Privacy Policy

Effective date: May 1, 2026

Consentico is a cookie consent and compliance app for Shopify merchants. We're a privacy-first product, which means we put serious effort into not collecting data. This page describes what we collect, why, and what we do with it.

Who this policy covers

This policy applies to two distinct groups of people:

  • Merchants — Shopify store owners who install Consentico on their store.
  • Storefront visitors — people who visit a Shopify store with Consentico installed and see the cookie banner.

What we collect from merchants

When you install Consentico, Shopify provides us with:

  • Your shop domain (e.g. example.myshopify.com)
  • Shop name, contact email, primary domain, country, currency, and timezone
  • An OAuth access token used to call Shopify's Admin API on your behalf

Access tokens are encrypted at rest using AES-256-GCM with a key unique to our deployment. We use the Shopify Admin API only to (a) read the cookies and scripts on your storefront when you trigger a scan, (b) write banner configuration to a shop metafield so the storefront can render it without an extra API call, and (c) sync banner status (e.g. whether the app embed is enabled).

We also store the configuration you set in the app — banner colors, text, enabled categories, geo-targeting preferences, and so on. None of this is shared with third parties.

What we collect from storefront visitors

When a visitor lands on a Shopify store with Consentico installed, we may record:

  • An anonymous visitor ID — a random identifier generated in the visitor's browser. We don't know who this person is, and the ID isn't linked to any Shopify customer record.
  • Their consent decision — whether they accepted or rejected each cookie category, and the timestamp.
  • A salted SHA-256 hash of their IP address, truncated to 128 bits. We never store the raw IP. The hash is keyed with a deployment-unique salt so it can't be cross- referenced against other databases.
  • A truncated user agent (first 200 characters), and their detected country or US state for geo-targeting.
  • Banner impressions — aggregate counters of how many times the banner was shown. These are intentionally identifier-free.

We do not set tracking cookies on storefront visitors. We do not run pixels. We do not sell, share, or rent any of this data.

Why we collect it

The visitor data above is what makes Consentico useful as a compliance tool: when a regulator or a data subject asks the merchant "did this visitor consent?", the merchant can point to the consent log. The hashed IP and consent timestamp are the audit trail GDPR Article 7(1) requires merchants to keep.

We do not use this data for any other purpose. We do not aggregate it across merchants. We do not build profiles. We do not sell it.

How long we keep it

Consent log retention follows your plan:

  • Free — 30 days
  • Pro — 365 days
  • Business — unlimited (until you delete)

When you uninstall Consentico, we delete every row of merchant data (consent logs, cookie scans, settings) within seconds, in a single transaction. Shopify also sends us a shop/redactwebhook 48 hours later as a backstop, and we run the same purge again to catch anything that landed in between.

Where data is stored

We host on Railway (US) with PostgreSQL for durable storage and Redis for caching and rate limiting. Both are hosted in the United States. We use Cloudflare for DNS and CDN. Outbound email is sent via Resend.

Sub-processors

The following third parties process data on our behalf:

  • Shopify Inc. — app distribution, billing, OAuth, webhooks
  • Railway Corp. — application hosting, Postgres, Redis
  • Cloudflare Inc. — DNS, CDN, edge geolocation
  • Resend Inc. — transactional email delivery

We'll update this list when it changes and post the change in our changelog.

Your rights

For merchants: you can delete all of your data at any time by uninstalling the app. You can also email us at support@consentico.com and we'll handle any GDPR Article 15 (access) or Article 17 (erasure) request within 30 days.

For storefront visitors: contact the merchant whose store you visited. They are the data controller; we are the data processor. Merchants have an in-app DSAR endpoint that lets them look up and delete every row tied to a given anonymous visitor ID.

Children

Consentico is not directed at children. We don't knowingly collect data from anyone under 16.

Changes

We'll post material changes to this policy on this page and update the effective date. For merchants on a paid plan, we'll also send an email.

Contact

Questions, requests, or concerns: support@consentico.com.