Veritraffic Privacy Policy

Effective June 18, 2026

Veritraffic ("we", "the app") helps Shopify merchants detect and clean bot and fake traffic from their store, email marketing (Klaviyo), analytics, and ad pixels. This policy explains what data the app processes, why, and the choices you and your customers have. We are privacy-first by design: we minimize the data we store and we never store raw customer email addresses.

Who is responsible for your data

When you install Veritraffic on your store, you (the merchant) are the data controller for your customers' personal data, and Veritraffic acts as a data processor that processes that data on your behalf and on your instructions. For the data needed to operate and secure the app itself (such as your store domain and app settings), Veritraffic is the controller.

What data we process

We do not store raw email addresses, names, phone numbers, or postal addresses. We do not sell personal data. We do not use your data to train models for other merchants.

Why we process it (purposes & legal basis)

We process this data to detect automated / fraudulent traffic, clean fake profiles out of your marketing tools, and keep your conversion reporting accurate. Under the GDPR, the legal bases are your instructions as the merchant (for processing on your behalf) and the legitimate interest of you and your customers in preventing bot abuse and fraud, balanced against privacy by data minimization.

Sub-processors

How long we keep it

We keep event data only as long as we need it to detect and show bot activity, and we minimize what we store (for example, only a one-way hash of email addresses — never the raw address). Detection results are kept while the app is installed. When you uninstall the app, we delete your store's data; we also honour Shopify's mandatory data-deletion requests (see below).

Your customers' rights & data deletion

Your customers may exercise their GDPR rights (access, rectification, erasure, restriction, objection) through you as the merchant. We support Shopify's mandatory compliance webhooks:

Security

Data is stored with access restricted to the app's server-side service role; third-party credentials (Klaviyo tokens, ad-pixel secrets) are never sent to the browser. We minimize the personal data we hold to reduce risk.

International transfers

Our database is hosted in the EU. Where data is processed by sub-processors outside your region, it is governed by their respective data-processing terms.

Changes to this policy

We may update this policy as the app evolves. Material changes will be reflected here with a new effective date.

Contact

Questions about this policy or your data? Email mykhailo.kholiev@gmail.com.