Kapturize Privacy Policy

Last updated: May 28, 2026

Kapturize helps Shopify merchants run campaign experiences, capture consented customer emails, sync leads to connected marketing tools, and attribute orders and revenue to campaigns. This Privacy Policy explains what data Kapturize processes and how it is used.

Information Kapturize Processes

Kapturize processes only the data needed to provide the app's campaign, lead, integration, attribution, and reporting features.

Kapturize may process:

• Customer email addresses captured through merchant campaigns.
• Marketing consent status submitted through campaigns.
• Shopify customer identifiers where needed to create, update, or tag customers.
• Shopify order identifiers and order metadata needed for attribution.
• Campaign, campaign run, visitor, event, and attribution identifiers.
• Integration sync status and retry metadata for connected providers.

Kapturize does not request protected customer name, phone, or address fields for V1.

How Kapturize Uses Data

Kapturize uses merchant and customer data to:

• Capture consented campaign leads.
• Create or tag Shopify customers when enabled by the merchant.
• Sync leads to merchant-connected integrations such as Klaviyo, Mailchimp, or Zapier.
• Attribute orders and revenue to campaigns.
• Provide campaign performance, lead, and attribution reporting.
• Process Shopify compliance webhooks.
• Support merchants when they request help.

Consent

Kapturize respects customer consent decisions. When marketing consent is provided, Kapturize can use that consent state for Shopify customer updates and integration syncs. When marketing consent is not provided, Kapturize limits downstream marketing sync behavior according to merchant integration settings and consent-safe rules.

Data Sharing and Integrations

Kapturize may use the following services to provide the app:

• Shopify, for merchant stores, Admin API access, customer/order data, app installation, and compliance webhooks.
• Render/Postgres, for hosted application infrastructure and database storage.
• Klaviyo, if the merchant connects Klaviyo.
• Mailchimp, if the merchant connects Mailchimp.
• Zapier webhook, if the merchant connects a Zapier webhook.
• OpenAI, only when AI copy features are enabled and used.

Kapturize does not sell customer personal data.

Retention

Kapturize keeps customer and attribution data only as long as needed to provide campaign reporting, attribution, integration sync, troubleshooting, and merchant analytics. Raw operational and event data may be retained for an operational period needed for debugging, attribution, diagnostics, and app reliability. Aggregate campaign metrics may be retained longer for merchant reporting.

Deletion, Redaction, and Data Requests

Kapturize supports Shopify compliance webhook handling for:

• Customer data requests.
• Customer redaction.
• Shop redaction.

Customer redaction removes or cleans matching customer lead data, order match data, retry/sync data, and stored compliance export data where applicable. Shop redaction purges shop-specific Kapturize data from application tables.

Security

Kapturize separates local, staging, and production data. Kapturize uses environment-specific secrets and encrypted integration secrets. Production logging is designed to avoid routine customer-derived identifiers unless explicit verbose debugging flags are temporarily enabled for troubleshooting.

Staff access to customer data is limited to operational, security, debugging, and support needs. Kapturize uses access controls and strong passwords for staff and service accounts.

Incident Response

If a security incident affects customer or merchant data, Kapturize will investigate, contain the issue, assess affected data, remediate the cause, and notify affected parties or platforms as required.

Automated Decision-Making

Kapturize does not use customer data for automated decision-making with legal or similarly significant effects.

Contact