Privacy Policy

PlatinumConsent ("we", "our", "the app") is a Shopify app that helps merchants display cookie consent banners on their storefronts. This policy explains what data we collect, how we use it, and how we protect it.

Merchant data. When you install the app we store your Shopify store domain, installation date, billing plan status, and your banner settings (region, colours, text, position). This is required to provide the service.

Consent records. Each time a storefront visitor accepts or rejects cookies, we log the choice, a random anonymous visitor ID (a UUID generated in the visitor's browser — not tied to any personal identity), and a timestamp. This record exists solely to provide merchants with an audit log for compliance purposes.

Session tokens. We store Shopify OAuth session tokens to keep you authenticated in the app admin. These are standard for all Shopify apps.

We do not collect names, email addresses, IP addresses, or any other personal information from storefront visitors. The visitor ID in consent records is a random string with no connection to any individual.

Data is used exclusively to operate the app: displaying the correct banner configuration on your storefront, gating features by subscription plan, and showing you consent records in the admin dashboard.

We do not sell, rent, or share your data with third parties for marketing purposes.

Shopify. We access your store through the Shopify API as required to install and operate the app. Shopify's own privacy policy applies to data they hold.

Railway. Our application and database are hosted on Railway (railway.app). Data is stored on their infrastructure within their standard security controls.

Your store data and consent records are retained while the app is installed. When you uninstall the app we mark your account as cancelled. You can request full deletion by emailing us (see contact below) and we will remove all associated records within 30 days.

All data is transmitted over HTTPS. Session tokens are stored securely in our database and never exposed to the browser. We do not log or store raw access tokens beyond what Shopify session management requires.

You may request access to, correction of, or deletion of your data at any time by contacting us. Storefront visitors who wish to have a specific consent record removed may contact the merchant directly, as those records contain no personally identifiable information.

Questions about this policy? Visit our support page.