This page exists because some merchants — usually larger ones with internal procurement processes — need a single document that explains how we handle the data we process on their behalf. The Privacy policy is the authoritative source; this page is the procurement-friendly summary.
What data we process for you
When you install Rushly or Emote, we process a small, well-defined set of data on your behalf:
- Storefront events — anonymized product views, add-to-cart, remove-from-cart, and emoji reactions, captured through Shopify’s web pixel framework and the storefront SDK.
- Order signals — the count of orders (Rushly sales-ticker widgets). For legacy Cart Count installs, we additionally receive cart webhooks and order webhooks to mark carts as converted.
- Shop configuration — shop domain, plan tier, subscription status. Used to provision the app and gate paid features.
We do not receive shopper names, emails, payment details, or IP addresses. IPs are hashed at the edge and discarded.
How we handle it
- Encryption — TLS in transit; AES-256 at rest.
- Access controls — production access is limited to a small number of personnel, behind SSO and hardware-key 2FA, with quarterly access review.
- Isolation — production data lives in a private network. Admin access is short-lived, logged, and only via a bastion.
- Application security — dependency and code scanning on every change; a coordinated-disclosure program for outside researchers (see Acceptable use).
- Backups — encrypted daily, retained 30 days, restore-tested quarterly.
- Incident response — documented runbook, on-call rotation, postmortem shared with affected merchants within 30 days of any incident with merchant impact.
Retention
| Data | Retention |
|---|---|
| Rushly pixel view records | 31 days |
| Rushly active-cart records | 7 days |
| Rushly legacy cart records | 7 days |
| Emote reaction events | Lifetime of subscription |
| Shop configuration | Deleted within 48 hours of uninstall (per Shopify’s app/uninstalled and shop/redact webhooks) |
Sub-processors
We use a small number of vetted infrastructure providers for hosting, storage, and transactional email. The live list is maintained at /legal/subprocessors. We notify subscribed merchants at least 30 days before adding a new sub-processor that processes Service data; if you object on reasonable grounds within that window, you can terminate the affected subscription and we’ll refund the unused prepaid portion.
Shopper data requests
Shopper events are anonymous by design — there’s typically nothing to look up. We honor Shopify’s mandatory customers/redact and shop/redact webhooks within the windows Shopify mandates.
Merchant data requests
You can request access to, or deletion of, your shop data at any time. Email [email protected] from the account associated with your store. We respond within 30 days.
When the relationship ends
Uninstall the app and we delete shop-identifiable data within 48 hours, per the table above. Aggregated, anonymous event totals may be retained for product analytics — these can’t be tied back to an individual shop or shopper.
If you need a signed counterpart
Most merchants don’t need one — using the apps under these terms is enough. If your procurement process requires a signed data processing addendum, email [email protected] and we’ll send a counter-signed copy.
Contact
[email protected] for anything on this page.