Skip to main content
Eevy.ai

Privacy Policy

Effective Date: October 21, 2025

This Privacy Policy describes how Eevy LLC (“Eevy AI,” “we,” “us,” or “our”) collects, uses, discloses, and protects information in connection with our Shopify app that provides genetic algorithm-based conversion optimization services to merchants.

Please review this Privacy Policy carefully. By visiting merchant websites that use Eevy AI, you are agreeing to the terms set forth in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use websites where our app is installed.

Information We Collect

From Shopify Merchants

When a merchant installs our app, we automatically access certain information from their Shopify account through the following API permissions:

  • read_orders and write_orders: To analyze order data and measure conversion performance
  • read_checkouts and write_checkouts: To track and optimize the checkout process
  • write_pixels: To install our tracking pixel for data collection
  • read_customer_events: To access customer browsing and interaction events
  • read_markets: To understand market segmentation for optimization
  • read_products: To analyze product performance and testing
  • read_content: To optimize content display and layout

We also collect basic store information including store name and domain.

From Website Visitors

Through our web pixel installed on merchant websites, we automatically collect the following information when you visit and interact with stores using Eevy AI:

Browsing Activity:

  • Pages viewed and navigation patterns
  • Products viewed, including product titles, prices, and currency
  • Items added to cart, including quantities and values
  • Checkout events including checkout token, total price, and line items
  • Referrer URL and page titles

Technical Information:

  • User agent and browser type
  • Language preference
  • Screen dimensions
  • Cookie enabled status
  • URL, hostname, and pathname
  • Shopify Client ID (unique identifier assigned by Shopify)
  • Event timestamps and metadata

Important Note: We do NOT collect your name, email address, phone number, physical address, payment information, or any other personally identifiable contact information through our tracking pixel.

How We Collect Information

We collect information in the following ways:

  • Automatically: Through our web pixel integrated with Shopify's Web Pixels API when you browse merchant websites
  • From Shopify: Via API access when merchants install our app
  • Cookies and Similar Technologies: We use cookies, session storage, and local storage to track your interactions and enable our optimization features

How We Use Information

We use the information we collect to:

  • Provide genetic algorithm-based conversion optimization services to merchants
  • Analyze user behavior patterns to improve website conversion rates
  • Test different website variations including layouts, content, and product presentations
  • Generate performance reports and analytics for merchants
  • Improve and enhance our optimization algorithms and technology
  • Debug technical issues and improve our app functionality
  • Detect and prevent fraudulent activity
  • Comply with legal obligations and respond to lawful requests

Legal Basis for Processing (GDPR): For users in the European Economic Area, UK, and Switzerland, we process your data based on legitimate interest (providing analytics and optimization services that benefit both merchants and their customers) and consent (obtained through merchant cookie banners for non-essential cookies).

How We Share Information

With Merchants

We share all behavioral and analytics data collected from a merchant's website with that merchant to enable them to understand and improve their website performance. The merchant's use of this data is governed by their own privacy policy.

With Service Providers

We share information with the following service providers who process data on our behalf:

  • Google Cloud Platform / BigQuery: For data storage, warehousing, and analytics processing. Data is stored in United States data centers. Google acts as our data processor under Standard Contractual Clauses.
  • RudderStack: For customer data pipeline and event routing. RudderStack processes data solely on our instructions.

All service providers are contractually required to protect your information and use it only for providing services to us.

Legal Disclosures

We may disclose your information:

  • To comply with legal obligations, court orders, or governmental requests
  • To protect our rights, property, or safety, or that of our users
  • To prevent fraud or security threats
  • In connection with a business transfer (merger, acquisition, or sale of assets)

Aggregated Data

We may share anonymized, aggregated data that cannot identify individuals for industry research, benchmarking, or marketing purposes.

We do NOT sell your personal information.

Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to:

  • Recognize you across pages and sessions
  • Track the conversion funnel from page view to purchase
  • Enable our genetic algorithm testing functionality
  • Maintain session information and security

Managing Cookies: You can manage cookies through your browser settings or the cookie consent banner displayed on merchant websites (where required by law). Blocking cookies may affect website functionality. We honor Global Privacy Control (GPC) signals.

Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Delete: Request deletion of your personal information (subject to legal exceptions)
  • Correct: Request correction of inaccurate information
  • Opt-Out: Opt out of data collection via cookie settings, Do Not Track, or by contacting us
  • Object: Object to processing based on legitimate interest (GDPR)
  • Restrict: Request restriction of processing in certain circumstances (GDPR)
  • Data Portability: Receive your data in machine-readable format (GDPR)
  • Non-Discrimination: We will not discriminate against you for exercising your rights

How to Exercise Your Rights: Email us at support@eevy.ai with your request. We will respond within 30-45 days depending on your jurisdiction (30 days for California residents, 1 month for GDPR). We may need to verify your identity before processing your request.

Data Retention

We retain personal information for as long as necessary to provide our services and fulfill the purposes described in this policy:

  • Behavioral Data: Retained for 26 months to enable year-over-year analysis and seasonal pattern recognition
  • Merchant Store Data: Retained while the merchant uses our service, plus 90 days
  • Aggregate Reports: Retained indefinitely (no personal information)

When you request deletion or when a merchant uninstalls our app, we delete your data within 30-48 hours, except where retention is required by law.

Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls and multi-factor authentication
  • Secure cloud infrastructure with Google Cloud Platform
  • Regular security monitoring, vulnerability scanning, and audits
  • Data processing agreements with all service providers

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your information.

International Data Transfers

Your information is stored and processed in United States data centers using Google Cloud Platform.

For users in the European Economic Area, UK, and Switzerland: We have implemented appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission with Google Cloud Platform. Google is also certified under the EU-US Data Privacy Framework. You can request a copy of our SCCs by emailing support@eevy.ai.

Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect information from children. If we learn that we have collected information from a child, we will delete it promptly. If you believe we have collected information from a child, contact us at support@eevy.ai.

California Residents – CCPA/CPRA Rights

In the last 12 months, we have collected the following categories of personal information from California residents: Identifiers (online identifiers, IP addresses, device IDs), Internet/Network Activity (browsing history, pages viewed, cart activity), and Inferences (behavioral patterns and preferences).

We use this information for business purposes as described above and disclose it to service providers (Google Cloud Platform, RudderStack) and merchants. We do not sell or share personal information as defined by CCPA/CPRA.

Your California Rights:

  • Right to Know what personal information we collect and how we use it
  • Right to Delete personal information (subject to exceptions)
  • Right to Correct inaccurate information
  • Right to Opt-Out of sale/sharing (not applicable as we don't sell/share)
  • Right to Non-Discrimination for exercising your rights

To exercise your rights: Email support@eevy.ai with subject “California Privacy Rights.” We respond within 45 days.

We honor Global Privacy Control (GPC) signals.

European Residents – GDPR Rights

Data Controller: Eevy LLC is the data controller for processing activities described in this policy.

Legal Basis: We process your data based on legitimate interest (providing analytics and optimization services) and consent (for non-essential cookies).

Your GDPR Rights: Access, rectification, erasure, restriction of processing, data portability, object to processing, withdraw consent, and lodge a complaint with your Data Protection Authority.

To exercise your rights: Email support@eevy.ai with subject “GDPR Rights Request.” We respond within 1 month.

Data Protection Authorities: Find your national DPA at https://edpb.europa.eu/about-edpb/about-edpb/members_en

Shopify Compliance Webhooks

We comply with Shopify's mandatory data protection webhooks:

  • customers/data_request: We provide data associated with the customer's Shopify Client ID
  • customers/redact: We delete customer data within 30 days of receiving the request
  • shop/redact: We delete merchant store data within 48 hours of app uninstallation

Changes to This Policy

We may update this Privacy Policy periodically. If we make material changes, we will notify merchants and provide at least 30 days' notice before changes take effect. The “Effective Date” at the top indicates when the policy was last updated.

Continued use of merchant websites using Eevy AI after policy changes constitutes acceptance of the updated policy.

Contact Us

For privacy questions or to exercise your rights:

Email: support@eevy.ai

For specific requests, use these subject lines:

  • “Privacy Question” – General inquiries
  • “Access Request” – Request your data
  • “Deletion Request” – Delete your data
  • “Opt-Out Request” – Opt out of tracking
  • “California Privacy Rights” – California-specific requests
  • “GDPR Rights Request” – GDPR-specific requests

We will respond within 5 business days for general inquiries and within 30-45 days for rights requests.

Eevy LLC
support@eevy.ai

This Privacy Policy complies with GDPR, CCPA/CPRA, and Shopify App Store requirements.