Last updated: 8 June 2026
Our guiding principle is simple, and it's the whole point of the product: we store no shopper personal data. No names, no emails, no addresses, no payment details, no IP addresses, no cross-site tracking.
Cartback ("Cartback", "we", "us") is a Shopify app that shows on-site cart-recovery nudges and reports the order revenue those nudges influenced. This policy explains exactly what data the app touches, what it stores, and what it deliberately does not collect.
When you install Cartback on your store, you (the merchant) are the data controller for your store and your shoppers. Cartback acts as a data processor that handles a small amount of store and order data on your behalf, only to provide the app's features. The app developer is Stephen Evans. Questions: stephenevans2706@gmail.com.
Cartback requests a single Shopify scope: read_orders. It uses no other
scopes. It does not request access to customers, products, themes, inventory,
or payment data. We subscribe to these Shopify webhooks:
| Webhook | Why |
|---|---|
orders/create | The attribution core — reads a new order to see whether a nudge influenced it (see §3). |
app/uninstalled | Clean up your session when you remove the app. |
app/scopes_update | Keep our record of granted scopes current. |
customers/data_request, customers/redact, shop/redact | Shopify's mandatory privacy/GDPR topics (see §6). |
We store the minimum needed to run the app. Concretely, three things:
a) Your store session. Your myshopify.com domain, the Shopify
API access token issued to the app, and the scopes you granted. This is what lets the app
authenticate to Shopify on your behalf. It contains no shopper data.
b) Influenced-order records. When a Cartback nudge fires on your storefront,
the engine tags the shopper's cart with a first-party cart attribute (__rescue)
recording which nudge fired and when — nothing about the
shopper. If that cart becomes an order within 60 minutes, we record a single ledger row
containing only: your shop domain, the numeric Shopify order id (used solely
to avoid counting the same order twice), the order total, which
nudge influenced it, and the date. It does not store
the customer's name, email, address, phone, line items, or payment information.
c) Per-day aggregates. Daily per-shop counters: influenced orders, influenced revenue, nudges shown, and shopper returns. Sums and counts — no per-shopper rows.
That's the complete list. There is no other shopper- or order-level data anywhere in the system.
The on-site nudges run as a small first-party script on your storefront. To behave politely
it keeps a few flags in the shopper's own browser (localStorage /
sessionStorage) — for example, "this shopper already dismissed the bar this session".
These flags stay on the shopper's device and are never sent to us as identity,
contain no personal data (just booleans/timestamps and an A/B bucket letter),
and are not cookies used for cross-site tracking or advertising.
When a nudge is shown, the script may send a tiny signed telemetry beacon
through Shopify's app proxy carrying a single event type — impression
or return — and nothing else. There is no identifier in the beacon, and previews
send no beacon at all.
To be explicit, Cartback does not collect, store, sell, or share any of the following: shopper names, emails, phone numbers, billing or shipping addresses, order line items, payment or card data, IP addresses, device fingerprints, geolocation, or browsing history. We run no advertising or analytics SDKs that profile shoppers, and we do not build cross-site or cross-store profiles.
app/uninstalled and we delete your store session immediately.shop/redact and we delete all data for your shop — session, influenced-order ledger, and aggregates. Nothing is retained.customers/data_request and customers/redact: because we hold no shopper-level personal data, there is nothing to export or erase. We acknowledge these requests as Shopify requires, and log nothing personal.We rely on infrastructure providers to run the service: Shopify (the platform and the source of the order webhook) and our application host and database provider (runs the app server and stores the data in §3, encrypted in transit over HTTPS/TLS). We do not share your data with any other third parties, and we do not use it for advertising.
Access tokens and stored data are held in our database and transmitted only over encrypted connections. Inbound webhooks and app-proxy requests are verified with Shopify's HMAC signatures, so we only act on genuine Shopify traffic.
Your data is processed in the region where our host operates. If you have specific data-residency requirements, contact us at stephenevans2706@gmail.com before installing.
Cartback is a merchant tool and is not directed at children. It collects no data about any individual, including children.
If we change what data the app handles, we will update this page and revise the "Last updated" date above. Material changes will be reflected in the app listing.