This Privacy Policy explains how SmartPop (“we”, “us”, the “App”), provided by 2gether2shine, collects, uses, and protects information when a merchant installs the App on their Shopify store and when visitors interact with pop-ups the merchant displays. By installing or using SmartPop, you agree to this policy.
1. Who is responsible for your data
For data about store visitors (for example, an email submitted to a back-in-stock pop-up), the merchant is the data controller and SmartPop acts as a data processor on the merchant’s behalf. For data about the merchant’s own account, SmartPop is the controller. Merchants are responsible for having a lawful basis and their own privacy notice for collecting visitor data.
2. Information we collect
| Category | Examples | Source |
|---|---|---|
| Store / account data | Shop domain, plan tier, billing status, app settings and pop-up configurations. | Shopify, the merchant |
| Storefront catalog data | Product and collection handles/titles (read-only) used for pop-up targeting. | Shopify Admin API (scopes: read_products, read_themes) |
| Verification analytics | Aggregate counts of pop-up “verified / unverified” events, an optional country code, and a timestamp. No birthdate or personal identifier is stored — the age check happens in the visitor’s browser. | Storefront pop-up |
| Back-in-stock leads | Email address, the product it relates to, optional locale and consent flag, and a timestamp — only when a visitor submits the form. | Storefront pop-up (visitor-provided) |
We do not collect payment card details. Billing is handled entirely by Shopify.
3. Cookies
To avoid showing a pop-up repeatedly, the App may set a first-party cookie
in the visitor’s browser (e.g. smartpop_seen_…) that records
that a pop-up was already passed, for a duration the merchant configures.
This cookie contains no personal data and is used solely for display
frequency.
4. How we use information
- To provide and operate the App’s features for the merchant.
- To show pop-ups and remember display preferences on the storefront.
- To produce aggregate analytics for the merchant’s dashboard.
- To store back-in-stock leads so the merchant can export and contact them.
- To enforce plan limits and provide support.
We do not sell personal information.
5. How information is stored & shared
Data is stored in a secured PostgreSQL database (hosted on Neon) and the application is hosted on Fly.io, with access restricted and connections encrypted in transit (TLS). We share data only with these service providers (sub-processors) strictly to operate the App:
- Shopify — platform, authentication, billing.
- Neon — database hosting.
- Fly.io — application hosting.
6. Data retention
Account and configuration data is kept while the App is installed. Back-in-stock leads are kept until the merchant exports/removes them or the App is uninstalled. When the App is uninstalled, associated store data is deleted in line with Shopify’s data-retention requirements (see below).
7. Your rights & GDPR / CCPA
We honor Shopify’s mandatory privacy webhooks. When a store customer or a store owner requests it through Shopify, we:
- Provide data we hold about a customer (
customers/data_request); - Delete a customer’s data (
customers/redact); - Delete all of a shop’s data 48 hours after uninstall (
shop/redact).
Depending on your jurisdiction, you may have rights to access, correct, delete, or port your data, or to object to processing. To exercise these, contact us or your store (for visitor data, contact the merchant).
8. Children
The App helps merchants restrict access to age-restricted stores. It is not directed at children, and we do not knowingly collect personal data from children.
9. Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.
10. Contact
Questions about this policy or your data? Email support@example.com (2gether2shine).