Privacy Policy - Checkout shipping icons

  Privacy Policy

                                                                                

  Last updated: May 1, 2026                                                   


  1. Overview


  Checkout Shipping Icons ("the App") is built and operated as a Shopify

  application by Arktic Studio. This Privacy Policy explains what data we

  collect, how we use it, and your rights regarding that data.


  2. Data We Collect


  The App collects and stores only the minimum data necessary to function:


  - Shop information: Your Shopify store domain, used to associate your carrier

  icon settings with your store.

  - Carrier icon data: The keywords and icon URLs you configure in the app.

  - Session tokens: OAuth access tokens required by Shopify to authenticate the

  app.

  - Checkout session tokens: When the A/B split test feature is enabled by you

  (the merchant), the App stores pseudonymous checkout tokens to measure whether

   checkout sessions result in completed orders. These tokens cannot identify a

  customer on their own.


  The App does not collect names, email addresses, payment information, or other

   directly identifying customer data.


  3. How We Use Your Data


  The data we collect is used solely to:


  - Display carrier icons in your store's checkout

  - Authenticate your session with Shopify

  - Sync your carrier icon settings to your checkout extension

  - Measure the conversion impact of carrier icons through A/B split testing,

  when enabled by you


  We do not sell, share, or disclose your data to any third parties.


  4. Data Storage and Retention


  Your data is stored in a secure PostgreSQL database hosted on Railway

  (railway.app), encrypted at rest and in transit.


  - Shop and carrier icon data is stored for as long as your store has the app

  installed.

  - Session data is deleted immediately upon uninstallation.

  - Split test session data (checkout tokens) is retained for a maximum of 90

  days and then permanently deleted.

  - All remaining shop data is permanently deleted within 48 days of

  uninstallation in accordance with Shopify's GDPR requirements.


  5. Data Deletion


  When you uninstall the App, your session data is deleted immediately. All

  remaining data is permanently deleted within 48 days of uninstallation. If the

   split test feature has been used, any associated checkout tokens are deleted

  as part of this process.


  You may request deletion of your data at any time by contacting us at

  info@arkticstudio.com.


  6. GDPR Compliance


  The App complies with the General Data Protection Regulation (GDPR). We have

  implemented Shopify's mandatory compliance webhooks for:


  - Customer data requests

  - Customer data deletion

  - Shop data deletion


  When a customer requests deletion of their data, any pseudonymous checkout

  tokens associated with their orders are permanently deleted. When a shop

  uninstalls the App, all associated split test data is deleted as part of the

  standard data removal process.


  7. Third-Party Services


  - Shopify: For authentication, billing, and checkout extension hosting.

  - Railway: For application hosting and database storage.


  8. Changes to This Policy


  We may update this Privacy Policy from time to time. Any changes will be

  reflected on this page with an updated date.


  9. Contact


  For any questions or data requests, contact us at info@arkticstudio.com.