Privacy Policy

Last updated: December 2024

Introduction

ElitePopup ("we", "us", "our", or "Company") operates a Shopify popup builder and delivery platform. This privacy policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Service").

Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our Service. By accessing and using ElitePopup, you acknowledge that you have read and understood this privacy policy.

We may change this privacy policy from time to time. Your continued use of the Service following the posting of revised privacy policy means that you accept and agree to the changes.

Information We Collect

Account Information

When you create an ElitePopup account, we collect:

  • Email address (required)
  • Password (securely hashed and never stored in plain text)
  • First name and last name
  • Profile picture (optional)
  • Account creation and last sign-in dates
  • If you sign up via Google OAuth: your Google profile ID, email address, and profile image

Shopify Store Data

ElitePopup integrates with Shopify stores to enable popup functionality. When you connect your Shopify store, we collect and access:

  • Shop ID and basic shop information
  • Products information (read-only access)
  • Orders information (read-only access)
  • Discounts information (read-only access)
  • Shop settings and customization preferences
  • User permissions for shop management

Important: We only request read-only access to your shop data. We do not create, modify, or delete any data in your Shopify store without your explicit action.

Visitor Data and Analytics

When your popups are displayed to your store visitors, we collect analytical data to help you understand popup performance:

  • Visitor ID (a unique identifier generated for each visitor)
  • Page path and URL where the popup was displayed
  • Device type (mobile or desktop)
  • Timezone information
  • User agent and browser information
  • Country information (derived from IP geolocation)
  • Popup interaction events (views, clicks, dismissals)
  • Form submissions from popups
  • Time and date of interactions
  • Session information

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to remember visitor preferences, track campaign performance, and analyze usage patterns. These include:

  • Session cookies (deleted when you close your browser)
  • Persistent cookies (stored on your device for extended periods)
  • JWT tokens for authentication and security
  • Local storage for visitor preferences and campaign data

Most web browsers are set to accept cookies by default. If you prefer, you can typically set your browser to remove cookies and to reject cookies from our Service.

Form Submissions

When visitors submit forms through popups, we collect the form data as configured by you. This may include:

  • Email addresses
  • Names and contact information
  • Custom form fields you define
  • Quiz answers and responses
  • Any other information included in your popup forms

Automatically Collected Information

When you interact with our Service, we automatically collect certain information about your device, including:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Pages visited and time spent on pages
  • Search queries
  • Other browsing information

How We Use Your Information

We use the information we collect for various purposes:

Service Delivery and Account Management

  • To create and manage your ElitePopup account
  • To provide and maintain the Service
  • To authenticate users and prevent fraud
  • To process your transactions and send related information
  • To allow you to participate in interactive features of the Service

Communication

  • To send you service-related announcements and updates
  • To respond to your inquiries and support requests
  • To send marketing communications (with your consent)
  • To notify you about changes to our policies or terms

Improvement and Analytics

  • To understand how users interact with our Service
  • To monitor and analyze trends, usage, and activities
  • To measure the effectiveness of marketing campaigns
  • To develop new features, products, and services
  • To improve user experience and security
  • To diagnose and fix technical problems

Shopify Integration

  • To display popups on your Shopify store
  • To analyze popup performance and visitor behavior
  • To help you optimize your marketing campaigns
  • To sync campaign data with your Shopify store
  • To comply with applicable laws and regulations
  • To enforce our Terms of Service and other agreements
  • To protect against fraud, security, or technical issues
  • To respond to legal requests and court orders

Data Storage and Security

Where We Store Your Data

Your information is stored in multiple secure locations:

  • PostgreSQL Database: Primary storage managed by the Gadget platform
  • Cloudflare R2 Buckets: Campaign configurations and targeting rules
  • Cloudflare Workers: Edge computing for popup delivery
  • Browser Storage: Session tokens and visitor preferences stored locally

Security Measures

We implement comprehensive security measures to protect your information:

  • End-to-end encryption for data in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Password hashing using industry-standard algorithms
  • JWT-based authentication for API security
  • Regular security audits and updates
  • Access controls limiting data access to authorized personnel only
  • Secure session management with automatic expiration
  • CSRF protection and input validation

Important Security Note

While we strive to use commercially reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your password and account credentials.

Data Sharing and Third Parties

Shopify

ElitePopup is a Shopify app and integrates directly with your Shopify store. When you use our Service, you authorize us to:

  • Access your shop data through Shopify's API
  • Display popups in your store using Shopify theme extensions
  • Sync campaign and visitor data with Shopify
  • Use Shopify webhooks for real-time data synchronization

Your use of Shopify is governed by Shopify's privacy policy. Please review Shopify's Privacy Policy for information about how Shopify handles your data.

Cloudflare

We use Cloudflare's services for edge computing and content delivery:

  • Cloudflare Workers: Processes popup delivery requests at edge locations
  • Cloudflare R2: Stores campaign configurations and targeting rules

Cloudflare may process some of your data as a data processor. Visit Cloudflare's Privacy Policy for details about how Cloudflare handles data.

Gadget Platform

ElitePopup is built on the Gadget platform, which provides backend infrastructure:

  • Database hosting and management
  • Authentication services
  • API generation and hosting
  • Automatic data backups

Visit Gadget's Privacy Policy for information about their data handling practices.

Other Service Providers

We may share limited information with trusted third-party service providers who assist us in operating our Service, such as:

  • Payment processors (if applicable)
  • Email service providers
  • Analytics providers
  • Customer support platforms
  • Hosting providers

These service providers are contractually obligated to use your information only for the purposes necessary to provide services to us and must maintain the confidentiality of your information.

We Do Not Sell Your Data

We do not sell, trade, or rent your personal information to third parties. We do not share your information with unaffiliated third parties for their direct marketing purposes without your explicit consent.

We may disclose your information when required by law or in good faith believing that such disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes
  • Respond to lawful requests from government authorities
  • Enforce our Terms of Service and other agreements
  • Protect the safety, rights, and property of ElitePopup, our users, or the public
  • Detect, prevent, or address fraud, security, or technical issues

Your Rights and Data Subject Protections

GDPR Rights (European Users)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) grants you the following rights:

Right of Access

You have the right to request access to your personal data that we hold. You may request confirmation of whether we process your data and receive a copy of your data in a structured, commonly used format.

Right to Rectification

You have the right to request that we correct inaccurate or incomplete personal data concerning you.

Right to Erasure ("Right to be Forgotten")

Under certain circumstances, you have the right to request that we delete your personal data. This right may not apply if we need to retain your data for legal, contractual, or legitimate business reasons.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller without hindrance from us.

Right to Object

You have the right to object to our processing of your personal data for direct marketing purposes and certain other processing activities.

Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of contested data.

CCPA Rights (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

Right to Know

You have the right to request what personal information we collect, use, and share about you.

Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions such as if the information is needed to fulfill your requests or comply with legal obligations.

Right to Opt-Out

You have the right to opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising. We do not sell your data, but you may have rights related to how your data is used.

Right to Correct

You have the right to request that we correct inaccurate personal information about you.

Non-Discrimination

We will not discriminate against you for exercising your rights under the CCPA, GDPR, or other applicable privacy laws. We will not deny you service, charge different rates, or provide different quality of service based solely on your exercise of privacy rights.

How to Exercise Your Rights

To exercise any of these rights, please contact us at:

We will respond to your request within 30 days (or as required by applicable law). We may require you to verify your identity before processing your request.

Data Retention

Retention Periods

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this privacy policy. Retention periods vary based on the type of data:

Data TypeRetention Period
Account InformationWhile your account is active, plus 30 days after deletion
Campaign and Popup DataWhile you maintain an active account
Visitor Analytics12 months by default (configurable)
Form Submission DataUntil you request deletion or as per your retention settings
Log Files and Technical Data30 days to 90 days
GDPR Data Deletion RequestsProcessed immediately (subject to legal hold requirements)

Account Deletion

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or legitimate business purposes.

International Data Transfers

Cross-Border Transfers

ElitePopup operates globally, and your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws than your home country.

GDPR-Compliant Transfers

For transfers of personal data from the EU/EEA, we rely on appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Supplementary measures to address Schrems II requirements
  • Data Processing Agreements (DPAs) with our service providers

By using ElitePopup, you consent to the transfer of your personal data outside of the EU/EEA as described above.

Children's Privacy

ElitePopup is not intended for children under 13 years old (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without parental consent, we will promptly delete such information.

If you believe we have collected information from a child, please contact us immediately at contact@elitecart.app.

Our Service may contain links to third-party websites and services that are not operated by us. This privacy policy does not apply to third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites before providing your personal information.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service following the posting of revised privacy policy constitutes your acceptance of those changes.

For material changes that significantly affect your privacy rights, we will provide you with prominent notice and may require your consent to the changes.

Contact Information

If you have questions about this privacy policy, concerns about our privacy practices, or wish to exercise your rights, please contact us at:

ElitePopup Privacy Contact

Email: contact@elitecart.app

Website: www.elitepopup.com

Response Time: We aim to respond to all privacy inquiries within 30 days.

Data Protection Officer

If you have concerns about how we handle your data and our responses are unsatisfactory, you also have the right to lodge a complaint with your local data protection authority.

Additional Information

Shopify App Privacy Requirements

ElitePopup is a Shopify app and complies with Shopify's app privacy requirements and policies. This privacy policy is presented to users as required by Shopify, and we adhere to Shopify's Partner Program Agreement.

Questions or Concerns?

If you have any questions about this privacy policy or our privacy practices, please don't hesitate to contact us. We take your privacy seriously and are committed to maintaining transparency and protecting your personal information.