Privacy Policy

RevBooster ("we", "us", "the app") is a Shopify app that shows recently-viewed product galleries and AI-ranked upsell, cross-sell, and downsell recommendations on a merchant's storefront. This policy explains what data we handle.

1. We do not collect customer personal data

RevBooster is designed to store no customer personal information — no names, emails, addresses, phone numbers, or Shopify customer ids. Storefront activity is associated with an anonymous, randomly-generated session id kept in the browser's localStorage, which cannot be linked back to a person.

2. Data we receive from Shopify

• Shop information: shop domain, plan, primary email, country, currency, timezone.
• Product information: titles, types, tags, prices, images, and availability — used to render recommendation widgets and the offer builder (via the read_products scope).
• Order data (via the read_orders scope / orders/create webhook): we read each new order's line items to detect our own attribution tag (_revbooster_source) and the line prices. This is Protected Customer Data; we request it solely to measure the revenue our widgets drive. We do not read or store customer names, emails, addresses, or phone numbers from orders.

3. Data we generate

• Anonymous widget events — impressions, clicks, and add-to-cart actions keyed by the anonymous session id, used to compute click-through analytics.
• Attribution records — for orders our widgets influenced, we store the order id/name, which widget drove it, the attributed line revenue, and the order total. We also add an order tag (e.g. "RevBooster") in your store via the write_orders scope. No customer PII is stored.
• Cached AI recommendation rankings + copy, keyed by product, with a time-to-live.
• Merchant configuration — widget settings and manual offer rules.

4. Data we send to third parties

• Google (Gemini) — for AI ranking we send product metadata only (titles, types, tags, prices). No customer identifiers are ever sent. Disabled when no API key is configured.
• Sentry (optional error monitoring) — code stack traces and request metadata, with cookies and tokens redacted.

We do not sell or rent data, and we do not share data with advertising platforms.

5. Data retention

• Configuration and analytics events are retained while the merchant has the app installed.
• On uninstall, Shopify fires shop/redact 48 hours and 7 days later; on delivery we delete all data associated with that shop.
• Because we store no customer-linked data, a customers/redact request has nothing to delete — we acknowledge it per Shopify's spec.

6. Security

• All data is transmitted over TLS.
• Webhook and App Proxy requests from Shopify are verified by HMAC signature before processing.
• Merchant access tokens are stored encrypted at rest at our database provider.

7. Changes & contact

We may update this policy; material changes are notified to merchants in advance. Questions: support@revbooster.app.