What we collect
A complete data inventory — every field we capture, what it's for, and where it lives.
This is the comprehensive list of data Follow The Spend collects from your store and your visitors. Use it for compliance reviews, vendor questionnaires, or your own privacy policy.
What we collect from your store
Via Shopify OAuth + webhooks:
| Data | Source | Purpose |
|---|---|---|
| Shop domain | Shopify OAuth | Identifying your store |
| Store name, country, currency | Shopify Admin API | Localization, display |
| Order ID, total, line items, currency | orders/create webhook | Revenue and conversion tracking |
| Refund amount, original order ID | refunds/create webhook | Net revenue calculation |
| Customer ID (Shopify-internal numeric) | orders/create, customers/create webhooks | Identification stitching |
| Customer first name (optional) | customers/create webhook | Display in journeys (masked) |
| Customer email | customers/create webhook | Identification matching only — never displayed in product UI |
| Order timestamp | orders/create webhook | Conversion timing |
We do not collect:
- Customer last names (we ignore them in the webhook payload)
- Customer phone numbers
- Customer addresses (billing or shipping)
- Payment method details (card numbers, etc — Shopify never sends these to apps)
- Product images, descriptions, or full catalog data
What we collect from your visitors
Via the intentiq.js pixel running on your storefront:
| Data | Captured | Purpose |
|---|---|---|
| Visitor ID | First-party cookie we set | Recognizing the same visitor across sessions |
| Session ID | First-party cookie we set | Bounding a continuous browsing visit |
| Page URL (hostname + path + query) | Each page view | Funnel analysis, landing-page reports |
| Page title | Each page view | Display in journeys |
| Referrer URL | Each page view | Channel classification (Organic, Social, Referral) |
UTM parameters (utm_source, utm_medium, utm_campaign, utm_term, utm_content) | Each page view | Channel and campaign attribution |
Click identifiers (gclid, fbclid, msclkid, ttclid) | Each page view | Channel attribution |
| Browser user agent (parsed, not raw) | Each page view | Device classification (mobile/desktop/tablet) |
| IP address | At edge | Geolocation only, then immediately discarded — not stored |
| Country (derived from IP) | At edge | Pulse country filter |
| Page view timestamp | Each page view | Session timing |
We do not capture:
- Form field contents (text inputs, checkout fields, search queries)
- Page DOM contents
- Mouse movements, scroll depth, click heatmaps
- Microphone or camera input (we never request these permissions)
- Keystrokes
- The raw IP address (used at edge, not stored)
- Browser fingerprinting beyond basic user-agent parsing
- Cookies set by other tools or platforms
What we collect about you (the merchant)
When you sign up for FTS:
| Data | Source | Purpose |
|---|---|---|
| Email address | Clerk signup | Authentication, account communication |
| Hashed password | Clerk signup | Authentication (we never see plaintext passwords) |
| Full name (optional) | Clerk profile | Display in account settings |
| Sign-in IP and user agent | Clerk session events | Security, fraud prevention |
| Subscription details | Razorpay (when billing ships) | Billing |
Clerk handles authentication; we never store passwords.
Where data lives
- Customer-store data (orders, customer IDs, sessions, journeys): PostgreSQL on Railway, region: India (for Indian merchants) / US (for international merchants)
- Pixel events in flight: Cloudflare edge proxy → Railway-hosted API → PostgreSQL
- Authentication data: Clerk's infrastructure (Clerk is the auth sub-processor)
- Billing data: Razorpay (Razorpay is the billing sub-processor)
See Sub-processors for the full list of third parties involved.
Retention
- Active subscriptions: data retained for the lifetime of the subscription
- After cancellation: 30-day retention, then permanent deletion
- Trial that didn't convert: 7-day grace period + 30-day retention, then permanent deletion
- Logs (server access logs, error logs): 30 days then rotated
See Data retention for the full policy.
What we do with the data
The legal-language way: we process the data to provide the service you've signed up for. The plain-English way:
- We compute attribution and show it in your dashboard
- We never sell your data
- We never share it with advertisers, marketers, or any third party for their own purposes
- We don't use your data to train ML models, build "industry benchmarks," or any cross-customer aggregation in v1
- We may show anonymized, aggregated stats publicly (e.g. "the median FTS customer has X sessions per order") if and only if individual customers cannot be identified
How to get a copy or deletion of data
For your own data (as the merchant): contact us via hello@followthespend.com. We'll provide a JSON export within 30 days.
For your visitors' data: see Data subject requests. The Shopify privacy webhooks (customers/data_request, customers/redact, shop/redact) are wired to handle these automatically when end-users request via Shopify's admin.
Where to go next
- DPDP & GDPR posture — regulatory framework
- Data subject requests — request handling
- Sub-processors — third parties involved
- Security — how we protect what we collect