Legal

Privacy Policy

Last updated: May 29, 2026

This policy explains what data the Pixel Countdown Timer Bar app ("Pixel", "we", "us") collects, how we use it, and the choices you have. The short version: we collect no personal data about your shoppers — only what's needed to run your timers and prove the revenue they drive.

Overview

Pixel is a countdown-timer app for Shopify stores. It adds timer bars to a merchant's storefront and attributes the revenue those timers drive. To do that, Pixel processes a small, deliberately minimal set of data. We designed the app so its data footprint stays small: we do not collect names, email addresses, postal addresses, IP-based profiles, or payment details of your shoppers.

💡 In one line: the only shopper-side identifier Pixel uses is a random, opaque token stored in the shopper's own browser — it isn't linked to any person, and we never receive customer contact or payment information from Shopify.

Who this applies to

This policy covers two groups:

  • Merchants — Shopify store owners who install and use Pixel. You are the data controller for your store and shoppers; Pixel acts as your data processor for the storefront data described below.
  • Shoppers — visitors to a merchant's storefront who see or interact with a Pixel timer. Pixel processes a minimal amount of non-identifying interaction data about shoppers on the merchant's behalf.

Information we collect

A. Merchant & store data

When you install and use Pixel, we receive and store:

  • Store identifiers — your .myshopify.com domain, shop name, and store-owner email, provided by Shopify during authentication.
  • Authentication token — a Shopify access token used to call Shopify's APIs on your behalf. It is encrypted at rest (AES-256-GCM).
  • Billing details — your selected plan and Shopify subscription identifier. Payments are processed entirely by Shopify; we never see or store your card details.
  • App configuration — the timers you create (internal names, messages, styling, placement and targeting rules) and your email-report preferences, including the recipient email address you choose.

B. Storefront & shopper data

Through the timer widget on your storefront, Pixel collects only non-identifying data:

  • An opaque shopper token — a randomly generated value stored in the shopper's browser (cookie + local storage) and written to the cart as an attribute. It distinguishes one browser from another for attribution. It is not tied to a name, email, account, or any identity.
  • Timer interaction events — impressions and clicks, recorded with the timer's ID, its placement, the page path, and a timestamp.
  • Attribution data — when an order is placed, the Shopify order ID and the order total of orders matched to a prior timer click, so we can report attributed revenue.
⚠️ Pixel does not collect or store a shopper's name, email, address, payment information, or any cross-site advertising identifiers. Our servers keep standard, short-lived technical request logs for security and reliability, which are not used to identify shoppers.

How we use information

We use the data above only to operate and improve the service:

  • Serve your timers to your storefront and run their countdowns.
  • De-duplicate impressions and attribute revenue to the timer that drove it.
  • Power your analytics dashboard (impressions, clicks, CTR, attributed revenue).
  • Send the email reports you've enabled, to the address you provide.
  • Provide support and respond to your requests.
  • Manage billing and your subscription through Shopify.
  • Maintain security, prevent abuse, and debug issues.

We do not use your data or your shoppers' data for advertising, profiling, or any purpose unrelated to running Pixel.

Cookies & local storage

On a merchant's storefront, the Pixel widget sets first-party storage only:

  • _pulse_shopper — a first-party cookie + local-storage value (also written to the cart as an attribute) holding the opaque shopper token. Purpose: attribution. It carries no personal data.
  • A short-lived sessionStorage entry used to avoid counting the same impression twice on a single page load.

Pixel uses no third-party, advertising, or cross-site tracking cookies. A shopper can clear these at any time through their browser; doing so simply resets the anonymous token.

Shopify data & permissions

Pixel requests the minimum Shopify access scopes it needs:

  • read_orders — to match orders to timer clicks and report attributed revenue. We read order identifiers and totals; we do not read or store customer contact or payment fields.
  • read_products — to render timers correctly alongside your catalog.
  • read_themes — to integrate the timer blocks with your storefront theme.

Storefront requests between your shop and Pixel travel through Shopify's signed app proxy and are verified server-side, so forged requests are rejected. Pixel also subscribes to Shopify's orders/create webhook (for attribution), the app/uninstalled webhook, and Shopify's mandatory privacy-compliance webhooks (see Data retention).

Service providers (subprocessors)

We rely on a small set of vetted providers that process data on our behalf, under contracts requiring them to protect it:

ProviderPurpose
Shopify Inc.App platform, authentication, and billing
Cloud hosting & managed PostgreSQLRuns the app and stores your app data
ResendDelivers the email reports you enable
SentryError monitoring and diagnostics

How we share data

We do not sell your data or your shoppers' data, and we never share it for advertising. We disclose data only:

  • to the service providers listed above, strictly to operate Pixel;
  • when required by law, regulation, or valid legal process;
  • to protect the rights, safety, or security of Pixel, our users, or the public; or
  • in connection with a merger, acquisition, or sale of assets, in which case we will notify you and this policy will continue to govern your data.

Data retention & deletion

We retain your app data for as long as Pixel is installed on your store. When you uninstall:

  • Shopify sends us a shop/redact request approximately 48 hours after uninstall.
  • On receiving it, we purge your store's data — your merchant record and all related timers, impressions, clicks, audit events, and sessions — within the timeframe Shopify requires (no later than 30 days).

Pixel also honors Shopify's mandatory compliance webhooks. Because we store no shopper PII, the customer-scoped requests have nothing to return or erase:

  • customers/data_request — no customer personal data is held, so there is nothing to provide.
  • customers/redact — no customer personal data is held, so there is nothing to delete. The shopper token lives only in the shopper's own browser.
  • shop/redact — triggers the full purge described above.

You can also request deletion at any time by emailing us (see Contact us).

Data security

  • Encryption in transit — all traffic is served over HTTPS/TLS.
  • Encryption at rest — Shopify access tokens are encrypted with AES-256-GCM before they are stored.
  • Request verification — every storefront endpoint verifies Shopify's signed app-proxy HMAC signature, so unsigned or forged requests are rejected.
  • Least privilege — we request only the Shopify scopes we need and limit internal access to data.

No method of transmission or storage is perfectly secure, but we work to protect your data using industry-standard safeguards.

Your rights

Depending on where you live, you may have rights under laws such as the GDPR or CCPA/CPRA to access, correct, delete, export, or restrict the processing of your personal data.

  • Merchants — to exercise any of these rights, email us (see Contact us). Uninstalling the app and Shopify's compliance flow will also delete your store's data.
  • Shoppers — the only shopper-side identifier is the anonymous browser token, which you can remove yourself by clearing your browser's cookies and local storage. Because we hold no personal data tied to it, there is no identifiable shopper record for us to access or erase. Shoppers may also direct requests to the merchant whose store they visited, who can contact us on their behalf.

International data transfers

Pixel and its service providers may process and store data in countries other than your own. Where data is transferred across borders, we rely on appropriate safeguards (such as standard contractual clauses or our providers' equivalent mechanisms) to protect it.

Children's privacy

Pixel is a business tool for Shopify merchants and is not directed to children. We do not knowingly collect personal data from children. If you believe a child's data has reached us, please contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. When we do, we'll revise the "Last updated" date at the top of this page, and for material changes we'll provide a more prominent notice. Continued use of Pixel after an update means you accept the revised policy.

Contact us

Questions about this policy or your data? We're happy to help.

Email support@pixelspiece.com

Pixel Countdown Timer Bar — operated by Pixelspiece Solutions, [business address].

This policy describes Pixel's data practices and is provided for transparency. It is not legal advice; please have your own counsel review it and complete the bracketed details before publishing.

← Back to home Read the docs