$
Legal · Privacy

Privacy Policy

How BumpZen collects, uses, and protects your store data and your customers' data — in language you can actually read.

Last updated: April 6, 2026

In plain English

We receive your store data (orders, products, customers) from Shopify, Wix, or WooCommerce only to make the upsell features work. We don't sell it, we don't share it with advertisers, and we delete it within 30 days of you uninstalling. Every detail is below.

We don't sell data Not yours. Not your customers'. Ever.
Encrypted in transit TLS everywhere; access tokens stored encrypted.
30-day deletion Uninstall and your data is gone within 30 days.

This Privacy Policy describes how BumpZen ("we", "us", or "our") collects, uses, and shares information when you install and use our app on Shopify, Wix, or WooCommerce.

1

Information We Collect

Store and merchant data — When you install the app, we receive data from your platform (Shopify, Wix, or WooCommerce) via OAuth, including:

  • Store name, domain, and contact email
  • Product catalog (titles, prices, images, variants)
  • Order information necessary to trigger and track upsell offers
  • Access tokens required to communicate with your platform's API

Customer data — To display offers and measure cart, checkout, and post-purchase behavior, we may process:

  • Cart contents and anonymous session identifiers
  • Order details (order ID, items purchased) for post-purchase offers
  • For Shopify stores: customer event data emitted through the Shopify Web Pixel extension — such as page, checkout, cart, and order-status events — used to attribute upsell performance

We do not collect customers' payment card numbers, account passwords, or government-issued ID numbers.

Usage data — We collect aggregated analytics about how merchants use the dashboard (page views, feature usage) to improve the Service. This data is not linked to any individual end-customer.

2

How We Use Information

  • To provide, operate, and improve the Service
  • To display upsell and cross-sell offers on your storefront
  • To generate analytics and performance reports that are visible to you in the dashboard
  • To send transactional emails (account alerts, billing notices)
  • To comply with legal obligations and enforce our Terms of Service

We do not sell your data or your customers' data to third parties, and we do not share it with advertisers or data brokers.

3

Data Sharing

We share data only with a small set of providers required to run the Service:

  • Infrastructure providers — cloud hosting and database services used to run the app, all bound by data processing agreements
  • Analytics tools — aggregated, anonymized usage metrics only
  • Law enforcement — when required by valid legal process

Any third-party processor we use is contractually required to protect data to at least the same standard as this policy.

4

Data Retention

We retain merchant and store data for the duration of your subscription plus 30 days after uninstallation, after which it is securely deleted. Anonymized analytics data with no link to an identifiable merchant or customer may be retained indefinitely.

5

Cookies and Tracking

The storefront widget may set a session cookie or use localStorage to remember cart state across page loads. For Shopify stores using checkout extensibility, the app may also use a Shopify-hosted Web Pixel extension to receive Shopify customer events for analytics and upsell attribution. The merchant dashboard uses a server-side session cookie that is strictly necessary for authentication.

6

Security

We use industry-standard technical and organizational measures to protect data, including encryption in transit (TLS), encrypted storage of API access tokens, and access controls that limit data exposure to authorized personnel.

7

Your Rights

Depending on where you are located, you may have the right to:

  • Access the personal data we hold about your store
  • Request correction of inaccurate data
  • Request deletion of your data (right to erasure)
  • Object to or restrict certain processing

To exercise any of these rights, email hello@bumpzen.com. We aim to respond within 30 days.

8

GDPR and International Transfers

If you are located in the European Economic Area (EEA), we process your data on the lawful basis of contractual necessity (to provide the Service) and legitimate interests (to maintain and improve the Service). Data may be transferred to and processed in countries outside the EEA; where that happens, we use appropriate safeguards such as Standard Contractual Clauses.

9

CCPA (California Residents)

California residents may request disclosure of the categories and specific pieces of personal information we have collected, the purposes for collection, and any third parties with whom it was shared. We do not sell personal information as defined by the CCPA. To submit a request, email hello@bumpzen.com.

10

Children's Privacy

The Service is intended for merchants — business users — and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors.

11

Changes to This Policy

We may update this Privacy Policy from time to time. When changes are material, we will notify you via email or in-app notification at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

12

Contact Us

For privacy-related questions or requests, email hello@bumpzen.com and a real person will reply.

BumpZen
Pricing Terms of Service Contact