# Privacy Policy (Project / App)

This document describes how Seleric Integration handles data when installed on a Shopify store.

## Summary

- Install **Seleric Integration** from the Shopify App Store only; do not use a separate custom app from Shopify Admin **Develop apps**.
- Seleric Integration helps merchants forward Shopify Customer Events to a merchant-controlled Tracking project.
- The merchant chooses whether tracking is anonymized or identified (and may require consent depending on configuration).
- The app stores Shopify sessions needed to operate and does not need to store buyer event payloads in its own database.

## What Seleric Integration does

- Provides a Shopify Admin embedded app UI to configure Tracker settings for a merchant’s store.
- Deploys a **Web Pixel extension** to capture Shopify Customer Events and forward them to Tracker.
- Optionally deploys a **Theme App Extension** storefront snippet (for Tracker features that require a storefront script).

## Data collected on the storefront / checkout (Web Pixel)

When enabled by the merchant, the Web Pixel subscribes to Shopify Customer Events (for example `page_viewed`, `product_viewed`, `checkout_completed`) and sends event payloads to Tracker.

Campaign parameters (UTMs, click IDs) can be captured from the URL and persisted for attribution.

### Customer privacy & consent

- Seleric Integration uses Shopify’s Customer Privacy APIs to respect buyer consent.
- If the merchant chooses an **anonymized** strategy, Seleric Integration avoids sending identifying customer properties.
- If the merchant chooses an **identified** strategy (or identified-by-consent), Seleric Integration can include identifying properties (such as email) when permitted by the merchant’s configuration and/or consent state.

### Categories of data that may be processed

Depending on merchant configuration and which Shopify events are enabled, the Web Pixel may process:

- **Device and browser data**: user agent details, screen/viewport dimensions.
- **Event and page context**: URLs, referrers, timestamps, product/collection/cart context.
- **Attribution parameters**: UTM parameters and click IDs when present in the URL.
- **Identifiers (optional)**: if enabled by the merchant (and where required, based on consent), customer identifiers such as **email**.
- **Checkout/customer event payload fields**: Shopify-provided fields associated with the subscribed event topics.

## Data stored by the app

Seleric Integration stores:

- **Shopify sessions** required to authenticate API calls (via Prisma session storage). These sessions can include the
  shop domain, access token, and (optionally) the Shopify admin user email tied to the session.
- **Configuration** in Shopify (via metafields and pixel settings), not in PixieHog’s own database.

Seleric Integration does **not** need to store buyer event payloads in its own database to function.

## Where data is sent

- **To Shopify**: the app uses Shopify APIs and receives webhook payloads required to operate.
- **To Tracker**: when enabled by the merchant, the Web Pixel forwards events to the merchant’s configured Tracker host
  and project API key. The merchant controls retention and access to that Tracker project.

## Retention

- **App database**: Shopify sessions are retained only as long as needed to keep the app functional and are deleted on
  uninstall and shop redact events.
- **Tracker**: retention is controlled by the merchant within their Tracker project settings.

## Admin UI analytics

For Shopify App Store review safety, Seleric Integration’s embedded Admin UI does **not** initialize Tracker tracking by default in this repository.

## Data deletion / compliance webhooks

Seleric Integration registers Shopify’s mandatory compliance webhooks:

- `customers/data_request`
- `customers/redact`
- `shop/redact`
- `app/uninstalled`

The expected behavior is:

- On **app/uninstalled**: remove stored sessions for that shop.
- On **redact** topics: delete/anonymize any stored data associated with the customer/shop (if any is stored).

For more detail, see `DATA_DELETION.md`.

## India (DPDP) notice

If you operate in India, you may be subject to the Digital Personal Data Protection Act, 2023 (“DPDP”).

- **Role**: for storefront/customer-event analytics sent to Tracker, the merchant typically determines the purposes and
  means of processing and is therefore generally the “data fiduciary” under DPDP, while Seleric Integration acts as a
  “data processor” for certain processing activities and an independent controller for its own operational data (for
  example, billing/support communications).
- **Purpose limitation**: the app processes data to provide analytics integration, app functionality, troubleshooting,
  and compliance operations (webhooks, uninstall cleanup).
- **Consent / notice**: the merchant is responsible for providing buyer notices and obtaining consent where required
  for cookies/identifiers/analytics, including when enabling identified tracking.
- **Cross-border transfers**: if the merchant configures Tracker or hosting in another country, event data may be
  transferred cross-border as part of providing the service.

## Your rights and requests

If you are a buyer and want to access, correct, or delete data collected via a merchant’s store, contact the merchant
directly. The merchant controls the Tracker project and is best placed to fulfill requests about analytics data.

If you are a merchant and need help with deletion of app-stored data (such as sessions) or want guidance on compliance
webhooks, contact support via `/support`.

## Contact

If you are a merchant and need help with Seleric Integration (including privacy or deletion questions), contact us:

- **Support page**: `/support`
- **Email**: `shop@tervigon.com`