Privacy Policy

1. Introduction

TawnyWatch (hereinafter referred to as "TawnyWatch," "we," "us," or "our") is a Shopify app built and operated by Digitaliiz, a partner of Shopify Inc. Our primary objective is to provide Shopify apps (the "App") — including SEO auditing, accessibility and compliance scanning, and session replay and behaviour analytics — along with relevant support services (the "Services") to merchants who rely on Shopify to power their online stores. This Privacy Policy outlines the manner in which we collect, use, and share personal information when you install or use the App in conjunction with your Shopify-supported store. It further explains your privacy rights and how applicable laws protect you.

2. Merchants and store visitors

This policy concerns two groups:

• Merchants who install and use TawnyWatch.
• Store visitors — the shoppers visiting a merchant's store, whose on-page activity may be recorded for the merchant's analytics.

For store-visitor data, the merchant is the data controller and TawnyWatch acts as a data processor on the merchant's behalf and under their instructions. Merchants are responsible for disclosing the use of session recording in their own store privacy policy and for obtaining any consent required by applicable law (such as GDPR, ePrivacy, or CCPA/CPRA) before recording.

3. Personal information the app collects

From merchants

• Store name and domain and related store information made available through Shopify.
• A contact email address you provide to receive monitoring alerts.
• Plan and subscription status. Billing is handled by Shopify — we do not collect or store payment card details.
• The authorization Shopify issues so the app can operate, held securely and never shared.

From store visitors (session replay)

• On-page activity such as clicks, scrolls, mouse and touch movement, screen size, pages viewed, and referring page.
• General technical details such as browser and device type.
• Cart contents and value, so merchants can see purchasing intent and abandoned-cart insights.

What we do not collect

• Text typed into form fields is masked and never recorded — including names, email addresses, postal addresses, passwords, and payment information.
• We do not collect Shopify customer-account identities and do not tie recordings to a named customer.
• We filter out automated traffic; recording begins only after genuine human interaction.

4. Why we collect this information

• To provide session replay and behaviour analytics to the merchant.
• To detect friction such as rage clicks and checkout issues so merchants can fix problems.
• To surface revenue and abandoned-cart insights.
• To run SEO and accessibility/compliance scans on pages the merchant submits.
• To send merchants the monitoring alerts they choose to receive.

5. How we share information

We use a small number of trusted service providers to operate the app, including Shopify (app platform, authentication, and billing) and reputable cloud infrastructure providers for hosting and processing. Each processes data only as needed to provide their service and under their own data-protection terms. We may also disclose information where required to comply with the law or a valid legal request, or to protect our rights.

We do not sell personal information and do not share it for advertising.

6. Data storage and retention

Information is stored on secure servers operated by our infrastructure providers. Session recordings are retained according to the merchant's plan and then automatically deleted. When a merchant uninstalls the app, that store's data is permanently deleted within approximately 48 hours, in line with Shopify's data-redaction requirements. While we use current technologies and safeguards to protect personal information, no method of transmission or storage is completely secure.

7. Security

• Data is encrypted in transit using industry-standard TLS/HTTPS.
• Form inputs are masked before any data leaves the visitor's browser.
• Each merchant's data is isolated and accessible only through an authenticated session tied to that store.
• Session recordings are kept in private storage that is not publicly accessible.

8. International transfers

Your information may be processed in the United States and other countries where we and our service providers operate. Where required, appropriate safeguards are applied to such transfers.

9. Your rights

Store visitors should contact the merchant whose store they visited, as the merchant controls that data; we assist merchants in responding to such requests and support Shopify's customer data-request and redaction processes. Merchants may contact us directly at support@tawnywatch.com.

9.1 GDPR (EU/UK)

If you are in the EU or UK, you have the right to be informed about, access, correct, erase, port, and restrict or object to the processing of your personal data.

9.2 CCPA/CPRA (California)

If you are a California resident, you have the right to know what personal information we hold, request its deletion, opt out of any "sale" of personal information (we do not sell it), and not be discriminated against for exercising these rights.

10. Cookies and local storage

To keep a single visit continuous across pages, the app stores a small, randomly generated identifier in the visitor's browser. It is scoped to the merchant's store only and is not used for cross-site tracking or advertising.

11. Children

TawnyWatch is not directed at children, and we do not knowingly collect personal information from children under 16.

12. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date above.

13. Contact

Questions or requests: support@tawnywatch.com.