Summary Overview

Privacy & Terms Snapshot

This page summarizes how RouteSpark handles merchant & shopper data. It is designed for clarity—not to replace our full legal documentation. For formal Terms of Service or the complete Privacy Policy, please contact support@routespark.net.

Data Collected Processing & Purpose Security Shopper Data Retention Compliance Your Controls Policy Updates Contact

Data Collected

We collect only what is required to deliver functionality, improve performance, and maintain platform integrity:

Shop Authentication: Shopify shop identifier, access scopes, and API tokens (stored encrypted).
Configuration: Preset definitions, chip bar content, targeting rules, experiment variants.
Operational Metrics: View, impression & interaction events tied to aggregate analytics—not to personally identified shoppers.
Billing Metadata: Subscription plan, activation timestamps, upgrade / cancellation markers.
System Logs: Error traces, performance diagnostics, security anomalies (rotated & minimized).

Processing & Purpose

RouteSpark processes data to:

Render contextual chip bar experiences & routing logic.
Attribute engagement & conversion events to experiences.
Support optimization decisions (CTR, conversion lift, assisted funnel movement).
Maintain security posture & abuse prevention.
Provide merchant support & troubleshooting help.

Security

We apply a layered approach:

Encrypted storage (at-rest & in-transit) for tokens & sensitive config.
Principle of least privilege for internal service access.
Automated dependency & vulnerability scanning.
Isolation of analytics event ingestion from control interfaces.
Controlled retention windows for diagnostic logs.

Shopper Data Handling

RouteSpark does not attempt to personally identify shoppers. We operate on ephemeral or pseudonymous identifiers strictly for aggregate performance analysis. We do not sell, rent, or broker any behavioral data.

Retention

Configuration data persists while a merchant account remains active. Analytics events are aggregated, and raw granular logs are cycled after a limited operational window (typically 30–90 days).

Compliance & Platform Alignment

We align with Shopify platform requirements & common regulatory expectations (e.g., GDPR principles) regarding minimization & purpose limitation. Merchants remain responsible for presenting appropriate disclosures to end shoppers within their storefront experience.

Your Controls

Data Export: Merchants may request structured export of key configuration & summarized analytics.
Deletion: Uninstallation triggers token revocation & scheduled purge of related configuration & analytics records after a safety delay.
Support: Reach out any time via support@routespark.net for clarifications.

Policy Updates

We will version and timestamp material changes. Continued usage after updates constitutes acceptance. Substantive modifications (e.g., new processing categories) will trigger proactive notice.

Contact

For formal legal requests or security notifications, contact support@routespark.net. For general platform questions, use support@routespark.net.

This summary is provided for transparency and convenience. In the event of any conflict with formal agreements, the executed or published legal documents prevail.