Privacy Policy

Last updated: February 22, 2026

1. Introduction

RecoBoost ("we", "us", or "our") is a Shopify application that provides product recommendation features for online stores. This Privacy Policy explains how we collect, use, and protect information when you install and use RecoBoost.

2. Information We Collect

We collect the following categories of data through the Shopify platform:

2.1 Store Information

  • Store domain name and store name
  • Shopify plan information
  • OAuth session data (access tokens for API communication)

2.2 Product Data

  • Product IDs and basic product information (title, image, price)
  • Product browsing patterns and popularity metrics

2.3 Customer Behavioral Data

  • Browsing history (product page views)
  • Cart additions
  • Purchase events (order ID, product ID, quantity)
  • Session identifiers (anonymous)
  • Customer IDs (only for logged-in customers, as provided by Shopify)

2.4 Analytics Data

  • Recommendation impressions, clicks, and conversions
  • Aggregated performance metrics (CTR, CVR)

3. How We Use Information

The data we collect is used exclusively to:

  • Generate personalized product recommendations for store visitors
  • Provide analytics dashboards showing recommendation performance
  • Improve recommendation accuracy through aggregated behavioral analysis
  • Manage subscription billing through Shopify Billing API
  • Provide customer support

4. Data Storage and Security

  • Data is stored in secure, encrypted databases (Supabase / PostgreSQL).
  • Caching layers (Upstash Redis) are used for performance optimization with encrypted connections.
  • The application is hosted on Vercel with TLS encryption for all data in transit.
  • Access tokens and sensitive credentials are stored server-side only and never exposed to the client.
  • All Shopify webhook payloads are verified using HMAC signature validation.

5. Data Sharing

We do not sell, rent, or share personal data with third parties for marketing purposes. Data is shared only with:

  • Shopify — as required for app functionality and billing
  • Infrastructure providers (Vercel, Supabase, Upstash) — for hosting and data storage, under their respective privacy policies

6. Data Retention

  • Behavioral data (browsing history, analytics) is retained while the app is installed.
  • Upon app uninstallation, session data and behavioral data are immediately deleted. Store configuration is retained for re-installation convenience.
  • Upon receiving a shop data deletion request (GDPR shop/redact), all data including store configuration is permanently deleted within 48 hours.

7. GDPR and Data Rights

We comply with GDPR and Shopify's mandatory data protection requirements. Store owners and their customers have the right to:

  • Access — Request a summary of stored personal data
  • Deletion — Request deletion of personal data
  • Portability — Receive data in a structured format

These requests are processed automatically through Shopify's GDPR webhooks (customers/data_request, customers/redact, shop/redact).

8. Cookies and Tracking

RecoBoost uses a locale preference cookie (recoboost_locale) for dashboard language settings. We use Shopify's Web Pixels API for purchase tracking, which operates under Shopify's own cookie and consent policies. We do not use third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by the "Last updated" date at the top of this page. We encourage you to review this page periodically.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: ecboost.system@gmail.com