1. Information We Collect
When you install Host on your Shopify store, we collect:
- Store Information: Your Shopify store URL, name, and basic configuration settings needed to display popups.
- Visitor Interactions: Anonymous behavioral data such as which popups were shown, click-through rates, and responses to survey questions. This data is aggregated and anonymized.
- Zero-Party Data: Information that visitors voluntarily provide through popups (e.g., "I'm shopping for a gift" or "I came from Instagram"). This data is stored to personalize their experience and is sent directly to your connected CRM.
- Order Data (Revenue Attribution): When a customer uses a Host-generated discount code, we receive order ID, total value, currency, and the discount code used. We use this solely to attribute revenue to leads captured through Host and sync conversion data to your CRM. We do not store customer names, addresses, or payment details from orders.
2. Emails We Store
We store customer emails submitted through popups for the following purposes:
- Discount Code Delivery: To send the promised discount or offer to the visitor.
- CRM Synchronization: To sync leads to your connected CRM (Klaviyo, etc.) with associated tags and context.
- Analytics: To track conversion rates and show lead counts in your dashboard.
We do NOT collect:
- Customer names or personal identifiers beyond email
- Payment or financial information
- Passwords or authentication credentials
3. How We Use Your Data
We use collected data to:
- Power AI Learning: Our AI analyzes anonymized, aggregated patterns to improve popup timing, messaging, and targeting across all stores. No individual data is used.
- Improve Our Service: Understand usage patterns to build better features and fix issues.
- Provide Analytics: Show you conversion rates, opt-in rates, and other metrics in your dashboard.
- Revenue Attribution: Track when customers redeem Host discount codes to show you which leads converted to sales, and sync this data to your CRM for complete marketing attribution.
4. Data Sharing
We do not sell your data. We may share data only:
- With Your CRM: When you connect Klaviyo, HubSpot, or other integrations, lead data flows directly to those services per your configuration.
- Service Providers: We use trusted infrastructure providers (Vercel, Supabase) who process data on our behalf under strict confidentiality agreements.
- Legal Requirements: If required by law or to protect our legal rights.
5. Data Security
We implement industry-standard security measures including:
- Encryption in transit (HTTPS/TLS)
- Encryption at rest for stored data
- Regular security audits
- Access controls and authentication
6. Data Retention & Deletion
We retain your store data while your account is active. Upon uninstalling the app:
- Immediate Deletion: All stored data including leads, events, and store settings are permanently deleted.
- Cascade Delete: Associated records are automatically removed per GDPR requirements.
7. Your Rights
You have the right to:
- Access the data we hold about your store
- Request deletion of your data
- Export your analytics data
- Opt out of AI learning contributions
8. GDPR & CCPA Compliance
Host is designed to help you remain compliant with GDPR and CCPA. Our popups can be configured to include consent notices, and we process data as a "data processor" on your behalf.
9. Changes to This Policy
We may update this policy from time to time. We'll notify you of significant changes via email or in-app notification.
10. Contact Us
Questions about privacy? Reach us at:
Email: support@tryhost.co