Terms & Privacy

1. Service description

Valotrix Cart Rewards is a Shopify app operated by Valotrix Studio SRL. The service helps merchants create and run automatic cart reward campaigns (including free gifts, rule-based promotions, and related storefront messaging) inside Shopify.

2. Account requirements

To use the app, you must have an active Shopify store and a valid Shopify billing method for paid plans. You are responsible for maintaining accurate account details and complying with Shopify's platform terms.

3. Acceptable use

You agree not to misuse the service. This includes, but is not limited to:

• Attempting to abuse, disrupt, or reverse-engineer the app or infrastructure.
• Using the app for unlawful, deceptive, or fraudulent activity.
• Circumventing plan limits, feature gates, billing rules, or technical safeguards.

4. Service availability

We provide the service on a best-effort basis and continuously work to maintain reliability. However, we do not provide a guaranteed uptime SLA, and temporary interruptions may occur for maintenance, updates, platform dependencies, or events outside our control.

5. Data ownership and processing

You retain ownership of your store data and campaign content. We process data only as needed to provide the app's features, support operations, and comply with legal obligations, as detailed in the Privacy Policy below.

6. Limitation of liability

To the maximum extent permitted by law, Valotrix Studio SRL is not liable for indirect, incidental, special, consequential, or punitive damages, including loss of profits, revenue, data, or goodwill arising from use of (or inability to use) the service.

7. Termination

You may terminate at any time by uninstalling the app. We may suspend or terminate access in cases of abuse, legal requirements, or material breach of these terms. When the app is uninstalled, data deletion is handled via Shopify GDPR webhooks (including shop redaction), as described in the Privacy Policy.

8. Changes to terms

We may update these terms from time to time. For material changes, we will provide at least 30 days' notice through in-app communication, email, or both. Continued use after the effective date means acceptance of the updated terms.

9. Governing law

These terms are governed by the laws of Romania. Any disputes arising from these terms will be subject to the competent courts of Romania, unless otherwise required by applicable law.

1. Introduction

Valotrix Cart Rewards ("the App") is operated by Valotrix Studio SRL. This privacy policy explains what data we collect, how we use it, how long we retain it, and how merchants can request deletion.

Effective date: February 27, 2026

2. Data we collect

The App collects and processes the following data:

• Shop data - Store domain, plan/billing metadata, and app settings used to identify your shop, enforce plan limits, and run app behavior.
• Campaign configuration - Rules, condition trees, reward settings, and messaging options created by merchants.
• Cart tokens (optional) - Anonymous Shopify cart tokens are collected only when the collectCartTokens setting is enabled.
• Customer tags (not stored) - Customer tags provided by Shopify Liquid config are evaluated for rule targeting and are not stored in our database.
• Customer IDs - Shopify customer IDs may be stored for per-customer redemption tracking and webhook analytics linking.
• Order webhook data - From orders/create we process order ID, order totals, line items, and optional Shopify customer ID for analytics and redemption logic.
• Analytics events - Event records such as gift_added,gift_removed, order_converted, choice_shown,choice_selected, checkout_with_gift, andorder_completed_with_gift.
• Run logs - Debug snapshots of cart state (item IDs/quantities and rule decisions) to troubleshoot issues.
• A/B experiment exposures - When a Scale-plan merchant runs an A/B test on a campaign, we record one row per (experiment, visitor) on first exposure. The row stores a stable visitor identifier (vltrx_visitor_id from browser localStorage, or the Shopify customer ID if logged in, or the Shopify cart token), the assigned variant, and the bucket source. This is essential for delivering the same variant consistently across page loads.
• A/B experiment configuration and results - For each experiment we store lifecycle metadata (Experiment table - status, seed, coverage, primary metric), per-variant configuration (ExperimentVariant - name, allocation %, rule reference), and per-variant aggregate results (ExperimentResult - exposures, orders, revenue cents, RPV/AOV/conversion-rate, Bayesian chance-to-win, χ² SRM p-value). Results are retained permanently to preserve "we won at X% uplift" history.
• Custom Blocks - Merchant-configured Custom Block storefront entries (Block table - name, type, enabled flag, JSON config with template and style overrides). No shopper data.

3. Data retention

Default retention windows:

• Run logs: 7 days (and maximum 200 recent run logs per shop)
• Events: 30 days baseline for event stream records
• Analytics events: 90 days by default
• Aggregates: 365 days for daily analytics totals
• GDPR data-request snapshot: 60 days after the merchant marks the request fulfilled
• Merchant audit log: 30 days, with immediate scrub on customers/redact
• A/B experiment exposures (ExperimentExposure): same as analytics events for concluded/archived experiments; running experiments retain indefinitely
• A/B experiment results (ExperimentResult): permanent - preserves "we won at X% uplift" history
• Custom Blocks (Block): until the merchant deletes the block, the shop is uninstalled, or shop/redact fires

Merchants can configure detailed analytics retention in Settings (30, 60, 90, 180, or 365 days). Event retention has a minimum baseline of 30 days.

4. GDPR compliance and deletion

We handle Shopify's required compliance webhooks:

• CUSTOMERS_DATA_REQUEST - We confirm what customer-linked data exists in our systems.
• CUSTOMERS_REDACT - We delete customer redemption rows and redact customer IDs from analytics records where applicable. For A/B experiment exposure rows, we NULL-out the customer-link fields by both customerId and any associated cartToken to catch pre-login exposures (preserving the variant assignment for stats integrity but severing the link to the redacted customer).
• SHOP_REDACT - We permanently delete all app data for that shop.

On app uninstall, we receive the app/uninstalled webhook, clear active sessions, and mark the shop as uninstalled. Full deletion occurs when Shopify sends shop/redactor when a merchant requests deletion manually.

5. Third-party services and subprocessors

• Render (US) - Application hosting (Node.js / Remix) and the Postgres database. Data resides in Render's US region.
• PostHog (EU instance, eu.i.posthog.com) - Product analytics for the embedded admin app. Events identify the shop by domain and include plan and admin-page path. SDK runs with persistence: "memory" and session recording disabled (no tracking cookies, no session recordings). No shopper data is sent to PostHog.
• Sentry (US ingest) - Server- and client-side exception aggregation for the embedded admin. Cross-border transfers governed by the Standard Contractual Clauses incorporated into Sentry's DPA. No shopper PII is captured.
• Google - Identity Provider for Valotrix Cart Rewards staff sign-in to internal admin routes. Merchants and shoppers do not authenticate through Google.
• Resend / SendGrid (US) - Optional transactional email delivery when merchants enable alert emails.
• Chatwoot Cloud (US) - In-app, marketing-site, and docs-site live chat. Conversation transcripts are stored on Chatwoot Cloud's US infrastructure under Chatwoot's data processing terms.
• Anthropic (US, Claude Haiku 4.5) - Powers the AI agent that answers the first message in every support conversation. The conversation thread is sent to Anthropic's API for each AI reply. Anthropic does not train on commercial-tier inputs per their commercial terms.
• Upstash Redis (multi-region) - Distributed cache and rate limiting. Stores ephemeral keys only.

We do not sell merchant data and we do not use third-party advertising trackers on storefronts. We have data-processing agreements with each sub-processor and rely on the Standard Contractual Clauses where data leaves the EEA / UK.

6. Personal data scope

We do not store customer names, addresses, payment details, or other direct PII beyond Shopify-provided identifiers needed for app functionality (for example, customer ID for redemptions and optional order/customer IDs in analytics records).

Customer email handling. When Shopify forwards a customers/data_request webhook on a shopper's behalf, the payload includes the shopper's email. We persist that email on a GdprDataRequest row so the merchant can identify which shopper to respond to. Customer emails on these rows are deleted 60 days after the merchant marks the request fulfilled. Outside this controller-flowed legal request, we do not store shopper emails.

6a. Controller / processor split

For shopper personal data, the merchant is the data controller and Valotrix Studio SRL acts as a data processor. Shoppers exercising GDPR / CCPA rights should contact the merchant directly. The merchant flows the request to Valotrix Cart Rewards through Shopify's compliance webhooks (customers/data_request, customers/redact, shop/redact), which we honor within Shopify's mandatory deadlines. For merchant data (campaigns, billing metadata, app-usage analytics) Valotrix Cart Rewards is the controller and merchants can contact us directly at valentin@valotrix.com.

7. Your rights and deletion requests

Merchants can request access, correction, export, or deletion of app data.

• Access - Request a copy of the data we store about your store.
• Deletion - Request deletion by uninstalling the app, waiting for Shopify redaction webhooks, or contacting us directly at valentin@valotrix.com.
• Correction - Update your campaign data at any time through the App interface.

8. Cookies and tracking

The storefront app logic does not set advertising cookies. One first-party cookie may be set on the storefront: vltrx_reminder_shown (24-hour TTL, SameSite=Lax) - written when a merchant configures the reminder widget with Show once per day frequency, so a returning shopper isn't shown the same gift-reminder banner twice within the same day. Browser session storage may also be used for transient UI state (for example, reminder dismissal within the current session). Embedded admin authentication uses Shopify session mechanisms.

Browser localStorage. The storefront engine writes a single localStorage key, vltrx_visitor_id, when a Scale-plan merchant runs an A/B test that the shopper is bucketed into. The value is a random opaque string used to keep the same shopper in the same A/B variant across page loads - without it, a shopper who refreshes mid-cart could see a different gift offer, defeating the purpose of the test. The identifier is essential-functionality storage under GDPR; it is not used for tracking, advertising, or fingerprinting. The localStorage value is cleared when the shopper clears their browser storage; the corresponding server-side row that links this visitor identifier to a customer is NULL'd out on receipt of a customers/redact GDPR webhook.

Cart attributes (_vltrx_exp_<id>). When a shopper is exposed to an A/B test, the storefront engine writes a cart attribute pinning their assigned variant for the lifetime of that cart. The attribute is visible only to the merchant in the Shopify Admin and is not included in customer-facing receipts. It contains no personal data - only the experiment ID and the assigned variant ID.

Live chat (Chatwoot). When the embedded admin or marketing-site live-chat widget is loaded, the Chatwoot SDK sets first-party cookies onapp.chatwoot.com (Chatwoot Cloud) for session continuity - typically cw_conversation and cw_user. These are essential-functionality storage scoped to the support-chat domain and are not used for tracking, advertising, or fingerprinting. Conversation data is processed by Anthropic (Claude Haiku 4.5) for the AI first-responder via a docs-grounded RAG flow; messages are not used to train Anthropic models per their API terms.

9. Changes to this policy

We may update this policy periodically. Material updates are communicated in-app or by email, and the Last updated date reflects the latest revision.

10. Contact

If you have questions about this privacy policy or your data, contact us at:

Valotrix Studio SRL
Email: valentin@valotrix.com