Privacy Policy

Last updated: December 2024

Zolvio ("we", "our", or "us") is a Shopify app that helps merchants understand visitor behavior and improve conversion. This Privacy Policy explains how we collect, use, share, and retain information when merchants use Zolvio and when visitors interact with a merchant’s storefront where Zolvio is installed.

Information We Collect

From Merchants (You)

  • Shopify store information (store name, domain, email)
  • Billing information (handled by Shopify)
  • Usage data within our app

From Your Store Visitors

  • Interaction data (mouse movements, clicks, scroll behavior, navigation)
  • Device and browser metadata
  • Approximate location (for example, country level)
  • Pseudonymous identifiers used to keep sessions consistent across pages

What We Do NOT Intend to Collect

  • Credit card numbers or payment details
  • Passwords or login credentials
  • Raw form input values (text fields are masked)

No analytics tool can guarantee that sensitive information is never exposed in all circumstances. Zolvio is designed to reduce risk through masking, exclusions, and server-side redaction, but merchants must configure consent and disclosures appropriately.

Data Minimization and Safety Controls

  • Consent-first: where required, data collection is designed to run only when the visitor’s consent allows it.
  • Sensitive pages: we block known sensitive paths (for example checkout and account-like routes) from being recorded or used for analytics.
  • URL privacy: we minimize URL storage by using path-only URLs (we avoid storing query strings in analytics/experimentation data because they can contain sensitive information).
  • Masking & redaction: we mask form inputs and apply server-side redaction as a safety net.

How We Use Information

  • To provide session recordings and heatmaps
  • To run AI-powered store audits
  • To enable A/B testing features
  • To generate guided fix recommendations
  • To improve our service

Cookies and Similar Technologies

Zolvio uses browser storage and similar technologies (for example cookies, localStorage, sessionStorage, or IndexedDB) to support features like session continuity, experiment assignment, and reliable event delivery. You should disclose these technologies in your storefront policies where required.

Merchant Responsibilities

Merchants are responsible for configuring any required consent mechanisms and for updating storefront privacy disclosures. See our Privacy & Compliance docs for a checklist.

Data Storage and Security

We use industry-standard security measures to protect your data:

  • Data encrypted in transit (TLS)
  • Data encrypted at rest (where supported by our infrastructure)
  • Access controls and authentication
  • Monitoring and incident response practices

Data Retention

We retain session-related data based on your plan retention period. After the retention period, data is scheduled for deletion. For more detail by data category, see our Data Retention Policy.

Data Sharing

We do not sell your data. We may share data with:

  • Service providers who help us operate (hosting, analytics)
  • Law enforcement when required by law

Your Rights

You have the right to:

  • Access your data
  • Request deletion of your data
  • Export your data (where supported)
  • Opt out of certain data collection

Merchants can request deletion from within the app (where available) and can also contact us at privacy@zolvio.io for help with requests.

GDPR Compliance

For EU/UK users, merchants are typically the data controller for storefront interaction data and Zolvio acts as a processor. Processing bases may include consent (where required), contractual necessity, and legitimate interests, depending on the context. Consult counsel for your specific obligations.

Contact Us

For privacy questions or data requests, contact us at privacy@zolvio.io