Privacy Policy
Last Updated: January 26, 2026
This Privacy Policy describes how Pony That Limited ("we," "us," or "our") collects, uses, and shares information when you use UserToCart: Quiz (the "App") on Shopify.
1. Information We Collect
1.1 Information from Merchants
When you install and use the App, we collect:
- Store Information: Shop domain, name, owner email, location, and currency settings
- Product Information: Product titles, descriptions, images, tags, metafields, pricing, and inventory
- Quiz Data: Quiz configurations, questions, answers, and product recommendations you create
- Usage Data: How you interact with the App, features used, error logs, and performance data
1.2 Information from End Customers
When customers take quizzes on your store, we collect:
- Quiz Responses (Anonymous): Quiz answers and session IDs (temporary, not linked to accounts)
- Technical Data: IP address (for rate limiting), browser type, and device information
Important: We do NOT collect customer names, email addresses, payment information, or any personal data. All quiz responses are anonymous.
2. How We Use Information
We use collected information to:
- Provide and maintain the quiz service
- Generate product recommendations based on quiz responses
- Cache product data for better performance
- Analyze and improve the App
- Fix bugs and prevent security issues
- Respond to support requests
- Comply with legal obligations
3. Data Storage and Security
3.1 Where We Store Data
We use the following service providers:
- Supabase (Database): Stores quiz configurations and session data. Encrypted at rest and in transit. GDPR compliant.
- Shopify: Your store data remains in Shopify's infrastructure. We access it via secure Admin API.
3.2 Security Measures
We implement industry-standard security:
- ✅ Encryption in transit (HTTPS/TLS)
- ✅ Encryption at rest (database encryption)
- ✅ Access controls and authentication
- ✅ Rate limiting and DDoS protection
- ✅ Input validation and sanitization
- ✅ Regular security audits
4. Data Retention
- Merchant Data: Retained while the App is installed or as required by law
- Quiz Responses: Anonymous responses retained for up to 30 days for analytics
- Upon Uninstall: Quiz configurations deleted within 48 hours, session data deleted immediately
5. Data Sharing
We do NOT sell your data. We do not sell, rent, or trade merchant or customer data to third parties.
We only share data with trusted service providers who help operate the App:
- Supabase: Database hosting (quiz configs and session data)
- Shopify: App hosting platform (store data via API)
We may disclose information if required by law (court orders, legal process, etc.).
6. Your Rights (GDPR & Privacy Laws)
You have the following rights:
- Right to Access: Request a copy of your data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion by uninstalling the App
- Right to Data Portability: Request data in machine-readable format
- Right to Object: Object to data processing in certain circumstances
- Right to Withdraw Consent: Withdraw consent by uninstalling the App
To exercise these rights, contact us at nik@usertocart.com.
7. GDPR Compliance
We comply with the General Data Protection Regulation (GDPR):
- Legal Basis: Contract (to provide service), Legitimate Interest (security/improvement), Legal Obligation
- GDPR Webhooks: We implement mandatory webhooks for data requests, customer redaction, and shop redaction
- Data Protection: Contact our Data Protection Officer at nik@usertocart.com
8. Children's Privacy
The App is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children.
9. Cookies and Tracking
The App uses essential cookies for:
- Session management (required for functionality)
- Authentication (secure login)
- Error tracking (to fix bugs)
We do NOT use: Google Analytics, Facebook Pixel, third-party advertising cookies, or cross-site tracking.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date and notify you via email or in-app notification. Significant changes will require your consent.
11. Contact Us
For questions, concerns, or requests regarding this Privacy Policy:
Pony That Limited
Email: nik@usertocart.com
Website: usertocart.com
Address: Office 9, Dalton House, 60 Windsor Avenue, London, United Kingdom, SW19 2RR
Response Time: We aim to respond within 30 days (as required by GDPR).
12. Shopify-Specific Information
This App complies with Shopify's App Store requirements and Shopify's API Terms of Service.
API Access Scopes:
read_products - To display products in quiz recommendations
We do NOT request access to: Customer personal information, order history, payment information, or any other sensitive data.
Summary
What we collect:
- Store information and product data (from Shopify)
- Quiz configurations (created by you)
- Anonymous quiz responses (not linked to customers)
What we DON'T collect:
- Customer names, emails, or personal information
- Payment information
- Order history
Your rights:
- Access, correct, or delete your data
- Export your data
- Withdraw consent by uninstalling
Questions? Contact us at nik@usertocart.com