Cart Radar (“the App”) is provided by Dragon Apps (“Dragon Apps”, “we”, “us”). This policy explains what personal data the App collects, how we use and share it, and your choices. It covers both the Cart Radar Shopify app and the Cart Radar Slack app.

Cart Radar helps Shopify merchants detect abandoned carts above a value the merchant chooses and sends alerts by email and Slack so the merchant can follow up and recover the sale.

Our role

For personal data about a store's customers, the merchant is the data controller and Dragon Apps is a data processor acting on the merchant's instructions. For data about the merchant's own account and use of the App, we act as a controller. Store customers should direct privacy requests to the merchant; we assist merchants in responding.

Information we collect

Merchant and store information

  • Your Shopify store domain, store name, and currency.
  • Shopify access tokens, used to call the Shopify Admin API on your store's behalf.
  • App configuration you set, including alert rules (cart-value threshold, item count, inactivity window), notification channel settings, and the email addresses you add as alert recipients.
  • Subscription and billing status. Billing is handled through Shopify; we do not receive or store payment card details.

Customer information (processed on the merchant's behalf, received from Shopify)

  • When a checkout is created or updated on your store, Shopify sends us checkout details so the App can detect abandoned carts. This can include the customer's name, email address, phone number, the products in the cart, the cart value and currency, and cart/checkout URLs and timestamps.
  • When an order is created, we receive order details (such as order identifier, total, and matching identifiers like checkout token, email, or phone) to attribute recovered sales.
  • We do not collect payment card numbers, and we do not track customer browsing behavior.

Slack information

  • If you connect Slack, we use Slack OAuth with the incoming-webhook permission. We receive and store a channel-specific webhook URL and the workspace/channel name you select, used only to post cart alerts to that channel. We do not read your Slack messages or access other Slack data.

How we use information

  • Detect abandoned and qualifying carts according to your rules.
  • Send alerts to the email recipients and Slack channel you configure. These alerts include the cart details (which may contain customer name, email, phone, and items).
  • Let you view a cart's details, contact the customer, and create a draft order.
  • Track which alerted carts are recovered and report recovered revenue.
  • Provide billing, support, security, and to operate and improve the App.

How we share information

We do not sell personal data. We share data only to provide the App, with the following categories of service providers (subprocessors):

  • Shopify — the platform and APIs the App runs on.
  • Amazon Web Services (SES) — delivery of alert emails. Alert emails contain cart details and are sent to the recipients you configure.
  • Slack — delivery of alert messages to the channel you connect. Messages contain cart details.
  • Railway — application hosting and database storage.

At your direction, cart and customer details are included in the alerts delivered to your team by email and Slack. We may also disclose information if required by law or to protect our rights and users.

Data retention and deletion

  • We retain checkout snapshots and related records while the App is installed so the dashboard and recovery tracking work.
  • We honor Shopify's mandatory privacy webhooks. On a customer redaction request we delete or anonymize that customer's personal data; on a shop redaction request we delete the store's data; we respond to customer data requests.
  • When you uninstall the App, we stop processing and remove your store's session credentials. Shopify then sends a shop redaction request (typically about 48 hours later), at which point we delete your store's data.
  • You may also request deletion by contacting us at [email protected].

Your rights

Depending on your location (for example, under the EU/UK GDPR or California's CCPA/CPRA), you may have rights to access, correct, delete, or restrict the use of your personal data, and to object to certain processing. Store customers should contact the merchant they shopped with. Merchants and individuals can contact us at [email protected] and we will assist or respond as required by law.

Security

We use reasonable technical and organizational measures to protect personal data, including encryption in transit (TLS), restricted access, and secure storage of access tokens. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

International data transfers

We and our subprocessors may process data in the United States and other countries. Where required, we rely on appropriate safeguards for international transfers.

Children

The App is not directed to children and we do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. We will post the updated version with a new “Last updated” date.

Contact

Company: Dragon Apps
Email: [email protected]
Website: https://dragonapps.io
For full contact details, visit our contact page.