Legal

Privacy Policy

UTM Bridge - Shopify App

Last Updated: March 2, 2026

1. Introduction

UTM Bridge (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our Shopify application.

2. Information We Collect

UTM Bridge collects the following types of information to provide our marketing attribution services:

  • UTM Parameters: Campaign tracking parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term) from visitor sessions
  • Order Information: Order IDs to associate UTM data with completed purchases for attribution purposes
  • Shop Information: Your Shopify store domain and configuration preferences
  • Session Data: Authentication tokens required to operate within your Shopify admin

Important: We do not collect or store customer personal information such as physical addresses or payment information. We do store customer email addresses and order-linked attribution metadata (for example, UTM parameters and processing status) to provide attribution syncing and compliance operations such as data requests and redaction.

3. How We Use Your Information

We use the collected information to:

  • Provide marketing attribution tracking between ad campaigns and orders
  • Sync UTM data with integrated marketing platforms (e.g., HubSpot)
  • Display attribution analytics in your Shopify admin dashboard
  • Maintain and improve our application’s functionality

4. Data Sharing

We do not sell, trade, or otherwise transfer your information to third parties except:

  • To integrated marketing platforms you explicitly connect (e.g., HubSpot)
  • When required by law or to protect our rights
  • To service providers who assist in operating our application (under strict confidentiality agreements)

5. Data Retention

We retain your data for as long as you have the UTM Bridge app installed on your Shopify store. Upon uninstallation:

  • Session and authentication data is deleted immediately
  • Attribution data and shop configuration is deleted within 48 hours

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure database storage with access controls
  • Regular security audits and updates

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability

To exercise these rights, please contact us using the information below.

8. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and the right to request deletion. We do not sell personal information.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@utmbridge.com