Privacy Policy

Last updated: April 21, 2026  ยท  GDPR & CCPA Compliant

๐Ÿ”’ GDPR Compliant ยท Shopify Partner App

๐Ÿ“‹ Overview

SmartSell Quiz ("we", "our", or "us") is a Shopify embedded application that helps store merchants create interactive product recommendation quizzes. This Privacy Policy explains how we collect, use, disclose, and safeguard information when merchants install our app and when their customers complete quizzes on merchant storefronts.

By installing or using SmartSell Quiz, you agree to the practices described in this policy.

๐Ÿ“ฅ Information We Collect

From Merchants (Shopify store owners):

  • Shopify store domain and authentication tokens (required for API access)
  • Billing information โ€” processed entirely by Shopify, we never store card details
  • App configuration: quiz content, styles, product mappings, and settings
  • Plan and subscription status

From Storefront Visitors (your customers):

  • Quiz answers and selections submitted during quiz completion
  • Email addresses, if a quiz question explicitly asks for one
  • Anonymized session identifiers for analytics
  • Timestamp and usage data (question views, completion events)

We do not collect payment card information, passwords, or sensitive personal data beyond what is listed above.

โš™๏ธ How We Use Your Data

  • Deliver product recommendations based on quiz responses
  • Display analytics dashboards to merchants
  • Sync quiz results to Klaviyo / Shopify Customers โ€” only when explicitly enabled by the merchant
  • Process billing and subscription management via Shopify Billing API
  • Send transactional emails related to your account
  • Monitor and improve app performance and features

We do not use customer data for advertising, profiling, or any purpose beyond providing the SmartSell Quiz service.

๐Ÿค Data Sharing

We do not sell, rent, or trade your data. Data is shared only in these limited cases:

  • Shopify: Via the Shopify API as required by app functionality, governed by the Shopify Partner Program Agreement
  • Klaviyo: Only when the merchant explicitly enables the integration โ€” data goes to the merchant's own Klaviyo account
  • ImageKit: Merchant-uploaded images are stored via ImageKit CDN for optimized delivery
  • Infrastructure providers: Render (hosting) and PostgreSQL database โ€” contractually prohibited from accessing your data
  • Legal compliance: Disclosure only when required by law or court order

๐Ÿ—“๏ธ Data Retention

  • Quiz responses and analytics data: retained while the app is installed, deleted within 30 days of uninstall
  • Store configuration and quiz content: deleted within 30 days of app uninstall
  • Billing records: retained for 7 years as required by financial regulations

Merchants can request immediate deletion of all quiz response data at any time by contacting our support team.

โš–๏ธ Your Rights

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request permanent deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing in certain circumstances
  • Restriction: Request that we limit how we use your data

To exercise any right, contact our support team. We will respond within 30 days.

๐Ÿ” Security

  • All data transmitted over HTTPS / TLS encryption
  • Database hosted on encrypted PostgreSQL with restricted access
  • Access tokens stored securely, never exposed in client-side code
  • Regular security audits and dependency updates
  • Shopify HMAC verification on all webhook events

๐Ÿช Cookies

SmartSell Quiz uses only strictly necessary cookies:

  • Session cookies: Required for Shopify OAuth authentication and app session management within the Shopify Admin
  • No tracking cookies: We do not use advertising, analytics, or third-party tracking cookies on storefront visitors

The storefront quiz widget does not set any cookies on your customers' browsers.

๐Ÿ›๏ธ Shopify Data Compliance

Our app complies with Shopify's mandatory data compliance webhooks:

  • customers/data_request: We respond to customer data requests within 30 days
  • customers/redact: We permanently delete customer data upon request
  • shop/redact: We permanently delete all store data within 48 hours of the post-uninstall grace period

๐Ÿ‡ช๐Ÿ‡บ GDPR & CCPA

For EU/EEA residents (GDPR): Our lawful basis for processing merchant data is contractual necessity. For storefront visitor data, the lawful basis is the merchant's legitimate interest in providing product recommendations.

For California residents (CCPA): We do not sell personal information. California residents have the right to know what personal information we collect, to request deletion, and to opt out of any sale (which we do not engage in).

๐Ÿ“ Changes to This Policy

We may update this Privacy Policy when our practices change. Material changes will be reflected with an updated "Last updated" date and, where possible, notified through the app. Continued use after changes constitutes acceptance.

โœ‰๏ธ Contact

For privacy-related questions, data requests, or concerns, reach us at:

Privacy & Data Requests

We aim to respond within 5 business days.

โœ‰๏ธ Send Email