data may be processed in regions where GCP operates, including the United States, the European Union, and the Asia-Pacific region. Where transfers occur outside the EU/UK, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards.

Our apps and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

We update this policy as our practices, sub-processors, or applicable laws change. Material changes are announced via the app dashboard and via email to active customers at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

For privacy questions, data requests, or to report a concern, email team@attravo.com. We respond within 24 business hours.