Last Updated: September 12, 2025
Insightto (“we”,“our,” or “Insightto”) is committed to protecting your personal information. This Privacy Policy explains in detail how we collect, use, store, disclose, and protect your personal information, as well as your rights in the data processing process. This Policy applies to all information you provide through our website [https://www.insightto.ai], services, SDK, or other means of interaction with us.
We understand the importance of privacy and strive to ensure that our data practices are transparent, fair, and compliant with applicable data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
This Privacy Policy also describes how we process and protect data obtained through the Shopify API and how we comply with Shopify’s data protection and app‑review requirements.
We process personal information in two distinct roles:
a) When we act as a “Data Controller”
When you register an account with us, use our application, or communicate directly with us, we act as the Data Controller of your personal information. Your data privacy is protected — we will only access your account to assist you in resolving issues or fixing software bugs unless you explicitly request otherwise. We will not browse or sell your data to third parties. We log all account accesses by IP address, enabling us to verify any unauthorized access as long as the logs are retained.
b) When we act as a “Data Processor”
When you embed our SDK into your website and use our services to collect visitor data, you are the Data Controller of your visitors’ personal information, and we are the Data Processor. This means we only collect, store, and process visitor data on your behalf, according to your instructions and as outlined in this Privacy Policy.
As a Data Controller, you are responsible for:
Shopify-Specific Data Protection Compliance
To comply with Shopify’s mandatory data protection framework, we support and respond to the following Shopify GDPR webhooks:
When Insightto receives these requests from Shopify, we delete, redact, or return data in accordance with Shopify’s timelines and requirements.
We collect two main categories of information:
a) Information Directly from You (when Insightto is the Data Controller)
When you register an account, subscribe to our services, contact us, or otherwise interact with us, we may collect:
■ Information Received via Shopify API
b) Information We Process on Behalf of the Merchant (when Insightto is the Data Processor)
In order to provide AI survey and analysis services, we collect data from your store's visitors on your behalf.This collection focuses on aggregated and non-personally identifiableThis data includes:
- Mouse Activity: Clicks, movement paths, hovers, scroll depth.
- Page Interactions: Browsing paths, time on page, page transitions.
- Form Interactions: Inputs, modifications, deletions in form fields.
- Event Triggers: Custom events (e.g., adding items to cart, completing payment) configured by you.
- Device Information: Device type, operating system, screen resolution.
- Browser Information: Browser type and version.
- Referrer URL: The URL visited prior to arriving on your site.
- Anonymous Visitor ID: Used to identify unique visitor sessions on your site. Or provided by the Shopify API to link survey responses to session data.
No Sensitive or Prohibited Data Collection
We do not collect or store payment card details, customer passwords, or any sensitive identifiers from Shopify merchants or visitors.
We do not proactively collect sensitive personal information (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, or sexual orientation). If you choose to collect such data via surveys, you, as the Data Controller, bear full responsibility and must ensure that you have obtained explicit consent from visitors.
We process your personal information based on the following lawful bases and purposes:
We process visitor information solely according to your instructions and this Privacy Policy to:
We will never sell, rent, or trade your personal information or visitor information to third parties. We only share information in these limited cases:
Third‑Party Service Providers Used
These providers are authorized to process data only as necessary to deliver the service.
You (as our customer) and your visitors (as data subjects) have rights under applicable law. To exercise these rights, contact us using the details at the end of this Policy.
You have the right to:
Your visitors should submit data subject rights requests directly to you. You are responsible for handling these requests and directing us if our assistance is required.
If you are a California resident, in addition to the above rights, you have the right to:
Our servers and data processing facilities may be located outside your country/region. If you are located in the EU/EEA, your personal information may be transferred to countries outside the EU/EEA. In such cases, we will ensure appropriate safeguards (such as Standard Contractual Clauses or Data Transfer Agreements) are in place to ensure an equivalent level of protection.
● Data Storage Location
All data is stored on secure servers hosted by Amazon Web Services (AWS) in the following region:
AWS us-east-2
Appropriate safeguards, including Standard Contractual Clauses (SCCs), are applied where required.
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. Factors considered include the nature and sensitivity of the data, potential risks, legal obligations, and business needs.
For visitor data you collect as a Data Controller, we will retain it according to your instructions and our service agreement.
Shopify App Uninstallation Data Deletion:
When a Shopify merchant uninstalls our app, we automatically delete all store‑related personal information within 48 hours, in accordance with Shopify’s data protection requirements.
We are committed to securing your personal information through industry‑standard measures, including:
While we take these precautions, no method of transmission or electronic storage is 100% secure, and we cannot guarantee absolute security.
We use cookies and other tracking technologies to identify your browser and device to enhance your service experience.
You can manage your browser settings to block or delete cookies, but some features of our services may be affected.
We may occasionally update this Privacy Policy to reflect changes in our data practices or legal requirements. We will notify you by posting the updated version on our website, via your account, or by email. We encourage you to review this Policy periodically.
If you have any questions about this Privacy Policy, want to know how we handle your personal information, or wish to exercise your rights, please contact us at:
Email: support@insightto.ai
Address: 91 Bencoolen Street #12-03, Sunshine Plaza, Singapore 189652
If you believe we have not handled your personal information properly, you also have the right to lodge a complaint with the relevant data protection authority.