Privacy Policy

Last updated: April 2, 2026

Poppitin ("we", "our", or "us") provides a Shopify app that allows merchants to add email capture forms to their store without writing any code. This privacy policy explains what data we collect, how we use it, and your rights. It applies to Shopify merchants who install Poppitin and to the end customers of those merchants.

1. Data collected via Shopify APIs

When a merchant installs Poppitin, we access data through Shopify's APIs solely to operate the app. This includes store details required to configure and display forms correctly within the storefront. We request only the minimum access scopes necessary and do not access payment information beyond what is required to deliver the service.

2. Data collected directly from merchants

We collect the following information directly from merchants who install Poppitin:

  • Email address and basic account details provided during onboarding
  • Form configurations and settings created in the dashboard
  • Automated logs of merchant activity within the Poppitin dashboard

This data is used solely to provide, maintain, and improve the Poppitin service.

3. Data collected from merchants' customers

When Poppitin is active on a merchant's storefront, the app may collect the following data from shoppers:

  • Email addresses submitted voluntarily through Poppitin forms
  • Form performance data used to provide merchants with analytics
  • Session data used to support app functionality within the storefront

Email addresses collected through Poppitin forms are delivered to the merchant's chosen email platform. Poppitin does not use customer data for any purpose other than operating the app on the merchant's behalf.

4. How we use the data we collect

Data is used to deliver and operate the Poppitin service; provide merchants with form performance analytics; respond to support requests; and comply with legal obligations. We analyse aggregate, anonymised usage data to improve the product. We do not sell personal data to third parties, and we do not use merchant or customer data for advertising purposes.

5. Data retention

Merchant configuration data is retained for the duration of the app installation and deleted within 30 days of uninstallation unless a longer retention period is required by law. Customer email addresses are not stored by Poppitin beyond delivery to the merchant's email platform. Anonymised, aggregate analytics data may be retained for product improvement purposes. You may request deletion of your data at any time by contacting us.

6. Shopify GDPR webhooks

In compliance with Shopify's requirements, Poppitin responds to the following mandatory data webhooks:

  • customers/data_request — when a merchant requests an export of data Poppitin holds about one of their customers, we provide that data within the required timeframe.
  • customers/redact— when a merchant requests deletion of a customer's data, we permanently delete any associated records.
  • shop/redact — when a merchant uninstalls Poppitin and requests full data removal, we delete all associated merchant and store data within 30 days.

7. International data processing

Poppitin may process data outside of your country or the European Economic Area. Where data is transferred internationally, we apply appropriate safeguards to ensure an equivalent level of protection in accordance with applicable privacy law, including GDPR and CPRA. If you require information about the specific transfer mechanisms we use, please contact us.

8. Cookies and session data

The Poppitin app may use cookies or similar technologies within merchant storefronts to support app functionality. No cross-site tracking, advertising cookies, or third-party analytics are used. No cookies are set on this website (poppitin.com).

9. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict the processing of your personal data. You may also have the right to object to certain processing or withdraw consent. To exercise any of these rights, contact us at the address below. We will respond within the timeframe required by applicable law (typically 30 days).

10. Third-party services

Poppitin integrates with third-party email marketing platforms selected by the merchant. Data passed to these platforms is governed by their respective privacy policies. Poppitin is not responsible for the privacy practices of third-party services chosen by merchants.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to merchants via email or an in-app notice ahead of the changes taking effect. Continued use of Poppitin after changes take effect constitutes acceptance of the updated policy.

12. Contact

For privacy questions, data requests, or concerns, please contact us at support@poppitin.com. Some jurisdictions require a physical mailing address — please reach out if you need this for compliance purposes and we will provide it.