Privacy Policy

Effective Date: September 18, 2025
Last Updated: September 18, 2025

1. Introduction

Recover Sales ("we," "our," "us") provides e-commerce analytics and referral tracking services to online merchants. This Privacy Policy primarily describes how we collect, use, disclose, and protect information when our technology operates on merchant websites that use our Services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy regulations.

This Privacy Policy covers:

  • Primary Focus: How we handle data when you interact with merchant websites using our technology
  • Secondary: How we handle data on our own website (recoversales.com)

This Privacy Policy applies to:

  • Customers shopping on merchant websites that use our Services ("Customers")
  • Merchants and their personnel using our Services ("Merchants")
  • Visitors to our website (recoversales.com)

2. Information We Collect

2.1 On Merchant Websites (Primary Focus)

When you visit or shop on a merchant website using our Services, we collect:

Referral Tracking Data:

  • Referral System IDs (RSIDs): 8-character alphanumeric codes we generate to track referral chains
  • Referral URLs and landing pages where referrals are initiated
  • Referral source information and referral chains

Identifiers (Hashed for Privacy):

  • Email addresses: Immediately hashed using SHA-256 encryption before storage (we do not store raw email addresses)
  • Phone numbers: Immediately hashed using SHA-256 encryption before storage (we do not store raw phone numbers)
  • Platform identifiers: Existing identifiers from e-commerce and marketing platforms stored in cookies or local storage

Technical Information:

  • IP addresses: Used for rate limiting and geolocation analysis
  • User agent strings: For bot detection and analytics
  • Domain information: The merchant domain you're visiting

Transaction Data:

  • Checkout event data: Purchase information processed with all personally identifiable information (PII) hashed or removed before storage
  • Note: We specifically remove all address information from checkout events and do not store raw customer personal information

2.2 On Our Website (recoversales.com)

When Merchants visit our website, we collect:

  • Business information: Company name, domain registration
  • Account credentials: API keys, authentication tokens
  • Contact information provided through forms
  • Usage data: Analytics about how you interact with our website

2.3 Information from Merchants

Merchants provide us with:

  • Organization data for multi-tenant management
  • Configuration settings for their referral campaigns
  • Authentication credentials for accessing our Services

3. Cookies and Tracking Technologies

3.1 On Merchant Websites

We use minimal tracking technologies that respect customer privacy:

Cookies We Set:

  • rsid: Main Recover Sales identifier cookie
    • Purpose: Stores your unique 8-character identifier for tracking referral chains
    • Duration: 365 days
    • Type: First-party cookie

Local Storage We Use:

  • rs_current_rsid: Stores the current Recover Sales identifier
  • rs_sent_requests: Prevents duplicate API requests (deduplication)
  • rs_last_platform_data: Stores platform-specific customer data
  • RecoverSales: Unified storage for identifier data
  • shopify_customer_id: Stores Shopify customer ID when available
  • Duration: Persistent until manually cleared by user

Session Storage:

  • Used as a fallback when local storage is unavailable
  • Duration: Cleared when browser tab closes

Third-Party Technologies We Integrate With:

  • Shopify Web Pixels: For tracking checkout events (only on Shopify stores)
  • Platform Identifiers: We read existing Klaviyo and Shopify cookies when present

Important Privacy Features:

  • All our tracking respects Shopify's customer privacy settings where configured
  • When merchants have enabled consent requirements, we check for marketing consent before processing any data
  • If marketing consent is required and not given, our tracking is completely disabled

3.2 On Our Website (recoversales.com)

In addition to the tracking technologies described above for merchant websites, when you visit our own website, we may use additional cookies and local storage for:

  • Authentication and security
  • Website analytics
  • Saving user preferences
  • Session management

3.3 Managing Cookies and Storage

To control cookies and local storage:

  • Use your browser's cookie settings to block or delete cookies
  • Clear local storage through your browser's developer tools or settings
  • Most merchants provide cookie consent tools on their websites
  • Note: Blocking cookies or clearing local storage may limit functionality of referral tracking

4. How We Use Your Information

4.1 Primary Purposes

We use the collected information to:

  • Track and analyze person-to-person referral chains for merchants
  • Identify retargeting opportunities for merchants' abandoned carts
  • Generate analytics and insights to help merchants optimize their marketing
  • Enable cross-platform user identification for better attribution
  • Prevent fraud through bot detection and rate limiting
  • Provide and improve our Services

4.2 Legal Basis for Processing (GDPR)

We process personal data based on:

  • Consent: For marketing-related tracking (obtained through merchant's consent mechanisms)
  • Legitimate Interests: For fraud prevention, security, and service improvement
  • Contract Performance: To provide Services to Merchants
  • Legal Obligation: To comply with applicable laws

5. How We Share Your Information

5.1 We Do Not Sell Personal Information

We do not sell, rent, or trade personal information to third parties. We only process data to provide analytics services to merchants and share data with service providers who help us operate our Services.

5.2 Service Providers

We share information with trusted service providers solely to operate our Services:

  • Supabase: Database hosting and authentication
  • Cloudflare Workers: Script hosting and content delivery
  • DigitalOcean: Infrastructure and hosting
  • Shopify: App functionality and checkout event processing

All service providers are contractually required to protect your information and use it only for providing services to us.

5.3 Merchants

We provide merchants with:

  • Analytics and insights about their customers' referral patterns and behaviors
  • Access to customer data that may include personal information synced from their own third-party platforms (such as Klaviyo)
  • Aggregated performance metrics and retargeting opportunities

Note: Merchants can only access data about their own customers. We facilitate the connection between their various platforms to provide unified analytics.

5.4 Legal Requirements

We may disclose information if required by law, court order, or government regulation.

6. Data Security

We implement industry-standard security measures to protect data. Importantly, we do not store raw customer personal information - all emails and phone numbers are hashed before storage, and address information is never stored.

7. Data Retention

  • System Logs: 30 days
  • Referral and Analytics Data: Retained indefinitely unless deletion is requested
  • Hashed Identifiers: Retained indefinitely unless deletion is requested

You may request deletion of your data at any time by contacting [email protected].

8. Your Privacy Rights

8.1 Rights for All Users

You have the right to:

  • Withdraw Consent: Email [email protected] to withdraw consent
  • Request Deletion: Request deletion of your personal information
  • Opt-Out: Through browser settings or merchant consent preferences

8.2 GDPR Rights (European Economic Area, UK, and Switzerland)

Additional rights include:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Restriction: Request restriction of processing
  • Data Portability: Receive data in machine-readable format
  • Object: Object to processing based on legitimate interests

To exercise these rights, contact [email protected]. We will respond within one month.

You may also lodge a complaint with your local supervisory authority.

8.3 California Privacy Rights (CCPA)

California residents have rights to:

  • Know: What personal information we collect, use, and share
  • Delete: Request deletion of personal information
  • Non-Discrimination: Not be discriminated against for exercising rights

We do not sell personal information. We only share hashed data with service providers necessary to operate our Services.

Categories of Personal Information We Collect:

  • Identifiers (hashed emails, phones, device IDs)
  • Internet activity (browsing behavior, referral patterns)
  • Commercial information (purchase history)
  • Geolocation data (derived from IP addresses)

8.4 How to Exercise Your Rights

To exercise any privacy rights:

  1. Email [email protected]
  2. Provide basic information to help us locate your data (such as email or phone used on merchant sites)
  3. Specify which rights you wish to exercise
  4. We will respond with our process for handling your request

Note: We may need to verify your identity to protect your data and prevent unauthorized access. This verification will be proportionate to the request and the sensitivity of the data.

9. Marketing and Consent

9.1 How We Respect Your Choices

Our Services strictly respect privacy preferences:

  • Consent Integration: We honor all consent settings from merchant websites
  • Marketing Consent Required: Our tracking only operates when marketing consent is given
  • Complete Blocking: If you don't consent to marketing, our tracking is fully disabled
  • No Overrides: We cannot and do not override merchant privacy settings

9.2 Opting Out

You can opt-out by:

  • Using the consent management tools on merchant websites
  • Adjusting browser privacy settings
  • Contacting us at [email protected]

10. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect information from children under 16. If we become aware of collection from a child under 16, we will delete that information.

11. International Data Transfers

Your information may be processed in the United States and other countries. For transfers from the EEA, UK, or Switzerland, we rely on:

  • Standard Contractual Clauses
  • Appropriate safeguards as required under GDPR

12. Third-Party Links

Merchant websites and our website may contain links to third parties. We are not responsible for their privacy practices. Please review their privacy policies.

13. Updates to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated Privacy Policy
  • Updating the "Last Updated" date
  • Notifying Merchants through our Services

14. Contact Information

For privacy-related questions or requests:

Email: [email protected]
Contact Form: You may also use the form below

15. Additional Disclosures

For Merchants

When you use our Services, you are responsible for:

  • Obtaining appropriate consent from your customers
  • Ensuring your privacy policy discloses use of Recover Sales
  • Complying with applicable privacy laws

We act as your data processor for customer data and as a data controller for your business account information.

For EU/UK Data Subjects

Supervisory Authority: You may lodge complaints with your local data protection authority.

Legal Basis Summary:

  • Consent: Marketing analytics and tracking
  • Legitimate Interest: Fraud prevention, security, service improvement
  • Contract: Providing Services to Merchants

Shine the Light (California)

California residents may request information about personal information shared with third parties for direct marketing. We do not share personal information for direct marketing purposes.

By using our Services or interacting with merchant websites using our Services, you acknowledge that you have read and understood this Privacy Policy.

Privacy Request Form
Choose your request type and provide at least one contact method. We will respond to your request in accordance with applicable privacy laws.

* Please provide at least one contact method (email or phone)

← Back to Home