Privacy Policy

Effective date: 2026-06-03

Overview

DevIT Apps operates CompliAI Cookie Banner & GDPR for Shopify merchants. This policy explains how the app processes merchant account data, storefront consent data, and support requests.

Our role

For most storefront visitor consent data, the Shopify merchant is the controller or business and CompliAI acts as a service provider or processor. Merchants decide which notices, categories, regions, and privacy links apply to their store.

Data we process

The app may process the myshopify.com store domain, merchant configuration, Shopify access token, billing and plan state, cookie catalog records, banner settings, consent choices, consent version, consent timestamps, country or region signals, page URL, user agent, masked IP evidence, hashed visitor identifiers, and privacy requests submitted through the app.

Why we process it

We use this data to provide cookie banners, preference centers, region-based privacy rules, Google Consent Mode support, Shopify Customer Privacy API sync, script blocking controls, consent evidence logs, cookie policy snippets, billing administration, security monitoring, and merchant support.

Sharing and subprocessors

We do not sell personal data. Production hosting, database, email, monitoring, security, and infrastructure providers may process app data only as needed to operate, protect, and support the service. Shopify may process billing, installation, and app authorization data under Shopify's own terms.

Retention

Consent logs are retained according to each merchant's configured retention period and can be cleaned from the dashboard. When a merchant uninstalls the app or Shopify sends a required shop/redact compliance webhook, CompliAI removes the shop record and related app data from the active service, while limited backups and security logs may remain until they expire.

International processing

App data may be processed in countries where our infrastructure providers operate. We use reasonable safeguards from those providers and limit access to the data needed to run the service.

Rights and requests

Storefront customers should send privacy requests to the merchant that operates the store. Merchants can use the app's privacy request tools or contact us for help responding to access, deletion, correction, or opt-out requests.

Security

We use HTTPS, restricted administrative access, environment-based secret storage, hashed or masked visitor evidence where possible, and operational monitoring to protect app data. No internet service can guarantee absolute security.

Contact

Privacy questions can be sent to support@devitapps.com.