Your data, protected by design
Converlay only touches the data it needs to forward your conversions accurately. Personal details are hashed before they leave your store, they go only to the destinations you choose, and everything is deleted when you uninstall.
What Converlay accesses, and why
During installation, Converlay requests a small set of Shopify permissions. Here's what each one does, why it's needed, and what it is never used for.
read_pixelswrite_pixels- What it accesses
- Lets Converlay add its pixel to your store's Customer Events and keep it up to date.
- Why it's needed
- This is what captures storefront events — with no theme edits or code from you.
- Not used for
- It touches only the Converlay pixel, never your theme, other apps, or store settings.
read_customer_events- What it accesses
- Receives the events Shopify's pixel emits — page views, add-to-cart, checkout, and purchases.
- Why it's needed
- These events are the conversions Converlay forwards server-side to your destinations.
- Not used for
- Building customer profiles or tracking people across other stores.
read_orders- What it accesses
- Reads the value, currency, and line items of completed orders.
- Why it's needed
- Ad platforms need accurate order value and contents to attribute revenue and optimize campaigns.
- Not used for
- Fulfillment, editing orders, or payments — Converlay never sees card or bank data.
read_customers- What it accesses
- Reads the email and phone tied to an order.
- Why it's needed
- Platforms like Meta and Google match a purchase to the ad click that drove it using hashed contact details, which Converlay hashes with SHA-256 before they leave your server.
- Not used for
- Emailing or marketing to your customers, or sending raw personal data anywhere.
read_products- What it accesses
- Reads the product names, IDs, and prices referenced in an event.
- Why it's needed
- Destinations that power catalog and dynamic ads need product details in the payload.
- Not used for
- Editing your catalog, pricing, or inventory.
read_analytics- What it accesses
- Reads your store's aggregate sales totals — not individual customer records.
- Why it's needed
- Converlay's tracking health check compares what Shopify recorded against what each destination received, so you can spot gaps.
- Not used for
- Anything that identifies an individual customer.
How your data is protected
Personal data is hashed
Email, phone, and name are hashed with SHA-256 on our server before any event is forwarded. Destinations receive a match key — never raw personal data.
Server-to-server, encrypted in transit
Events travel from Shopify to Converlay to your destinations over encrypted connections, not through the browser where scripts or ad blockers could intercept them.
Official platform APIs only
Converlay uses each platform's official server-side API — no unofficial endpoints, scraping, or workarounds.
Least-privilege by default
Converlay requests only the scopes it actually uses. If a feature doesn't need a permission, it isn't asked for.
We never sell your data
Your event data goes to the destinations you connect and nowhere else. No data brokers, no third-party sharing, no exceptions. Converlay earns from subscriptions — never from your data.
Consent, respected end to end
Converlay reads consent from Shopify's built-in cookie banner through the Customer Privacy API and maps it to Google Consent Mode v2 on every event. Customers who decline aren't tracked, and you don't need a custom banner or extra setup.
Leave anytime — your data goes with you
Uninstall Converlay from your Shopify admin in one click. We stop processing immediately and delete your store's data. No cancellation hoops and no retention games.
Built for GDPR and CCPA
Converlay is registered with the UK Information Commissioner's Office (ICO) and built to support your data-protection obligations.
GDPR Compliant
Full compliance with EU data protection regulations
CCPA Compliant
California Consumer Privacy Act ready
First-Party Data Only
No third-party cookies or external data sharing
SHA-256 Encrypted
All PII hashed before leaving your server