This Privacy Policy describes how GeoTailor (“we”, “us”, or “our”) collects, uses, and shares information when you install or use the GeoTailor Shopify app (“the App”) or visit our marketing website at geotailor.shop.
1. Information We Collect From Merchants
When you install the App on your Shopify store, we access and store information needed to operate the service, including:
Your shop domain, plan, and app configuration (geo rules, popups, campaigns, and related settings).
Theme and app-embed status needed to run storefront personalization.
Product catalog information (read-only) when you use admin features that require picking products, for example regional product blocking on eligible plans.
Checkout validation configuration associated with GeoTailor’s purchase guard, where enabled (as required by Shopify’s validation APIs).
Billing and subscription status for app plans.
OAuth access tokens and related session data required to call Shopify on your behalf.
We use this merchant information only to provide, secure, and improve the App. We do not sell merchant data.
2. Storefront Visitors and Your Customers
GeoTailor helps merchants personalize storefronts by visitor location and display optional geo-targeted popups. Depending on how you configure the App, the following may apply to your store visitors:
Country and region detection
To run geo rules and popups, we process network signals (such as IP-derived location data) to estimate a visitor’s country or region. We use this for geo-targeting only. We do not use it to identify individual visitors by name, and we do not collect payment card details through GeoTailor.
Optional popup email signup (merchant-controlled)
If you add an email signup block to a geo popup, a visitor may submit their email address and marketing consent on your storefront. In that case:
We process the email address only to create or update a customer record in your Shopify admin and apply the marketing consent settings you configured.
We require the visitor to accept your marketing consent text before the signup is submitted.
We do not store customer email addresses in GeoTailor’s own application database. The email is transmitted securely to Shopify’s Customer API on your behalf.
We may store aggregate counts (for example, total popup email signups per popup) for analytics inside the App.
We do not collect your customers’ names, mailing addresses, or phone numbers through GeoTailor unless you enable separate Shopify features outside this App’s scope. We do not sell your customers’ personal data.
3. How We Use Information
We use the information described above to:
Deliver geo rules, popups, theme blocks, and related storefront personalization you configure.
Process optional popup email signups into your Shopify customer list when you enable that feature.
Show product search and configuration tools in the merchant admin.
Measure app usage and popup performance using aggregated analytics.
Provide merchant support, security monitoring, billing, and service improvements.
We limit our use of personal data to these purposes. GeoTailor does not use your customers’ data for our own advertising or marketing campaigns.
4. Sharing and Processors
We share information only as needed to operate the App:
Shopify. We use Shopify to authenticate the App, read and write store data you authorize, and create or update customers when optional popup email signup is used.
Hosting and infrastructure providers. We use secure hosting providers (for example, encrypted hosting on DigitalOcean) to run the App.
We do not sell personal information. We may disclose information if required by law or to protect the security and integrity of the service.
5. Data Retention and Security
We retain your shop configuration, analytics aggregates, and account data while the App is installed and for a reasonable period afterward to comply with legal obligations and resolve disputes. When you uninstall the App, we delete or anonymize shop data in line with Shopify’s mandatory compliance webhooks and our operational procedures.
Customer email addresses submitted through optional popup signups are retained in your Shopify admin, not in GeoTailor’s database. Database backups of our systems are retained for a limited period (typically up to 14 days) for disaster recovery.
We protect data in transit using HTTPS/TLS. Production systems use access controls, webhook HMAC verification, and other safeguards described in our security practices. Use our contact form if you need more detail about how we protect merchant data.
6. Your Rights, GDPR, and Shopify Compliance Webhooks
GeoTailor supports Shopify’s mandatory privacy compliance webhooks (customers/data_request, customers/redact, and shop/redact). Because we do not persist customer email addresses in our database, customer redaction requests are generally satisfied by acknowledging the request and confirming that GeoTailor holds no separate copy of that customer’s email.
Merchants are responsible for their own privacy obligations to store visitors and customers. If you are a data subject with questions about data processed on a merchant’s store, please contact that merchant directly.
7. Marketing Website
Our public website at geotailor.shop may use standard browser cookies or similar technologies for theme preferences and basic site functionality. We do not use the marketing site to collect your customers’ personal data.
8. Changes
We may update this Privacy Policy from time to time to reflect changes to our practices or for legal, operational, or regulatory reasons. The “Last updated” date at the top of this page will change when we do. Please revisit this page periodically.
9. Contact Us
For questions about this Privacy Policy or our data practices, use our contact form.