Data Policy

Last updated: January 2026

This Data Policy explains what data Zolvio collects, how we process it, and how we protect it. This supplements our Privacy Policy with technical details.

Data Collection Methods

Session Recording Script

When you install Zolvio, a JavaScript snippet is added to your store that:

  • Captures DOM changes and user interactions
  • Records mouse movements and click positions
  • Tracks scroll behavior
  • Collects device and browser metadata
  • Uses batching and compression to reduce network overhead

Heatmap Data

Click and scroll events are aggregated into heatmaps showing:

  • Click density by page area
  • Scroll depth percentages
  • Element interaction frequency

A/B Testing Script

When A/B testing is enabled, a script on your storefront may:

  • Assign a visitor to a variant (sticky assignment)
  • Apply a visual modification (text/style/visibility, etc.)
  • Track exposures and goal events for attribution

AI Audit Data

During audits, we analyze:

  • Page HTML structure
  • Visual screenshots
  • Performance metrics
  • Content and copy

Data Masking

We automatically mask sensitive information:

  • Text inputs: All text typed into form fields is replaced with asterisks
  • Credit cards: Payment fields are excluded from recording
  • Passwords: Password fields are never captured
  • Custom masking: You can mark additional elements to exclude

We also apply server-side redaction as a safety net to reduce the risk of sensitive information being stored if it slips past client-side masking.

URL and Metadata Privacy

  • Path-only URLs: for analytics and experimentation data, we minimize URL storage by using path-only URLs (we avoid storing query strings, which can contain sensitive information).
  • Sensitive routes: we block known sensitive paths (for example checkout and account-like routes) from being recorded or used for analytics.
  • Approximate location: we may derive a country-level code from network headers (when available) to support segmentation and reporting.

Browser Storage

Zolvio may use browser storage to improve reliability and consistency (for example: localStorage, sessionStorage, and IndexedDB). Typical uses include:

  • Persisting a pseudonymous visitor ID
  • Maintaining session continuity across page loads
  • Retrying event delivery if the network is unavailable
  • Keeping A/B test assignment consistent

Data Storage

Location

Zolvio uses cloud infrastructure to store and process data. Data residency and storage locations can depend on the service providers and configurations in use.

Encryption

  • In transit: TLS
  • At rest: encryption (where supported by our infrastructure)

Retention Periods

PlanRetention
Free7 days
Starter30 days
Growth60 days
Pro180 days

After the retention period, data is scheduled for deletion. For details by data type (including screenshots and aggregated analytics), see our Data Retention Policy.

Data Access

Access to your data is restricted to:

  • Authorized users on your Shopify store
  • Zolvio engineering team (for support and maintenance)
  • Automated systems for processing

Third-Party Services

We use third-party services (“subprocessors”) to operate and improve Zolvio. Depending on the features you use, these may include:

  • Cloud hosting, databases, and storage: to store and process your data
  • AI providers: to generate audit outputs and recommendations (we aim to send only what is needed)
  • Shopify: for authentication, billing, and platform integrations
  • Monitoring and support tooling: to keep the service reliable and respond to incidents

We maintain a current list of subprocessors and can provide it on request at privacy@zolvio.io.

Data Export

You can export certain data from within the app (where supported):

  • Survey responses can be exported (CSV/JSON)
  • A/B test results and events can be exported (CSV/JSON)

For other requests (including DSAR-related access/export), contact privacy@zolvio.io.

Data Deletion

Request complete data deletion by:

  1. Using in-app deletion controls (where available)
  2. Uninstalling the Zolvio app
  3. Contacting us at privacy@zolvio.io

Deletion timing can vary depending on data category, retention windows, and legal/security obligations.

Compliance

Zolvio is designed to help you comply with:

  • GDPR (EU General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Shopify's app requirements

Contact

For data-related questions, contact us at privacy@zolvio.io