Upsell Pro Logo← Back to Home

Privacy Policy

Effective Date: March 2026

Introduction

Upsell Pro ("the App") provides smart upsell and cross-sell functionality ("the Service") to merchants who use Shopify to power their stores. This Privacy Policy describes how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

This App is developed and operated by Chat Squeeze, a Shopify Partner organization.

Information We Collect

Information from Your Shopify Account

When you install the App, we are automatically able to access certain types of information from your Shopify account via Shopify's API:

  • Product Catalog Data — Product titles, descriptions, images, prices, variants, SKUs, tags, and collections. This is used to display upsell offers to your customers.
  • Cart Data — Cart items, quantities, and line item properties. This is used to determine which upsell offers to show based on what's in the cart.
  • Order Data (Read-Only) — Order totals, line items, and timestamps. This is used to track upsell revenue and conversion analytics for your campaigns.
  • Discount Data — Discount codes, automatic discounts, and pricing rules. This is used to create and manage Buy X Get Y (BXGY) promotional discounts.
  • Shop Information — Your shop domain, shop name, currency, timezone, and theme settings. This is used to configure and display the app correctly in your store.

Information We Store

We collect and store the following information to provide the Service:

  • Shop Domain and Settings — Your Shopify shop URL and your app configuration preferences (colors, text, layout customizations).
  • Campaign Configuration — Your campaign settings, including which products trigger which upsell offers, campaign rules, start/end dates, and priority settings.
  • Aggregated Analytics — Anonymous, campaign-level statistics including impression counts, conversion counts, conversion rates, and revenue totals per campaign. This data is aggregated and does not identify individual customers.
  • Anonymous Session IDs — Random, non-identifying session tokens stored in browser localStorage to deduplicate impression tracking. These expire automatically after 30 minutes of inactivity.

What We Do NOT Collect or Store

We are committed to data minimization and privacy:

  • No Customer Personal Information — We do not collect or store customer names, email addresses, phone numbers, shipping addresses, billing addresses, or payment information.
  • No Cookies — We do not use cookies. We use browser localStorage only for anonymous session deduplication.
  • No Third-Party Tracking — We do not use third-party analytics, advertising networks, or tracking pixels.
  • No Customer Browsing History — We do not track customer browsing behavior outside of the cart interaction.

How We Use Your Information

We use the information we collect to provide the Service and operate the App:

  • Display personalized upsell and cross-sell offers to your customers based on cart contents.
  • Create and manage Buy X Get Y (BXGY) promotional discounts and automatic pricing rules.
  • Track campaign performance through aggregated analytics (impressions, conversions, revenue).
  • Customize the appearance and behavior of the upsell widget to match your store's theme.
  • Communicate with you regarding app functionality, support requests, and service updates.
  • Optimize and improve the App's performance and features.

Sharing Your Information

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share your information only in the following limited circumstances:

  • Service Providers — We use trusted third-party service providers to help us operate the App:
    • Vercel — Hosting and infrastructure provider
    • PostgreSQL (via Vercel) — Secure database storage with SSL encryption
    • Shopify — API and payment processing infrastructure

    These providers are contractually obligated to protect your data and use it only to provide services on our behalf.

  • Legal Compliance — We may share information to comply with applicable laws and regulations, respond to a subpoena, search warrant, or other lawful request for information we receive, or to otherwise protect our rights.

Data Retention

We retain your information only as long as necessary to provide the Service:

  • Active Shops — Your shop settings, campaign configurations, and aggregated analytics are retained for as long as you have the App installed.
  • Uninstalled Shops — When you uninstall the App, we automatically delete all shop-specific data within 48 hours via Shopify's app/uninstalled webhook.
  • Anonymous Session Data — Session IDs stored in browser localStorage automatically expire after 30 minutes of inactivity.

GDPR Compliance

If you are a European resident or serve customers in the European Union, you have specific rights under the General Data Protection Regulation (GDPR):

Your Rights

  • Right to Access — You have the right to access personal information we hold about you.
  • Right to Rectification — You have the right to ask that your personal information be corrected or updated.
  • Right to Erasure — You have the right to ask that your personal information be deleted.
  • Right to Data Portability — You have the right to request a copy of your data in a machine-readable format.

To exercise any of these rights, please contact us at support@upsellpro.app.

Mandatory Shopify Webhooks

We comply with Shopify's GDPR requirements by responding to mandatory data privacy webhooks:

  • customers/data_request — When a customer requests their data, we provide all data associated with that customer (if any). Since we do not store customer personal information, this typically returns no data.
  • customers/redact — When a customer requests deletion of their data, we delete any references to that customer (if any) within 10 days.
  • shop/redact — When a shop owner requests deletion of their shop data (e.g., after uninstalling the app for 48 hours), we permanently delete all shop-related data.

Legal Basis for Processing

We process your information on the following legal bases:

  • Contractual Necessity — Processing is necessary to fulfill our contract with you (i.e., providing the upsell service).
  • Legitimate Interests — Processing is necessary for our legitimate business interests (e.g., improving the App, providing customer support, preventing fraud).

Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure that such transfers comply with GDPR requirements through appropriate safeguards, including Standard Contractual Clauses and infrastructure providers that are GDPR-compliant.

Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect your information:

  • All data is stored on secure infrastructure (Vercel and PostgreSQL) with SSL/TLS encryption in transit and at rest.
  • Access to data is restricted to authorized personnel only.
  • We use Shopify's secure API authentication (OAuth 2.0) to access your store data.
  • The App runs as a Shopify App Extension in Shopify's secure sandbox environment.
  • We regularly review and update our security practices to protect against unauthorized access, disclosure, alteration, or destruction of data.

Shopify API Scopes

The App requests the following Shopify API access scopes:

  • read_products — To read your product catalog and display upsell offers
  • write_products — To enable quick product updates (optional, used for future features)
  • read_orders — To track upsell conversions and revenue in analytics
  • read_discounts — To read existing discount codes and prevent conflicts
  • write_discounts — To create automatic discounts for BXGY promotions

These scopes are requested during app installation and are necessary for the App to function. You can review and revoke these permissions at any time from your Shopify admin.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or for other operational reasons. When we make significant changes, we will notify you by:

  • Updating the "Effective Date" at the top of this page
  • Posting a notice in the App or sending an email to the shop owner email address on file

We encourage you to review this Privacy Policy periodically. Your continued use of the App after any changes indicates your acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Upsell Pro

Developed by Chat Squeeze

Email: support@chatsqueeze.com

Website: www.upsellpro.app

We will respond to your inquiry within 30 days. For urgent data protection requests (e.g., GDPR data deletion), please include "URGENT - GDPR" in your email subject line, and we will respond within 72 hours.