1. What data we collect
HueMetrics collects and processes the following data from your Shopify store:
- Product data: Product IDs, variant IDs, titles, product types, tags, selected variant options, and image URLs. We use this data to map products and variants to color families.
- Order data: Order IDs, processed dates, financial status, line item product and variant IDs, line item titles, quantities, and prices for revenue attribution. Shopify order webhooks may deliver a fuller order payload to HueMetrics (including customer name, email, and shipping address). The full payload is briefly held in our internal job queue while it is processed (typically under one second, up to seven days for failed retries). Only the attribution fields listed here are persisted to our analytics tables; the rest of the payload is deleted as soon as the job completes successfully.
- Store metadata: Your shop domain and selected industry category.
- Session data: When you authenticate through Shopify, your admin user profile (name and email) is stored as part of Shopify's required session management. This data is deleted when you uninstall the app.
2. What we do not collect
- Customer names, emails, phone numbers, or contact information (except transiently during webhook processing as described in §1)
- Shipping or billing addresses (except transiently as above)
- Payment or credit card details
- Customer browsing behavior or cookies
3. Lawful basis & how we use your data
Lawful basis (GDPR Article 6). We process your data on the basis of contract performance (Article 6(1)(b)) - installing HueMetrics is the contract to provide the service, and the anonymized benchmark contribution is part of the agreed service (every installed store contributes anonymized aggregates and, in return, receives benchmarks built from all contributing stores). Your agreement to this exchange is also captured explicitly during onboarding as a recorded consent (timestamp and consent version), before any catalog data is synced. Data Subjects who wish to withdraw from this processing can do so by uninstalling the application, which triggers the data lifecycle described in the "Retention" section below.
All data is used to provide color analytics and Shopify actions within the HueMetrics dashboard. We do not sell your store data or use it for third-party advertising.
Industry benchmarks. While HueMetrics is installed, we compute anonymized, aggregate statistics from stores in the same industry category. Only color family percentages and normalized benchmark values are aggregated. Your store name, product names, absolute revenue figures, and customer details are never included in these benchmarks. Shared values are protected by k-anonymity: a merchant-network number renders only when at least 5 contributing stores actually carry it (checked per color family), and your own contribution is always subtracted from any benchmark you read, so no merchant ever sees a value reflecting fewer than 5 other stores. Contribution is an inherent part of how the benchmark network operates and is expressly agreed to at onboarding - every installed store contributes anonymized aggregates and, in return, sees the comparison set built from all other contributing stores. Merchant-network benchmarks are shown only after those thresholds are met; otherwise HueMetrics labels the result as a modeled baseline or public catalog sample. See Terms of Service §6 for the data license you grant by using HueMetrics.
Retention after uninstall. When you uninstall HueMetrics, your per-store benchmark snapshot is deleted. Your past contribution is folded into blended category-level running totals shared by all departed stores: no per-store record, shop identifier, URL, product title, or absolute revenue figure survives. This is how the industry baseline stays stable as stores join and leave. Because the retained data is fully anonymized (no key links it back to your store), it falls outside the scope of GDPR personal data under Recital 26.
Public catalog baseline. Baseline industry benchmarks shown in the app are derived from aggregated analysis of publicly-available e-commerce storefront data (public product catalogs). Only category-level color-family percentages are stored in the production system - no individual store identifiers, URLs, product titles, or SKU-level data are retained or exposed to merchants.
4. Data storage, security, and third-party sub-processors
Data is stored in a secured PostgreSQL database with restricted access, held on a LUKS-encrypted volume (AES-256), so your data is encrypted at rest. All communication between your Shopify store and HueMetrics uses HTTPS/TLS encryption, so it is also encrypted in transit. The database connection uses a randomly-generated password unique to the production deployment. File-system access is restricted to the application user (mode 0600 on secret files).
We engage the following third-party sub-processors:
- Sentry (error monitoring, US-based): If an application error occurs, technical diagnostic data such as error messages, stack traces, and request URLs may be sent to Sentry. Cookie and authorization headers are stripped before transmission; query parameters are removed.
- PostHog (marketing analytics, US-based): On our public marketing pages only (landing page, pricing, legal pages), we collect anonymous pageview events to understand how visitors discover HueMetrics. PostHog runs in cookieless mode - no cookies or local storage are set. No data is collected inside the embedded Shopify app or during authentication.
- Resend (transactional email, US-based): If you enable digest emails, the recipient email address you provide and the digest content are transmitted through Resend to deliver the email. Resend is not used for any other purpose.
- Shopify Inc. (platform provider): HueMetrics relies on Shopify's Admin API for product, order, and session data, and Shopify's billing system for Pro plan subscriptions. Shopify's own privacy practices apply to data held in your Shopify store.
- Our hosting provider (cloud server & database hosting): The HueMetrics application runs on commercial cloud infrastructure that provides physical security, network security, and disk-level access controls.
By using HueMetrics, you acknowledge that limited technical data may be processed in the United States and other jurisdictions where our sub-processors operate. International transfers, where they occur, are made under appropriate safeguards, including the EU Commission's Standard Contractual Clauses where required.
5. Data retention & deletion
- On uninstall - 48-hour grace period: When you uninstall HueMetrics, your store is marked inactive and your authentication tokens are immediately invalidated. Your data is retained for 48 hours so that if you reinstall within that window, your color overrides, custom groups, and order history are preserved.
- After 48 hours (shop redaction): Shopify sends us a shop-redact webhook 48 hours after uninstall (unless you reinstalled). At that point, all store-level data is permanently deleted: product color maps, order analytics facts, revenue aggregates, per-store benchmark snapshots, custom groups, override reports, configuration, and session records.
- Anonymized aggregate retention: As described in §3, because contribution is part of the service, your past contribution survives only inside blended category-level totals shared across all departed stores; the retained data contains no per-store rows and no field that could identify any store.
- Webhook payload retention: Webhook payloads are held in our internal job queue only while a job is being processed (typically under one second). Failed jobs are auto-purged after seven days.
- Backup retention: Encrypted database backups are taken nightly and retained for seven days as disaster recovery. Backup copies are deleted on the eighth day. Backups follow the same access controls as the production database.
- Log retention: Operational logs (server access logs, application logs) are retained on the production server under standard journald defaults (typically two to four weeks depending on disk usage) and rotated automatically.
You can request immediate deletion of your per-store data at any time by contacting support@huemetrics.app.
6. Cookies and tracking
HueMetrics does not set cookies inside the embedded Shopify app. On our public marketing pages, PostHog analytics runs in cookieless, memory-only mode - no cookies, local storage, or persistent identifiers are created on your device.
7. Shopify-mandated compliance webhooks (GDPR)
HueMetrics responds to all three Shopify-mandated compliance webhooks:
- Customer data requests: HueMetrics does not store customer names, emails, phone numbers, addresses, or other customer contact details. If a request relates to order analytics fields stored for a shop, we review and respond according to Shopify's required process.
- Customer redaction: HueMetrics does not store customer contact details. If Shopify identifies order records that must be redacted, we delete or anonymize any matching stored order analytics facts.
- Shop redaction: All store-level data is permanently deleted, including product maps, order analytics facts, revenue data, per-store benchmark snapshots, configuration, and session records. If the store was contributing to anonymous benchmark aggregates, an anonymized aggregate-level copy of its category- and color-family-level percentages is retained (with no shop identifier or any re-identifiable field). Affected shared benchmark aggregates are then rebuilt from live snapshots plus anonymous retained contributions.
8. CCPA compliance (California)
For California merchants, HueMetrics respects your rights under the California Consumer Privacy Act (CCPA). You have the right to know what data is collected, request deletion of your data, and opt out of any sale of personal information. HueMetrics does not sell personal information. To exercise these rights, contact us at the email below.
9. Your rights as a data subject (GDPR)
If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights regarding personal data we process about you:
- Right of access (Article 15): You may request a copy of the personal data we hold about your store.
- Right to rectification (Article 16): You may request that inaccurate or incomplete data be corrected.
- Right to erasure / right to be forgotten (Article 17): You may request deletion of your data. Uninstalling HueMetrics triggers a deletion flow automatically; you may also email us for immediate deletion before uninstalling.
- Right to restrict processing (Article 18): You may request that we limit how we process your data, for example while a rectification dispute is being resolved.
- Right to data portability (Article 20): You may request a portable export of the personal data we hold about your store, in a structured, commonly-used, machine-readable format (JSON). We will deliver the export within 30 days at no charge by emailing support@huemetrics.app from the email address associated with your Shopify account.
- Right to object (Article 21): You may object to processing based on legitimate interests. Note that the merchant-network benchmark feature relies on every installed store contributing anonymized aggregates - objecting to that specific processing is functionally equivalent to ceasing to use the benchmark feature. Uninstalling HueMetrics or invoking your right to erasure (Article 17 below) is the supported way to withdraw all processing.
- Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority. We'd appreciate the chance to address concerns first by emailing support@huemetrics.app.
10. Personal data breach notification
In the event of a personal-data breach likely to result in a risk to the rights and freedoms of data subjects, we will: (a) notify affected merchants by email within seventy-two (72) hours of becoming aware of the breach; and (b) where required, notify the appropriate supervisory authority within seventy-two (72) hours, in accordance with GDPR Article 33. The notification will include the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address it.
11. International data transfers & EU representative
Transfers. Some sub-processors (Sentry, PostHog, Resend) are located in the United States. Where personal data is transferred from the EU/EEA/UK to a third country, the transfer is made under appropriate safeguards, including the EU Commission's Standard Contractual Clauses or equivalent mechanisms recognized by the destination country's adequacy framework.
EU representative. HueMetrics is currently operated from outside the EU/EEA. We do not maintain a dedicated EU representative under GDPR Article 27 at this time, on the basis that our processing of EU residents' data is occasional, does not include special categories of personal data on a large scale, and presents low risk to data subjects (Article 27(2) exemption). We re-evaluate this position as the service scales. If you have specific concerns or are an EU supervisory authority, please contact support@huemetrics.app and we will engage an EU representative service promptly if required.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page and, for substantive changes affecting data handling, by in-app notice. Continued use of HueMetrics after the effective date constitutes acceptance of the updated policy.
13. Governing law & contact
This Privacy Policy is governed by the laws of the Republic of Türkiye and is subject to the dispute-resolution terms in our Terms of Service.
For privacy questions, data subject rights requests, or data deletion requests, contact us at support@huemetrics.app. For all other inquiries, contact support@huemetrics.app. See also our Data Processing Agreement for the contractual processor terms that apply when you are a data controller subject to GDPR.