Privacy · Free Shipping Bar
Free Shipping Bar — Privacy Policy
Last updated: June 21, 2026
This policy applies specifically to the Free Shipping Bar Shopify app. For the general Boost Apps website policy, see the main privacy page.
Scope of this policy
This page describes how the Free Shipping Bar Shopify app (the “App”) processes data when installed on a merchant’s Shopify store. It supplements the general Boost Apps website privacy policy and applies only to the App itself.
Data the App collects from merchants
When a merchant installs the App, Shopify shares the shop domain and an OAuth access token with the App. The App also stores the campaign configuration (bar text, goal amount, colors, scheduling, targeting) that the merchant creates inside the admin UI. No merchant employee personal data is collected beyond what Shopify provides for authentication.
Data the App collects from storefront visitors
When the bar is displayed on a merchant’s storefront, the App records anonymous analytics events: a randomly generated session identifier, the cart subtotal at the time of the event, and the event type (impression, goal reached, conversion). Conversion events include the Shopify order ID supplied by Shopify’s Web Pixel runtime. The App does not collect names, email addresses, IP addresses, payment information, or any other directly identifying information about shoppers.
Cookies set by the App
On storefronts where the App is active, two first-party cookies are set with a 24-hour lifetime: one marks that the bar was shown in the current session, and one stores the App’s event endpoint so that the Shopify Web Pixel can attribute a completed checkout to the bar. These cookies are used solely for conversion attribution and contain no personal data.
How data is used
Merchant configuration is used to render the bar on the storefront via Shopify metafields. Analytics events are aggregated to produce the dashboard and analytics views inside the App admin (impressions, goal-reached counts, conversion rate, attributed revenue). Data is not sold, rented, or shared for advertising purposes.
Third parties
The App relies on Shopify APIs (Admin GraphQL, Theme App Extension, Web Pixel) to function and on the App’s own hosting provider and managed PostgreSQL database for storage. No data is sent to advertising networks, social platforms, or other third parties.
Data location and security
All App data is stored in a managed PostgreSQL database. Access tokens are stored encrypted at rest. Transport between the storefront, the App, Shopify, and the database is encrypted with TLS. Access to production systems is restricted to the App operator.
Retention and deletion
Campaign data and analytics events are retained for as long as the App is installed on a store, so historical metrics remain available to the merchant. When a store uninstalls the App, the merchant’s OAuth session is deleted immediately and any active subscription is cancelled. 48 hours after uninstall, Shopify sends a shop/redact webhook and the App permanently deletes all remaining campaigns, analytics events, and subscription records for that shop.
GDPR compliance webhooks
The App implements the three mandatory Shopify compliance webhooks. customers/data_request and customers/redact are acknowledged with no data action because the App does not store customer-identifying information. shop/redact triggers a full purge of the shop’s data as described above.
Children
The App is built for Shopify merchants and is not directed at children. It does not knowingly collect data from children.
Changes to this policy
Material changes to this policy will be reflected on this page with an updated revision date. Continued use of the App after a change constitutes acceptance of the revised policy.
Contact
Questions, data requests, or concerns about this policy can be sent to hello@boostapps.dev.