SessionFlow (“SessionFlow”, “we”, “our”, or “us”) provides a Shopify-compatible application that enables merchants to maintain customer login continuity, account experiences, and event accuracy across sessions.

This Privacy Policy explains how personal data is processed when merchants use SessionFlow on Shopify stores and how privacy requirements are respected in accordance with Shopify App Store policies and applicable privacy laws.

1. Roles & Responsibilities

SessionFlow acts primarily as a data processor on behalf of Shopify merchants. Merchants remain the data controllers and are responsible for determining the purposes and lawful bases for processing personal data.

SessionFlow acts as a limited independent controller solely for security, fraud prevention, service reliability, and aggregated non-identifiable product analytics.

2. Data Processed

SessionFlow may process customer identifiers (such as Shopify customer ID), contact information provided by users, session and login data, cart state, event metadata, IP address, and browser/device information, strictly on merchant instruction.

3. Identification & Session Continuity

SessionFlow supports session continuity for logged-in users and temporary identifiers for anonymous visitors. Anonymous identifiers are limited in retention and scope unless consent is provided or an account is created.

4. Advertising & Analytics

Where enabled by merchants, SessionFlow may enrich event data sent to platforms like Meta to improve match quality. Enrichment is strictly consent- and region-aware and disabled where required by law.

5. Cookies & Tracking

SessionFlow uses first-party cookies and similar technologies necessary for core functionality. Non-essential processing is restricted based on consent signals provided via Shopify Customer Privacy API or merchant CMPs.

6. Consent Withdrawal

If consent is withdrawn, SessionFlow immediately disables any processing relying on that consent. Previously processed data is not retroactively deleted unless required by law.

7. Data Retention

Data is retained only as long as necessary to provide the service. Logged-in identifiers persist until account deletion. Anonymous identifiers are retained for limited periods.

8. Sharing & Subprocessors

SessionFlow uses vetted infrastructure providers and subprocessors bound by contractual safeguards. No data is sold or shared across merchants.

9. International Transfers

Data may be processed in the United States or other jurisdictions using appropriate legal safeguards.

10. User Rights

Users should contact the merchant directly to exercise their privacy rights. SessionFlow assists merchants in fulfilling valid requests.

11. Security

SessionFlow applies industry-standard security measures to protect personal data.

12. Changes

This policy may be updated periodically.

13. Contact

support@getsessionflow.com

Copyrights by SessionFlow, All rights reserved

Copyrights by SessionFlow, All rights reserved

Copyrights by SessionFlow, All rights reserved