HueMetricsColor revenue intelligence
Privacy

Privacy policy

How HueMetrics handles Shopify store data, what we collect, what we deliberately avoid collecting, your rights as a data subject, and our security commitments.

Last updated: May 23, 2026

1. What data we collect

HueMetrics collects and processes the following data from your Shopify store:

  • Product data: Product IDs, variant IDs, titles, product types, tags, selected variant options, and image URLs. We use this data to map products and variants to color families.
  • Order data: Order IDs, processed dates, financial status, line item product and variant IDs, line item titles, quantities, and prices for revenue attribution. Shopify order webhooks may deliver a fuller order payload to HueMetrics (including customer name, email, and shipping address). The full payload is briefly held in our internal job queue while it is processed (typically under one second, up to seven days for failed retries). Only the attribution fields listed here are persisted to our analytics tables; the rest of the payload is deleted as soon as the job completes successfully.
  • Store metadata: Your shop domain and selected industry category.
  • Session data: When you authenticate through Shopify, your admin user profile (name and email) is stored as part of Shopify's required session management. This data is deleted when you uninstall the app.
  • Digest email address: Only if you opt into weekly or monthly digest emails. Used solely for sending the reports you requested. You can unsubscribe at any time via the link in every digest email.

2. What we do not collect

  • Customer names, emails, phone numbers, or contact information (except transiently during webhook processing as described in §1)
  • Shipping or billing addresses (except transiently as above)
  • Payment or credit card details
  • Customer browsing behavior or cookies

3. Lawful basis & how we use your data

Lawful basis (GDPR Article 6). We process your data on the basis of contract performance (Article 6(1)(b)) — installing HueMetrics is the contract to provide the service. For our anonymous benchmark aggregates we also rely on legitimate interests (Article 6(1)(f)) in operating and improving an industry-baseline product, balanced against the interests of merchants who can opt out of contribution at any time.

All data is used to provide color analytics, alerts, and actions within the HueMetrics dashboard. We do not sell your store data or use it for third-party advertising.

Industry benchmarks. While HueMetrics is installed, we may compute anonymized, aggregate statistics from stores in the same industry category. Only color family percentages and normalized benchmark values are aggregated. Your store name, product names, absolute revenue figures, customer details, and other identifying information are never included in or derivable from these benchmarks. Merchant-network benchmarks are shown only after a minimum peer threshold is met; otherwise HueMetrics labels the result as a modeled baseline or public catalog sample. You can opt your store out of contributing to these aggregates at any time from Settings → Anonymous benchmark contribution; your personal reports are unaffected either way.

Retention after uninstall. When you uninstall HueMetrics, your per-store benchmark snapshot is deleted. If you were contributing to the anonymous aggregate at the time of uninstall, the aggregate keeps a retained copy of your category- and color-family-level percentages with no shop identifier, URL, product title, or any other field that could re-identify your store. This is how the industry baseline stays stable as stores join and leave. Merchants who opt out of contribution have nothing retained — their snapshot is deleted without any archive.

Public catalog baseline. Baseline industry benchmarks shown in the app are derived from aggregated analysis of publicly-available e-commerce storefront data (public product catalogs). Only category-level color-family percentages are stored in the production system — no individual store identifiers, URLs, product titles, or SKU-level data are retained or exposed to merchants.

4. Data storage, security, and third-party sub-processors

Data is stored in a secured PostgreSQL database with restricted access. All communication between your Shopify store and HueMetrics uses HTTPS/TLS encryption. The database connection uses a randomly-generated password unique to the production deployment. File-system access is restricted to the application user (mode 0600 on secret files).

We engage the following third-party sub-processors:

  • Sentry (error monitoring, US-based): If an application error occurs, technical diagnostic data such as error messages, stack traces, and request URLs may be sent to Sentry. Cookie and authorization headers are stripped before transmission; query parameters are removed.
  • PostHog (marketing analytics, US-based): On our public marketing pages only (landing page, pricing, legal pages), we collect anonymous pageview events to understand how visitors discover HueMetrics. PostHog runs in cookieless mode — no cookies or local storage are set. No data is collected inside the embedded Shopify app or during authentication.
  • Resend (transactional email, US-based): If you opt into digest emails, your email address and digest content are transmitted to Resend for delivery. Resend does not use this data for any purpose other than email delivery.
  • Shopify Inc. (platform provider): HueMetrics relies on Shopify's Admin API for product, order, and session data, and Shopify's billing system for Pro plan subscriptions. Shopify's own privacy practices apply to data held in your Shopify store.
  • Our hosting provider (cloud server & database hosting): The HueMetrics application runs on commercial cloud infrastructure that provides physical security, network security, and disk-level access controls.

By using HueMetrics, you acknowledge that limited technical data may be processed in the United States and other jurisdictions where our sub-processors operate. International transfers, where they occur, are made under appropriate safeguards, including the EU Commission's Standard Contractual Clauses where required.

5. Data retention & deletion

  • On uninstall — 48-hour grace period: When you uninstall HueMetrics, your store is marked inactive and your authentication tokens are immediately invalidated. Your data is retained for 48 hours so that if you reinstall within that window, your color overrides, custom groups, and order history are preserved.
  • After 48 hours (shop redaction): Shopify sends us a shop-redact webhook 48 hours after uninstall (unless you reinstalled). At that point, all store-level data is permanently deleted: product color maps, order analytics facts, revenue aggregates, per-store benchmark snapshots, alerts, custom groups, override reports, configuration, and session records.
  • Anonymized aggregate retention: As described in §3, if you were contributing to anonymous benchmark aggregates at uninstall, your category-level percentages are retained without any field that could re-identify your store. Stores that had opted out have nothing retained.
  • Webhook payload retention: Webhook payloads are held in our internal job queue only while a job is being processed (typically under one second). Failed jobs are auto-purged after seven days.
  • Backup retention: Encrypted database backups are taken nightly and retained for seven days as disaster recovery. Backup copies are deleted on the eighth day. Backups follow the same access controls as the production database.
  • Log retention: Operational logs (server access logs, application logs) are retained on the production server under standard journald defaults (typically two to four weeks depending on disk usage) and rotated automatically.
  • Email-digest preferences: Retained as long as digests are enabled. Removed when you unsubscribe (via the one-click link in every digest) or when your store is redacted.

You can request immediate deletion of your per-store data at any time by contacting privacy@huemetrics.app.

6. Cookies and tracking

HueMetrics does not set cookies inside the embedded Shopify app. On our public marketing pages, PostHog analytics runs in cookieless, memory-only mode — no cookies, local storage, or persistent identifiers are created on your device.

7. Shopify-mandated compliance webhooks (GDPR)

HueMetrics responds to all three Shopify-mandated compliance webhooks:

  • Customer data requests: HueMetrics does not store customer names, emails, phone numbers, addresses, or other customer contact details. If a request relates to order analytics fields stored for a shop, we review and respond according to Shopify's required process.
  • Customer redaction: HueMetrics does not store customer contact details. If Shopify identifies order records that must be redacted, we delete or anonymize any matching stored order analytics facts.
  • Shop redaction: All store-level data is permanently deleted, including product maps, order analytics facts, revenue data, per-store benchmark snapshots, alerts, configuration, and session records. If the store was contributing to anonymous benchmark aggregates, an anonymized aggregate-level copy of its category- and color-family-level percentages is retained (with no shop identifier or any re-identifiable field). Stores that had opted out of contribution have nothing retained. In either case, affected shared benchmark aggregates are then rebuilt from live snapshots plus anonymous retained contributions.

8. CCPA compliance (California)

For California merchants, HueMetrics respects your rights under the California Consumer Privacy Act (CCPA). You have the right to know what data is collected, request deletion of your data, and opt out of any sale of personal information. HueMetrics does not sell personal information. To exercise these rights, contact us at the email below.

9. Your rights as a data subject (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights regarding personal data we process about you:

  • Right of access (Article 15): You may request a copy of the personal data we hold about your store.
  • Right to rectification (Article 16): You may request that inaccurate or incomplete data be corrected.
  • Right to erasure / right to be forgotten (Article 17): You may request deletion of your data. Uninstalling HueMetrics triggers a deletion flow automatically; you may also email us for immediate deletion before uninstalling.
  • Right to restrict processing (Article 18): You may request that we limit how we process your data, for example while a rectification dispute is being resolved.
  • Right to data portability (Article 20): You may request a portable export of the personal data we hold about your store, in a structured, commonly-used, machine-readable format (JSON). We will deliver the export within 30 days at no charge by emailing privacy@huemetrics.app from the email address associated with your Shopify account.
  • Right to object (Article 21): You may object to processing based on legitimate interests, including our anonymous benchmark aggregation. The opt-out toggle in Settings → "Anonymous benchmark contribution" satisfies this right for benchmarks specifically.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority. We'd appreciate the chance to address concerns first by emailing privacy@huemetrics.app.

10. Personal data breach notification

In the event of a personal-data breach likely to result in a risk to the rights and freedoms of data subjects, we will: (a) notify affected merchants by email within seventy-two (72) hours of becoming aware of the breach; and (b) where required, notify the appropriate supervisory authority within seventy-two (72) hours, in accordance with GDPR Article 33. The notification will include the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address it.

11. International data transfers & EU representative

Transfers. Some sub-processors (Sentry, PostHog, Resend) are located in the United States. Where personal data is transferred from the EU/EEA/UK to a third country, the transfer is made under appropriate safeguards, including the EU Commission's Standard Contractual Clauses or equivalent mechanisms recognized by the destination country's adequacy framework.

EU representative. HueMetrics is currently operated from outside the EU/EEA. We do not maintain a dedicated EU representative under GDPR Article 27 at this time, on the basis that our processing of EU residents' data is occasional, does not include special categories of personal data on a large scale, and presents low risk to data subjects (Article 27(2) exemption). We re-evaluate this position as the service scales. If you have specific concerns or are an EU supervisory authority, please contact privacy@huemetrics.app and we will engage an EU representative service promptly if required.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page and, for substantive changes affecting data handling, by in-app notice. Continued use of HueMetrics after the effective date constitutes acceptance of the updated policy.

13. Governing law & contact

This Privacy Policy is governed by the laws of the Republic of Türkiye and is subject to the dispute-resolution terms in our Terms of Service.

For privacy questions, data subject rights requests, or data deletion requests, contact us at privacy@huemetrics.app. For all other inquiries, contact support@huemetrics.app. See also our Data Processing Agreement for the contractual processor terms that apply when you are a data controller subject to GDPR.