Privacy & GDPR
Convertiko FAQ is designed with privacy first. Here's how we handle data.
Overview
Convertiko FAQ is GDPR compliant by design:
- No personal customer data collected
- Anonymous session tracking only
- No third-party data sharing
- Full data export and deletion support
What We Collect
From Merchants (You)
| Data | Purpose | Retention |
|---|---|---|
| Shopify store URL | App functionality | While subscribed |
| Email address | Account & support | While subscribed |
| Product data | FAQ generation | While subscribed |
| Billing info | Payment processing | Per Shopify policies |
From Your Customers
| Data | Purpose | Retention |
|---|---|---|
| Anonymous session ID | Attribution tracking | 90 days |
| Product page views | Impression tracking | 90 days |
| FAQ interactions | Engagement tracking | 90 days |
| Order attribution | ROI calculation | 90 days |
No Personal Data
We do NOT collect names, emails, addresses, or any personally identifiable information (PII) from your customers.
How Session Tracking Works
Session IDs
- Generated randomly when a visitor first sees an FAQ
- Stored in a first-party cookie on your domain
- Contains only a random string (e.g.,
cvk_abc123xyz) - Cannot be traced back to an individual
- Expires after 7 days
Cookie Details
Name: _convertiko_session
Domain: your-store.myshopify.com (your domain)
Expiry: 7 days
Type: First-party, functional1
2
3
4
2
3
4
What's Tracked
Session ABC123 viewed product FAQ at 2:15pm
Session ABC123 clicked question at 2:16pm
Session ABC123 purchased $50 order at 2:25pm1
2
3
2
3
We can calculate: "A session that engaged with FAQs converted with $50"
We cannot know: Who that person is, their email, their history, etc.
GDPR Compliance
Lawful Basis
We process data under:
- Legitimate interest for analytics (anonymous data)
- Contract performance for app functionality (merchant data)
Data Subject Rights
Your customers can exercise GDPR rights through you. We support:
| Right | How We Handle |
|---|---|
| Access | Export all data for a session ID |
| Rectification | N/A (no personal data to correct) |
| Erasure | Delete session data on request |
| Portability | Export in standard format |
| Objection | Disable tracking in settings |
Data Processing Agreement
Our standard terms include GDPR-compliant data processing provisions. Enterprise customers can request a formal DPA.
Cookie Consent
Integration with Consent Banners
Convertiko FAQ respects cookie consent mechanisms:
- We check for common consent signals
- If consent is denied, we skip analytics tracking
- FAQ still displays—only tracking is disabled
Supported Consent Platforms
- Shopify's native cookie banner
- OneTrust
- CookieYes
- Termly
- Most GDPR-compliant consent tools
Manual Consent Handling
If using a custom consent system:
javascript
// Disable Convertiko tracking
window.convertikoConsent = false;
// Or set after consent given
window.convertikoConsent = true;1
2
3
4
5
2
3
4
5
Data Security
Encryption
- All data transmitted over HTTPS/TLS 1.3
- Data at rest encrypted with AES-256
- API keys stored with secure hashing
Access Control
- Role-based access for our team
- Audit logging for data access
- Regular security reviews
Infrastructure
- Hosted on secure cloud infrastructure
- Regular security patches and updates
- DDoS protection enabled
Data Retention
| Data Type | Retention | After Deletion |
|---|---|---|
| Analytics (sessions) | 90 days | Automatically purged |
| FAQ content | While active | 30 days after cancellation |
| Account data | While subscribed | 30 days after deletion |
| Billing records | Per legal requirements | 7 years (legal) |
Data Deletion
Automatic
- Session data automatically purges after 90 days
- No action required
On Request
Merchants can request full data deletion:
- Email privacy@convertikolabs.com
- Include your store URL
- Specify what data to delete
- We'll process within 30 days
App Uninstall
When you uninstall Convertiko FAQ:
- App access is revoked immediately
- FAQ stops displaying on your store
- Data is retained for 30 days (in case of reinstall)
- After 30 days, all data is permanently deleted
Third-Party Sharing
We do NOT share your data with:
- Advertising networks
- Data brokers
- Social media platforms
- Any third parties for their own purposes
We DO share data with:
| Party | Purpose | Data Shared |
|---|---|---|
| AI Provider | FAQ generation | Product descriptions only |
| Stripe (via Shopify) | Billing | Handled by Shopify |
AI Data Usage
When generating FAQs:
- We send product title and description to our AI provider
- Your data is not used to train AI models
- Data is processed securely and not retained after generation
Shopify Data
We access Shopify data under their Partner agreement:
Data We Access
- Products (title, description, images, price)
- Orders (for attribution—order ID and total only)
- Shop info (name, URL, email)
Data We Don't Access
- Customer personal information
- Payment details
- Fulfillment details
- Customer accounts
Contact
For privacy inquiries:
- Email: privacy@convertikolabs.com
- Response time: Within 30 days (usually faster)
For data deletion or export requests, please include:
- Your store URL
- Specific request details
- Verification of ownership