ShopiDeck LogoShopiDeck
Explore Products
ShopiDeck Suite>Privacy Policy
← Back
Legal & Compliance

Privacy Policy

8 min readβ€’June 1, 2026

DPO Contact

privacy@shopideck.com

Page Link

ShopiDeck is a suite of applications for Shopify and e-commerce. Our apps help merchants improve operations, marketing, data hygiene, automation, analytics, and store performance.

This Privacy Policy explains how ShopiDeck collects, uses, protects, and shares information when you visit our website, install a ShopiDeck app, use our tools, or communicate with us.

This policy applies to the ShopiDeck suite in general. Some apps may process additional data depending on their function. The section "ShopiDeck: Klaviyo Bot Cleaner" explains specific details of that app.

1. Who We Are

ShopiDeck operates tools and applications for Shopify merchants.

  • Privacy contact: privacy@shopideck.com
  • Website: https://shopideck.com
  • Apps: ShopiDeck apps installed from Shopify or used by e-commerce merchants.

When we process personal data of a Shopify store's end customers, the merchant typically acts as the data controller and ShopiDeck acts as a data processor. When we process data related to the merchant's account, support, billing, or direct app usage, ShopiDeck may act as the data controller.

2. Data We May Collect

Depending on the app or service used, we may process:

  • Shopify store data: domain, store ID, installation status, granted permissions, and app configuration.
  • Merchant data: name, email, company, support messages, and preferences.
  • Usage data: actions inside the app, features used, technical errors, plan limits, and operational metrics.
  • Billing data: active plan, subscription status, and billing events managed by Shopify.
  • Technical data: IP address, browser, device, security logs, necessary cookies, and session data.
  • Integration data: OAuth tokens, account IDs, authorized scopes, and data required to connect with external services like Klaviyo or other merchant-authorized tools.
  • End-customer data: only when an app requires it to perform its function and the merchant authorizes it.

We do not sell personal data. We do not use end-customer data from stores for third-party behavioral advertising.

3. Why We Use the Data

We use data to:

  • Install, authenticate, and operate our apps.
  • Provide the features contracted by the merchant.
  • Connect with Shopify and authorized external tools.
  • Calculate usage limits, plans, and feature access.
  • Improve security, prevent abuse, and resolve errors.
  • Provide technical support.
  • Comply with legal, privacy, and Shopify obligations.
  • Send operational communications about the app, important changes, or support.

4. Legal Basis in the European Union

When GDPR applies, we rely on legal bases such as:

  • Performance of a contract: to provide our apps.
  • Legitimate interest: for security, support, operational improvement, and abuse prevention.
  • Legal compliance: when we must retain or deliver information due to a legal obligation.
  • Consent: when required.
  • Merchant instructions: when processing personal data of their store's end customers.

GDPR requires informing individuals clearly about what data is processed, why, for how long, who it is shared with, and what rights they have. We base this policy on that logic of transparency.

5. Data Sharing

We may share data with:

  • Shopify, for installation, authentication, billing, webhooks, and app operations.
  • Providers of infrastructure, hosting, database, security, and monitoring.
  • Support or communication providers when necessary.
  • Integrations authorized by the merchant.
  • Legal authorities, if required by law.

We require providers to process data only for the necessary purposes and with reasonable security measures.

6. International Transfers

ShopiDeck may process data in the United States or other countries. If data of individuals from the European Economic Area, United Kingdom, or Switzerland is transferred internationally, we will use appropriate legal mechanisms, such as standard contractual clauses or other recognized frameworks.

7. Security

We apply reasonable security measures, including:

  • Encryption of sensitive tokens when applicable.
  • Authentication and authorization on protected routes.
  • Separation between backend data and frontend-visible data.
  • Use of environment variables for secrets.
  • Input validation.
  • Restricting permissions to the minimum necessary.
  • Logs without tokens, secret keys, or passwords.
  • Review of access and anti-abuse measures.

No system is completely invulnerable, but we work to reduce risks in a reasonable manner.

8. Data Retention

We retain data only as long as necessary to operate the suite, fulfill contracts, maintain audit trails, resolve disputes, provide support, or comply with legal obligations.

When a store uninstalls an app or requests deletion, we process the erasure or anonymization as appropriate and according to Shopify requirements and applicable law.

9. Privacy Rights

Depending on your location, you may have the right to:

  • Access your data.
  • Correct inaccurate data.
  • Request erasure.
  • Request portability.
  • Limit or object to certain processing.
  • Withdraw consent where applicable.
  • Not receive discrimination for exercising privacy rights.
  • File a complaint with a data protection authority.

If you are an end customer of a store using ShopiDeck, please contact the merchant first. We process those data following the merchant's instructions.

10. Privacy in the United States

Depending on the state, users may have rights of access, correction, deletion, portability, and opting out of the sale or sharing of personal data.

ShopiDeck does not sell personal data and does not share personal data for cross-context behavioral advertising.

11. Cookies

We may use cookies or technical storage to:

  • Maintain sessions.
  • Authenticate users.
  • Remember settings.
  • Improve security.
  • Analyze basic operation of the site or app.

Where required by law, we will display consent options.

12. Minors

ShopiDeck is directed at merchants and businesses. It is not designed for minors under 13 nor to intentionally collect data from minors.

13. Changes to This Policy

We may update this policy when our apps, providers, legal requirements, or privacy practices change. We will publish the updated version with a new date.

14. Contact

For privacy questions:

  • ShopiDeck Suite
  • privacy@shopideck.com
  • https://shopideck.com

Specific Section: ShopiDeck: Klaviyo Bot Cleaner

ShopiDeck: Klaviyo Bot Cleaner is a Shopify app that helps merchants detect, review, and suppress suspicious or fake profiles in Klaviyo.

Specific Data Processed

In addition to general suite data, this app may process:

  • Shopify store domain.
  • Installation status.
  • Active plan and plan limits.
  • Klaviyo account ID.
  • Encrypted Klaviyo OAuth tokens.
  • Authorized Klaviyo scopes.
  • Klaviyo profile emails.
  • Profile first and last name, if they exist.
  • Klaviyo profile ID.
  • Profile creation or update dates.
  • Suppression status when Klaviyo provides it.
  • Risk score.
  • Reasons for the score.
  • Scan results.
  • History of merchant-requested suppressions.

Why We Use This Data

The app uses this data to:

  • Connect Shopify with Klaviyo via OAuth.
  • Scan authorized profiles in Klaviyo.
  • Detect suspicious bot patterns or fake profiles.
  • Show explainable results to the merchant.
  • Allow manual review before any action.
  • Suppress profiles in Klaviyo only when confirmed by the merchant.
  • Avoid showing already suppressed profiles as pending.
  • Calculate monthly plan limits.
  • Generate usage metrics and estimated savings.

How Detection Works

The app uses explainable rules such as identifying temporary or disposable email addresses, malformed structures, absent or generic names, lack of normal customer activity signals, creation in high-volume patterns, or existing suppression status.

The scan results do not represent an absolute truth. The app assigns risk categories like "Probable bot", "Needs review", or "Low risk". The merchant always reviews the profiles and makes the final decision.

Profile Actions

The app does not permanently delete profiles in the current version. The primary action is suppression in Klaviyo, which prevents those profiles from receiving marketing campaigns or automated flows.

The app never suppresses profiles automatically without explicit merchant confirmation.

Specific Security of Klaviyo Bot Cleaner

For this application, Klaviyo credentials and OAuth tokens are stored in encrypted format and are never exposed in the frontend. Subscription statuses are verified directly in the backend, and limits are enforced server-side. The app uses Shopify Billing for subscriptions, avoids storing full payloads unless necessary, and maintains a secure audit trail of all manual scans and suppressions.