Privacy Policy

Last Updated: December 2, 2025

Data Controller

Grupo IO Ecommerce S.L., with Tax ID B21822408 and registered address at Calle Eduardo Morales, 32, 2ºA – 28025, Madrid (Spain), is the data controller responsible for the processing of personal data collected through the Easy Geolocation Shopify application. You can contact us at:

info@migraciones.io .

1. Purpose of Data Processing

We process personal data for the following purposes:

Manage the commercial, contractual, and administrative relationship arising from the use of our Shopify application.
Detect the visitor’s geographic location to suggest appropriate markets.
Display customized geolocation popups with relevant country and language options.
Perform automatic or manual redirects to the most appropriate market based on your configuration.
Provide analytics and insights on popup and redirect performance (e.g., total redirects, acceptance rate, top countries).
Enforce subscription limits (Free vs Premium plans) based on monthly usage.
Respond to support requests and technical assistance.
Improve app functionality and user experience based on aggregated usage data.
Send service-related communications (updates, maintenance notices, security alerts).

The data provided will not be used for purposes other than those described without explicit consent.

2. Legal Basis

The legal basis for processing your personal data is:

Performance of a contract or pre-contractual measures when you install and use the app.
Your explicit consent provided through the app configuration and settings.
Legitimate interest of Grupo IO Ecommerce S.L. for statistical purposes, service improvement, and security.
Compliance with legal obligations (tax, commercial, data protection regulations, and Shopify platform requirements).

3. Data We Collect

3.1 Store Information

When you install and use the app, we process information related to your Shopify store, such as:

Shopify store domain and basic configuration.
Shopify Markets setup (countries, currencies, languages, market handles).
App configuration preferences (popup design, redirect rules, excluded countries/paths).
Custom CSS styling applied to the geolocation popup.
Subscription and billing information related to the app plan and usage metrics, handled through Shopify Billing.

3.2 Visitor Data

The app is designed to use pseudonymous data and not to directly identify individual customers. Specifically, we may process:

IP address (transient):
Used only at request time to determine approximate location. The raw IP is not permanently stored.
Hashed IP identifier (stored):
We store an irreversible hash of the IP to calculate unique visitor metrics and reduce abuse. We do not combine this with Shopify customer profiles.
Geolocation and context data:
- Detected country code and country name.
- Current market and language context.
- Browser locale information.
Popup interaction and redirect events:
- Event type: shown, accepted, rejected, excluded.
- Country code associated with the session.
- Target URL or market (when applicable).
- Auto vs manual redirect.
- Reason for exclusion (excluded country, bot detection, etc.).
- Timestamp.
Pseudonymous identifiers:
- visitorId (used to remember preferences).
- Hashed IP.

We do not intentionally store names, emails, or other directly identifying information.

3.3 Analytics Data

Analytics are aggregated and may include:

Redirect statistics by country, market, or date.
Popup acceptance rate.
Counts of auto vs manual redirects.
Unique visitor metrics.
Monthly usage counts for billing/plan limits.

If optional conversion tracking is enabled, limited order-level info may be processed for aggregated analytics only.

4. Data Recipients

Data may be shared only when necessary:

Legal obligation or operational necessity.
Shopify Platform: APIs, Billing, Data Protection API.
Technology Providers:
- Vercel (hosting).
- Neon.tech (PostgreSQL).

International transfers follow GDPR safeguards.

5. Data Retention

During subscription:
Data required to provide the service is retained, generally no longer than 12 months for analytics.
After uninstall or Shop Redact webhook:
- All store-specific data is deleted within 48 hours.
- Minimal data may be kept only if required by law.

Analytics and logs: Aggregated data retained up to 12 months.

After expiration, data is deleted or anonymized.

6. User Rights

You may exercise your rights by contacting: info@migraciones.io and attaching your ID.

Access
Rectification
Deletion
Opposition
Restriction
Portability

You may file complaints with the Spanish Data Protection Agency: www.aepd.es.

7. Minors

Services are not directed to individuals under 14. We do not knowingly collect minor data.

8. Security Measures

Encryption in transit and at rest.
Encrypted database connections.
Access controls.
Regular security updates.
No credit card storage; handled by Shopify Billing.
Hashed IP identifiers instead of raw IPs.

9. Cookies and Local Storage

The app uses localStorage to:

Remember popup dismissal preferences.
Prevent repeated popups.
Control popup frequency.

We do not use advertising cookies. Shopify/theme cookies follow their own policies.

10. International Data Transfers

Standard Contractual Clauses.
Adequacy decisions.
Additional safeguards as needed.

11. Shopify-Specific Disclosures and Data Protection API

Read Markets data.
Read store domain.
Use Shopify Billing.

We implement the required webhooks:

customers/data_request: Verify if any customer data exists (usually none).
customers/redact: Delete pseudo-anonymous events relating to a customer.
shop/redact: Delete all store data within the required timeframe.
app/uninstalled: Data cleanup per retention policy.

Shopify’s Privacy Policy: https://www.shopify.com/legal/privacy

12. Changes to This Policy

We may update this policy due to legislative or internal process changes.

13. Contact Information

Email: info@migraciones.io
Postal Address: Grupo IO Ecommerce S.L., Calle Eduardo Morales, 32, 2ºA – 28025, Madrid, Spain
Shopify App: Easy Geolocation