Privacy Policy

UserSessions.io ("we", "our", or "us") is operated by UserSessions LLC. This Privacy Policy explains how we collect, use, and protect information when you use our Shopify application and website. By installing UserSessions.io, you agree to the collection and use of information in accordance with this policy.

When you install UserSessions.io, we collect the following information from your Shopify store through Shopify's API: Store Information: Your store domain, store name, email address, currency, and timezone. Order Data: Aggregated order counts, revenue totals, and average order values from the last 30 days. We do not store individual customer order details. Abandoned Checkout Data: Counts and aggregate values of abandoned checkouts. We do not store individual customer information. Product Data: Product counts, descriptions, and inventory levels to identify optimization opportunities. Analytics Data: Script tags installed on your store to detect analytics tools. Theme Data: Your active theme name and creation date. We do not collect, store, or process any personal data belonging to your customers. We do not record customer sessions, keystrokes, or any personally identifiable customer information.

We use the information collected to: — Generate weekly AI-powered store diagnoses identifying conversion opportunities — Send you weekly email reports with actionable fix recommendations — Track revenue recovery when you mark issues as fixed — Compare your store metrics against industry benchmarks — Improve the accuracy of our diagnosis engine over time We do not sell your data to third parties. We do not use your store data for any purpose other than providing the UserSessions.io service.

Your store data is stored securely in Supabase (PostgreSQL) with row-level security ensuring complete data isolation between merchants. Each merchant can only access their own store data. We use industry-standard encryption for data in transit (TLS/HTTPS) and at rest. Your Shopify access token is stored encrypted and is only used to make authorized API calls to your store. We retain your data for as long as your app is installed. You can request deletion of your data at any time by contacting support@usersessions.io.

We use the following third-party services to operate UserSessions.io: Shopify: Our app is built on the Shopify platform. Your use of Shopify is governed by Shopify's Privacy Policy. Supabase: We use Supabase for database storage. Data is stored in secure, encrypted PostgreSQL databases. Email Delivery: We use a third-party transactional email provider to send your weekly diagnosis emails. Your email address is shared with this provider solely for the purpose of delivering these emails. OpenAI: We use OpenAI's API to generate diagnosis text. Aggregated, anonymized store metric data is sent to OpenAI to generate your weekly recommendations. No personally identifiable information is shared. Slack (optional): If you configure Slack alerts, your Slack webhook URL is stored and used to send diagnosis notifications to your specified channel.

If you are located in the European Economic Area, you have the following rights: Right to Access: You can request a copy of the data we hold about your store. Right to Rectification: You can request correction of inaccurate data. Right to Erasure: You can request deletion of your store data at any time. Right to Portability: You can request your data in a machine-readable format. Right to Object: You can object to our processing of your data. To exercise any of these rights, contact us at support@usersessions.io. We will respond within 30 days.

When you uninstall UserSessions.io from your Shopify store, we mark your store record as inactive but retain your diagnosis history for 90 days in case you reinstall. After 90 days of inactivity, or upon your explicit request, we permanently delete all data associated with your store including snapshots, diagnoses, fix events, and shared reports. To request immediate deletion of all your data, email support@usersessions.io with the subject line "Data Deletion Request" and your store domain.

UserSessions.io complies with Shopify's mandatory GDPR webhook requirements: Customer Data Request (customers/data_request): We will provide any customer data we hold upon request within 30 days. Note: we do not store individual customer data. Customer Data Erasure (customers/redact): We will erase any customer data upon request. Note: we do not store individual customer data. Shop Data Erasure (shop/redact): We will permanently erase all shop data within 90 days of receiving this request.

UserSessions.io uses minimal cookies strictly necessary for authentication and session management. We do not use advertising cookies or tracking pixels on our dashboard. Our marketing site (usersessions.io) may use cookies for analytics purposes to understand how visitors use our site. These cookies do not identify you personally.

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and by posting the new policy on this page with an updated date. Your continued use of UserSessions.io after changes are posted constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, contact us at: Email: support@usersessions.io Company: UserSessions LLC Website: https://usersessions.io For urgent data deletion requests or security concerns, email support@usersessions.io with "URGENT" in the subject line. We will respond within 24 hours.