Privacy Policy

1. Introduction

UTM Bridge (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains the categories of information we process, why we process it, and how we safeguard it when you use our Shopify application.

2. Information We Collect

UTM Bridge processes the following categories of information to provide attribution syncing and validation services for merchants:

• Session and Attribution Data: Campaign tracking parameters, landing pages, referrers, and related attribution signals from store visits
• Order and Contact Identifiers: Order IDs, order timestamps, and customer email addresses used to associate attribution with completed orders and merchant-connected CRM records
• Shop and Integration Configuration: Your Shopify store domain, app preferences, and the integration settings you authorize us to use
• App Session and Support Data: Authentication tokens required to operate within your Shopify admin and limited operational records used to maintain and secure the app

Important: We do not process payment card data, government-issued identifiers, or full physical addresses to provide the app. We do process customer email addresses and order-linked attribution metadata when needed to deliver attribution syncing, validation, and Shopify privacy compliance workflows.

3. How We Use Your Information

We use the collected information to:

• Associate marketing activity with Shopify orders
• Send attribution data to merchant-connected integrations such as HubSpot
• Show attribution status, validation, and troubleshooting information inside the app
• Maintain and improve our application’s functionality
• Respond to Shopify privacy, data request, and redaction obligations

4. Data Sharing

We do not sell, trade, or otherwise transfer your information to third parties except:

• To merchant-connected integrations you explicitly authorize (for example, HubSpot)
• When required by law or to protect our rights
• To service providers who help us host, secure, and operate the application

5. Storefront Consent Choices

UTM Bridge is designed to honor Shopify customer privacy settings. When a merchant requires consent for analytics or marketing processing and a visitor declines or withdraws that consent, certain non-essential attribution data may not be captured for that session.

This means an order may still be recorded in Shopify while attribution details are unavailable for privacy-limited sessions. Merchants remain responsible for configuring their Shopify privacy notices and consent experiences.

6. Data Retention

We retain your data for as long as you have the UTM Bridge app installed on your Shopify store and as long as needed to provide the service and meet our legal obligations. Upon uninstallation:

• Session and authentication data is deleted immediately
• Attribution data and shop configuration is deleted within 48 hours

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure database storage with access controls
• Regular security audits and updates

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability

To exercise these rights, please contact us using the information below.

9. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@utmbridge.com