Home / Shopify Privacy Policy

Shopify Privacy Policy

Smart Recognition Shopify App - Privacy Policy

Last Updated: March 30, 2026

Smart Recognition, LLC ("Smart Recognition," "we," "our," or "us") operates the Smart Recognition Shopify App (the "App"), which is available through the Shopify App Store. This Privacy Policy describes how we collect, use, disclose, and protect information when you install and use our App on your Shopify store.

This Privacy Policy applies specifically to the Smart Recognition Shopify App and supplements our general Data Services & Privacy Policy available at https://www.smartrecognition.com/privacy-policy/. In the event of any conflict between this Shopify App Privacy Policy and our general Privacy Policy, this Shopify App Privacy Policy shall govern with respect to data collected through or in connection with the App.

1. About the App

The Smart Recognition Shopify App enables Shopify merchants to enable consented identity resolution for website visitors by matching device fingerprints against Smart Recognition's opted-in partner marketing database of over 220 million U.S. online shoppers. When a visitor to your Shopify store is matched, the App delivers the visitor's email address and associated data points to your designated email service provider (ESP), customer relationship management system (CRM), or other marketing platform.

The App operates via Shopify's Web Pixels API, which runs within a sandboxed environment on your Shopify storefront.

2. Information We Collect

2.1 Information Collected from Merchants (Store Owners)

When you install and configure the App, we collect:

  • Shopify store information: Your store name, store URL (myshopify.com domain), and Shopify store ID, as provided through the Shopify OAuth installation process.
  • Account configuration data: Your Smart Recognition Account ID, which you enter in the App settings page to connect your store to our identification service.
  • Contact information: Your name and email address as associated with your Shopify account, used for App-related communications and support.
  • App usage data: Information about how you interact with the App's admin interface, including settings changes and configuration updates.

2.2 Information Collected from Store Visitors (Your Customers)

When a visitor browses your Shopify store, the App's Web Pixel collects the following information:

  • Device fingerprint data: A combination of browser and device attributes used to create a non-cookie-based identifier. This may include browser type, screen resolution, installed plugins, time zone, language settings, and other technical attributes.
  • Cookie identifiers: Unique identifiers stored in the visitor's browser to recognize return visits.
  • IP address: The visitor's Internet Protocol address at the time of their visit.
  • Browsing behavior on your store: Pages visited, products viewed, time spent on pages, cart activity, and checkout events as provided through Shopify's standard customer events.
  • Page URL and referral data: The specific URLs visited on your store and how the visitor arrived at your store.

2.3 Information Obtained from Our Database

When a visitor's device fingerprint is matched against our partner marketing database, we may associate the following information with that visitor:

  • Email address: The primary identifier returned to the merchant.
  • Demographic data: Such as approximate income range, age range, household size, or home ownership status.
  • Interest and preference data: Such as product categories the individual has shown interest in, hobbies, or purchasing tendencies.
  • Online activity data: Such as whether the associated email address has been recently active and the type of marketing engagement linked to the email.

All matched individuals in our database have provided consent to receive third-party marketing communications and to have their data shared with participating partners for marketing purposes. Data is sourced from third-party publishers, marketing partners, and cooperative databases where individuals have provided such consent, and our partners are required to maintain records of consent and comply with applicable privacy laws. Our database is cleaned every 30 days to ensure email deliverability and accuracy.

3. How We Use the Information

3.1 To Provide Our Service

  • Matching anonymous store visitors against our opted-in database to identify their email addresses.
  • Delivering matched lead data to the merchant's designated ESP, CRM, or marketing platform.
  • Enabling email remarketing, retargeting via Facebook/Google audiences, and abandoned cart recovery.
  • Displaying App settings, status, and configuration options within the Shopify Admin.

3.2 To Operate and Improve the App

  • Monitoring App performance, diagnosing technical issues, and ensuring the Web Pixel functions correctly.
  • Analyzing aggregate usage patterns to improve match rates, accuracy, and service quality.
  • Testing, developing, and deploying updates to the App.

3.3 To Communicate with Merchants

  • Sending service-related notifications about the App (e.g., updates, maintenance, or changes).
  • Responding to merchant support requests.
  • Providing onboarding guidance and usage recommendations.

3.4 To Comply with Legal Obligations

  • Responding to data subject access requests, deletion requests, and opt-out requests.
  • Complying with applicable privacy laws and regulations.
  • Responding to lawful requests from law enforcement or government authorities.

4. How We Share Information

4.1 With the Merchant (Store Owner)

Matched visitor data - including email addresses and associated data points - is delivered directly to the merchant's designated marketing platform (e.g., Klaviyo, Omnisend, Sendlane, or other ESPs/CRMs). The merchant controls how this data is subsequently used for their own marketing purposes.

4.2 With Service Providers

We share information with third-party service providers who assist us in operating the App, including technology infrastructure providers, hosting services, data processing partners, and customer support tools. These service providers are contractually obligated to use the information only for the purposes of providing services to us.

4.3 With Business Partners

We may share information with data partners to maintain, verify, and enhance the accuracy of our identification database, as described in our general Privacy Policy.

4.4 As Required by Law

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Smart Recognition, our merchants, their customers, or the public.

4.5 In Connection with Business Transfers

If Smart Recognition is involved in a merger, acquisition, or sale of all or a portion of its assets, information may be transferred as part of that transaction.

5. Data Retention

  • Merchant account data is retained for as long as the App remains installed on your Shopify store. When you uninstall the App, we will delete your store configuration data within 48 hours of receiving Shopify's shop/redact compliance webhook.
  • Visitor identification data processed through our database is subject to Smart Recognition's standard data retention policies. Our database is updated and cleaned on a rolling 30-day cycle.
  • Matched lead data delivered to the merchant's ESP/CRM is under the merchant's control. Smart Recognition does not retain copies of matched lead data after delivery. Identification is based on probabilistic matching techniques and may not be 100% accurate.

6. Shopify Compliance Webhooks & Data Requests

In compliance with Shopify's requirements and applicable privacy laws, the App supports the following mandatory compliance webhooks:

  • Customer Data Request (customers/data_request): When a customer requests their data from a store owner, Shopify notifies us. We will provide any data we hold about the identified customer to the store owner within 30 days.
  • Customer Data Erasure (customers/redact): When a customer requests deletion of their data, Shopify notifies us. We will delete any personal data we hold about the identified customer within 30 days, unless we are legally required to retain it.
  • Shop Data Erasure (shop/redact): When a merchant uninstalls the App, Shopify notifies us within 48 hours. We will delete all customer data associated with that store within 30 days. Merchants are responsible for ensuring their own privacy policies, disclosures, and consent mechanisms comply with applicable laws when using data obtained through the App.

7. Cookie and Tracking Technologies

The App's Web Pixel operates within Shopify's sandboxed environment and may use the following technologies:

  • Cookies: Small data files stored on the visitor's browser to recognize return visits and support identification matching. Cookie usage is governed by Shopify's Customer Privacy settings and the merchant's cookie consent configuration.
  • Device fingerprinting: Non-cookie-based identification using a combination of browser and device attributes.
  • Pixel/beacon technology: The Web Pixel fires on page load and relevant Shopify customer events (page views, product views, cart views, checkout events) to collect behavioral signals.

The App integrates with Shopify's Customer Privacy API and respects cookie consent preferences configured by the merchant. If a store visitor declines marketing or analytics cookies through the merchant's cookie banner, the Web Pixel will not fire in accordance with Shopify's consent framework.

The App also recognizes the Global Privacy Control (GPC) signal on browsers, browser extensions, or devices that support it.

8. Your Rights and Choices

8.1 For Store Visitors (Shoppers)

If you are a visitor to a Shopify store that uses Smart Recognition, you have the following rights:

  • Opt-Out of Identification: You may opt out of Smart Recognition's identification database at any time by visiting https://www.smartrecognition.com/database-opt-out/. After receiving your request, we will generally remove your personal information from our active marketing database within 15 business days.
  • Opt-Out of Retargeting: To opt out of retargeting services, visit https://www.smartrecognition.com/database-opt-out/ and click the "Opt Out" option. Note that this opt-out is cookie-based and must be performed on each browser you use.
  • Unsubscribe from Emails: You can click the "unsubscribe" link in the footer of any marketing email sent by a merchant using data from Smart Recognition.
  • Do Not Sell My Personal Information (California Residents): California residents may submit a "Do Not Sell" request at https://www.smartrecognition.com/ccpa-do-not-sell/ or by emailing privacy@smartrecognition.com.

8.2 For Merchants (Store Owners)

  • Access and Manage Your Data: You can view and modify your App settings at any time through the Shopify Admin.
  • Uninstall the App: You may uninstall the App at any time through your Shopify Admin. Upon uninstallation, the Web Pixel will immediately stop firing on your storefront, and we will delete your store data as described in Section 5.
  • Request Data Deletion: You may request deletion of any data we hold about your store by contacting us at privacy@smartrecognition.com.

9. State-Specific Privacy Rights

Residents of certain U.S. states, including Florida under the Florida Digital Bill of Rights (FDBR), have additional privacy rights under applicable state privacy laws. For detailed information about your rights under the laws of California (CCPA/CPRA), Colorado, Virginia, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, Oregon, or Delaware, please refer to the applicable addendum in our general Privacy Policy at https://www.smartrecognition.com/privacy-policy/.

In general, residents of these states may have the right to:

  • Request access to the personal information we have collected about them
  • Request correction of inaccurate personal information
  • Request deletion of personal information
  • Opt out of the sale of personal information, targeted advertising, or consumer profiling
  • Appeal a decision regarding a privacy rights request

To exercise any of these rights, contact us at privacy@smartrecognition.com or use the applicable request form at https://www.smartrecognition.com/database-opt-out/.

10. International Data Transfers

Smart Recognition is based in the United States. If you access or use the App from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers are located. By using the App, you consent to the transfer of your information to the United States, which may have different data protection rules than your country.

For merchants or visitors located in the European Economic Area (EEA) or United Kingdom: We will take appropriate steps to ensure that transfers of personal data are in accordance with applicable law and carefully managed to protect your privacy rights. Where required, we will use standard contractual clauses or other legally recognized transfer mechanisms.

11. Data Security

We implement industry-standard physical and electronic security measures to protect the data we collect, including firewall protection, encryption, data hashing and truncation, and access controls. However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

12. Children's Privacy

The App and our services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we discover that we have inadvertently collected personal information from a child under 16, we will promptly delete that information. If you believe we have collected information from a child under 16, please contact us at privacy@smartrecognition.com.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the App's features, or applicable laws. When we make changes, we will update the "Last Updated" date at the top of this page. We encourage merchants to review this Privacy Policy periodically. Continued use of the App after any changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise any privacy rights, you may contact us at:

Smart Recognition, LLC
Email: privacy@smartrecognition.com
Website: https://www.smartrecognition.com
Opt-Out Page: https://www.smartrecognition.com/database-opt-out/
CCPA Do Not Sell: https://www.smartrecognition.com/ccpa-do-not-sell/

For general inquiries about the Shopify App:
Email: support@smartrecognition.com
Website: https://www.smartrecognition.com/support/

2021 – 2026 © Smart Recognition – A Smart Brands Company