Back to Home

Privacy Policy

Last updated: December 8, 2025

TL;DR – The Short Version

Your data stays yours

We never sell or share personal data with third parties.

No names, no emails (for us)

Captured leads go directly to your CRM—we don't access them.

Anonymized learning

AI learns from aggregated, anonymous patterns—not individual identities.

Shopify compliant

Built to meet Shopify's strict app requirements.

1. Information We Collect

When you install Host on your Shopify store, we collect:

  • Store Information: Your Shopify store URL, name, and basic configuration settings needed to display popups.
  • Visitor Interactions: Anonymous behavioral data such as which popups were shown, click-through rates, and responses to survey questions. This data is aggregated and anonymized.
  • Zero-Party Data: Information that visitors voluntarily provide through popups (e.g., "I'm shopping for a gift" or "I came from Instagram"). This data is stored to personalize their experience and is sent directly to your connected CRM.

2. Information We Do NOT Collect

We explicitly do not collect, store, or have access to:

  • Customer email addresses (these go directly to your CRM)
  • Customer names or personal identifiers
  • Payment or financial information
  • Passwords or authentication credentials

3. How We Use Your Data

We use collected data to:

  • Power AI Learning: Our AI analyzes anonymized, aggregated patterns to improve popup timing, messaging, and targeting across all stores. No individual data is used.
  • Improve Our Service: Understand usage patterns to build better features and fix issues.
  • Provide Analytics: Show you conversion rates, opt-in rates, and other metrics in your dashboard.

4. Data Sharing

We do not sell your data. We may share data only:

  • With Your CRM: When you connect Klaviyo, HubSpot, or other integrations, lead data flows directly to those services per your configuration.
  • Service Providers: We use trusted infrastructure providers (Vercel, Supabase) who process data on our behalf under strict confidentiality agreements.
  • Legal Requirements: If required by law or to protect our legal rights.

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for stored data
  • Regular security audits
  • Access controls and authentication

6. Data Retention

We retain your store data while your account is active. Upon uninstalling the app, we delete your data within 30 days unless you request immediate deletion.

7. Your Rights

You have the right to:

  • Access the data we hold about your store
  • Request deletion of your data
  • Export your analytics data
  • Opt out of AI learning contributions

8. GDPR & CCPA Compliance

Host is designed to help you remain compliant with GDPR and CCPA. Our popups can be configured to include consent notices, and we process data as a "data processor" on your behalf.

9. Changes to This Policy

We may update this policy from time to time. We'll notify you of significant changes via email or in-app notification.

10. Contact Us

Questions about privacy? Reach us at:

Email: privacy@hostapp.io