On This Page
Your privacy matters. We are committed to protecting your data and being transparent about how it is used.
Privacy Policy
Effective Date: October 01, 2025
Introduction
SpacePOP (the "App") is developed and operated by SpacePOP. This Privacy Policy explains how we access, use, process, and protect information when merchants install and use our Shopify application.
SpacePOP acts as a data processor with respect to merchant store data and customer information accessed through Shopify. By installing or using the App, you agree to this Privacy Policy, which establishes a privacy and data protection agreement between us and our merchants.
Information We Access & Process
We process the absolute minimum personal data required to provide value to our merchants. When you install the App, Shopify provides us access to certain store and customer data strictly necessary for the App function.
Store & Product Information
We process store details and product information to render popups, manage subscriptions, and host dynamic experiences. This includes:
- Store name, email address, and shop domain
- Subscription plan information
- Product titles, descriptions, images, variants, and pricing
Order & Protected Customer Information
To provide highly personalized post-purchase capabilities, we securely fetch order content in real-time. When interacting via the app pop-up/inbox, our system uses the Order ID to make a direct, secure query in the Shopify GraphQL Admin API to display:
- Customer first and last name
- Customer email address and phone number
- Shipping city and state
- Order history and products purchased
Limited Storage and Minimization
We store the minimum customer, order, popup, and analytics data needed to operate SpacePOP, measure campaign performance, attribute results, provide support, and comply with Shopify data requests. Some protected customer fields, including email, phone, billing address, and shipping address, may be stored when required for order-based personalization, attribution, and compliance workflows. We redact or delete this data when required by Shopify compliance webhooks or verified deletion requests.
How We Use the Information
We use the processed personal data and store information exclusively limited to usage to:
Generate and manage popup campaigns
Render personalized post-purchase experiences in real-time
Generate printed packaging messages dynamically
Track anonymous campaign attribution and performance
Provide analytics dashboards to merchants
Maintain and improve app functionality and security
We openly tell merchants exactly what personal data we process and the explicit purposes, firmly reinforcing our usage only to providing value to them.
Customer Consent & Automated Decision-Making
Consent Decisions
Not ApplicableMerchants are responsible for their storefront notices, consent banners, and marketing permissions. SpacePOP processes customer data only to provide the app services merchants enable, including personalization, popup targeting, analytics, and attribution.
Data Sale Opt-Out
Not ApplicableWe do not sell customer personal information. We use customer, order, and event data to provide SpacePOP services to merchants, not to sell data to third parties.
Automated Decisions
Not ApplicableSpacePOP may use data to decide when to show a popup, measure attribution, or personalize an experience. We do not use personal data for automated decisions that produce legal or similarly significant effects for customers.
Webhooks & API Access
The App subscribes to necessary Shopify webhooks to keep infrastructure synchronized, process billing changes, handle uninstall events, and respond to mandatory privacy requests, including:
Data received from Shopify is processed only to provide app functionality, maintain billing and installation state, support merchants, and comply with Shopify privacy and data protection requirements. We verify Shopify webhook HMAC signatures before processing webhook payloads.
Data Retention
- We retain merchant, popup, billing, analytics, and attribution data only while needed to provide the App, comply with legal obligations, resolve disputes, and enforce agreements.
- When the App is uninstalled, we disable the shop record and clear stored Shopify access credentials. Shop and customer data is deleted or anonymized through verified deletion requests and Shopify compliance webhooks.
- Customer redaction requests anonymize or remove stored customer email, phone, addresses, IP addresses, visitor identifiers, and event data where applicable.
Subprocessors & Infrastructure
We use trusted service providers to host, store, process, monitor, and deliver the App. These providers process data only as needed to provide services to SpacePOP.
- Supabase / PostgreSQL: Database hosting, authentication-related storage, backups, and operational data storage.
- Shopify: Platform services, webhooks, and billing infrastructure.
- DigitalOcean or equivalent hosting provider: Application hosting and network infrastructure, when used in production.
- Unomi / analytics infrastructure: Personalization, profile, segment, and event-processing infrastructure when enabled by the merchant.
Data Security
We implement comprehensive industry-standard safeguards to protect data against unauthorized access:
Production infrastructure uses role-based access controls, encrypted transport, credential rotation practices, and limited staff access. We investigate suspected security incidents and notify affected merchants when required by law, Shopify policy, or our contractual obligations.
International Data Transfers
Data may be processed in the United States or other jurisdictions where SpacePOP and its service providers operate. Where required, we rely on appropriate contractual, technical, and organizational safeguards for cross-border processing.
Merchant Responsibilities
Merchants are responsible for ensuring their storefront privacy policy, cookie notices, marketing consent flows, and customer disclosures allow their use of SpacePOP and any connected third-party integrations.
Your Rights
Merchants may request access, correction, export, or deletion of their data by contacting [email protected]. Customer privacy requests may be submitted through the merchant, directly to us, or through the Shopify mandatory compliance webhook process.
Changes to This Policy
We may update this Privacy Policy from time to time. Material updates will be posted on our website with a new effective date, and we will notify merchants when required.
Contact Information
Reach out to us directly if you have any questions or concerns.