Ape-X Free Shipping Bar Cookie Policy

1. What Are Cookies and Similar Technologies?

1.1 Cookies

Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit a website. They help websites remember your preferences, maintain login sessions, and track usage patterns.

1.2 SessionStorage and LocalStorage

These are browser-based storage mechanisms similar to cookies, but with different characteristics:

• SessionStorage: Temporary storage that expires when the browser tab/window is closed
• LocalStorage: Persistent storage that remains until explicitly deleted
• Key Difference from Cookies: Not automatically sent to servers with every HTTP request

1.3 What We Use

Our App primarily uses sessionStorage (not traditional cookies) for customer-facing tracking. Store administrators may encounter Shopify-managed cookies in the embedded app interface.

2. How We Use Tracking Technologies

2.1 Customer-Facing Storefront (Your Customers' Browsers)

What We Use:

• Technology: SessionStorage (not cookies)
• Purpose: Track shipping bar interactions during a single browsing session
• Data Stored: Unique session ID, bar impressions, clicks, cart value updates
• Expiration: Automatically deleted when browser tab/window is closed
• Third-Party Access: None
• Cross-Site Tracking: NO

Session ID Format:

We generate a random session ID (e.g., sb_session_abc123xyz) stored in sessionStorage. This ID is:

• Used only to group interactions within a single browsing session
• Not linked to customer identity, name, email, or any personally identifiable information
• Not shared with third parties
• Not used for cross-site tracking or advertising

2.2 App Admin Interface (Store Administrators)

Shopify-Managed Authentication Cookies:

When you access the Free Shipping Bar dashboard within your Shopify admin, Shopify manages authentication cookies to maintain your logged-in session. These cookies are:

• Set by Shopify (not by our App)
• Governed by Shopify's Cookie Policy and Privacy Policy
• Necessary for the embedded app to function within Shopify's admin interface
• Used to verify you are an authorized store administrator

Our Session Management:

We store a minimal session identifier to:

• Maintain your authenticated state while using the App
• Remember your current page and unsaved configuration changes
• Prevent unauthorized access to your shipping bar settings

This session data is stored server-side and linked to a secure session ID. The session ID itself is managed by Shopify's authentication system.

3. Detailed Breakdown of Tracking Technologies

4. Categories of Tracking Technologies

4.1 Strictly Necessary (Essential)

These technologies are essential for the App to function. Without them, the App cannot provide its core services.

What We Use:

• Session ID (SessionStorage): Required to track bar interactions for Premium analytics
• Shopify Authentication: Required to verify you are an authorized store administrator
• App Session Management: Required to maintain your logged-in state

Legal Basis: Legitimate interest (EU) / Contract performance (providing the service you requested)

Can You Disable? No - these are essential for the App to work. Disabling them will prevent the App from functioning.

4.2 Analytics and Performance (Premium Feature Only)

For Premium subscribers, we use session IDs to generate aggregated analytics reports.

What We Track:

• Number of sessions where shipping bars were displayed
• Number of clicks on shipping bars
• Device type (desktop vs. mobile) - aggregated counts only
• Order conversions attributed to bar interactions

Legal Basis: Consent (EU) / Legitimate interest (service improvement)

Can You Disable? Yes - downgrade to the Free Plan to opt out of analytics tracking

4.3 Marketing and Advertising

We do NOT use any marketing or advertising cookies.

• No Google Analytics or Facebook Pixel
• No retargeting or remarketing cookies
• No cross-site tracking for advertising purposes
• No data sharing with advertising networks

4.4 Social Media

We do NOT use social media cookies or plugins.

• No Facebook Like buttons
• No Twitter/X share buttons
• No social media tracking pixels

4.5 Third-Party Cookies

The only third-party cookies are from Shopify (app admin interface only).

Google Fonts (Customer Storefront):

If your shipping bar uses a Google Font, customers' browsers may load the font from Google's servers. This may result in:

• Customer IP address being sent to Google
• Google potentially setting cookies (governed by Google's Privacy Policy)
• Font files cached in customer's browser

How to Avoid: Use system fonts instead of Google Fonts in your shipping bar configuration

5. What Information Do We Collect?

5.1 From Customer-Facing SessionStorage

Data Collected:

• Session ID: Random identifier (e.g., sb_session_xyz123)
• Bar Impressions: Count of how many times bars were displayed
• Clicks: Count of clicks on shipping bars
• Cart Value Updates: Tracking when cart value changes (to update bar message)
• Device Type: Desktop or mobile (for responsive display)

Data NOT Collected:

• Customer name, email, phone number, or address
• Payment information
• Browsing history on other websites
• Precise geolocation (beyond country-level for geotargeting)
• Social media profiles or identifiers

5.2 From App Admin Interface

Data Collected:

• Store domain (Shopify store URL)
• Store owner name and email (from Shopify)
• Session ID (to maintain logged-in state)
• App configuration changes (shipping bar settings)

6. Why We Use These Technologies

6.1 Core Functionality

• Dynamic Bar Updates: SessionStorage allows us to update shipping bar messages in real-time as customers add items to their cart without page reloads
• Session Tracking: Prevents duplicate impression counting within the same browsing session
• Click Attribution: Links clicks to specific bars for performance reporting (Premium)

6.2 Analytics and Reporting (Premium Only)

• Performance Metrics: Generate dashboards showing how shipping bars perform
• A/B Testing: Compare performance of different shipping bars
• Order Attribution: Track which orders were influenced by shipping bar interactions
• ROI Measurement: Help merchants understand the value of free shipping offers

6.3 Security and Fraud Prevention

• Session Management: Prevent unauthorized access to app settings
• Rate Limiting: Protect against abuse and API flooding
• Authentication: Verify you are the legitimate store owner

7. Third-Party Services

7.1 Shopify

Cookies Set: Authentication and session management cookies in the embedded app interface

Purpose: OAuth 2.0 authentication, admin panel access control

Privacy Policy: https://www.shopify.com/legal/privacy

Cookie Policy: https://www.shopify.com/legal/cookies

7.2 Google Fonts (Optional)

Cookies Set: May set cookies when loading fonts from fonts.googleapis.com or fonts.gstatic.com

Purpose: Font delivery and caching

Privacy Policy: https://policies.google.com/privacy

Data Sent: Customer IP address, browser information

How to Opt-Out: Use system fonts instead of Google Fonts in your shipping bar settings

7.3 Fly.io (Hosting Provider)

Cookies Set: None directly (server-side hosting only)

Purpose: Infrastructure and database hosting

Data Processed: Server logs, IP addresses (for technical operations only)

Privacy Policy: https://fly.io/legal/privacy-policy/

8. Your Cookie Choices and Controls

8.1 Browser Settings

You can control cookies through your browser settings:

Google Chrome:

1. Click the three dots menu → Settings
2. Privacy and security → Cookies and other site data
3. Choose your preference (Block third-party cookies, Block all cookies, etc.)
4. To clear existing data: Clear browsing data → Cookies and other site data

Mozilla Firefox:

1. Menu → Settings → Privacy & Security
2. Under "Cookies and Site Data," click "Manage Data" to view and delete
3. Choose "Enhanced Tracking Protection" level (Standard, Strict, or Custom)

Safari (macOS):

1. Safari → Preferences → Privacy
2. Choose "Block all cookies" or "Prevent cross-site tracking"
3. Click "Manage Website Data" to view and delete stored data

Microsoft Edge:

1. Menu → Settings → Privacy, search, and services
2. Under "Tracking prevention," choose level (Basic, Balanced, Strict)
3. Under "Clear browsing data," manage cookies

8.2 Clearing SessionStorage

For customer-facing sessionStorage (used by our shipping bars):

• Automatic: Close the browser tab/window - sessionStorage is automatically cleared
• Manual: Use browser Developer Tools (F12) → Application/Storage → Session Storage → Delete

8.3 Opt-Out of Analytics Tracking

To opt out of analytics tracking:

• Store Owners: Downgrade to the Free Plan (analytics only available on Premium)
• Customers: Analytics are aggregated and anonymous - no personal data is collected

8.4 Do Not Track (DNT) Signals

We respect Do Not Track browser signals for customer-facing tracking:

• If DNT is enabled, we limit data collection to essential functionality only
• Analytics metrics may be affected but core shipping bar functionality remains
• To enable DNT: Browser settings → Privacy → Enable "Do Not Track"

8.5 Mobile Devices

iOS (iPhone/iPad):

• Settings → Safari → Privacy & Security
• Enable "Prevent Cross-Site Tracking"
• Tap "Clear History and Website Data" to remove cookies

Android:

• Chrome: Menu → Settings → Privacy and security → Clear browsing data
• Select "Cookies and site data" and clear

9. Impact of Disabling Cookies

9.1 If You Disable SessionStorage (Customer Storefront)

What Still Works:

• Shipping bars will still display
• Messages will still update based on cart value
• Clickable bars will still redirect to configured URLs

What May Not Work:

• Duplicate impression prevention (same session may be counted multiple times)
• Analytics accuracy (Premium users may see inflated metrics)
• A/B testing attribution may be less accurate

9.2 If You Disable Shopify Admin Cookies

Impact:

• You will not be able to access the Free Shipping Bar dashboard
• Shopify admin login will fail
• You cannot configure shipping bars

Solution: Shopify admin cookies are essential - they must be enabled to use the App

10. Cookie Consent and Compliance

10.1 EU Cookie Directive (ePrivacy Directive)

For users in the European Union:

• Strictly Necessary Cookies: We use essential sessionStorage without requiring consent (legitimate interest)
• Analytics Cookies (Premium): By subscribing to Premium, you consent to analytics tracking
• Opt-Out: You may withdraw consent by downgrading to Free Plan at any time

10.2 GDPR (General Data Protection Regulation)

Our cookie practices comply with GDPR:

• Legal Basis: Legitimate interest (essential), Consent (analytics), Contract performance (admin)
• Data Minimization: We collect only the minimum data necessary
• Purpose Limitation: Data used only for stated purposes
• Transparency: This Cookie Policy provides full disclosure

10.3 CCPA (California Consumer Privacy Act)

For California residents:

• No Sale of Personal Information: We do NOT sell data collected via cookies
• Right to Opt-Out: You can disable sessionStorage via browser settings
• Right to Know: This policy discloses all tracking technologies used

10.4 Cookie Consent Banners

Do We Show a Cookie Consent Banner?

No, we do not show a cookie consent banner on customer storefronts because:

• We use sessionStorage (not cookies) for customer tracking
• SessionStorage is temporary and session-scoped (lower privacy impact than persistent cookies)
• We do not engage in cross-site tracking or advertising
• Essential functionality requires minimal tracking

Should Merchants Add a Cookie Notice?

If you use Google Fonts in your shipping bars, you may want to add a general cookie notice disclosing that Google Fonts may set cookies. Consult your legal advisor for specific requirements in your jurisdiction.

11. Children's Privacy

The Free Shipping Bar app is not directed to children under the age of 16. We do not knowingly collect data from children through cookies or sessionStorage. If you believe we have inadvertently collected data from a child, contact us at iain@ape-x.shop, and we will delete it promptly.

12. Data Retention

12.1 SessionStorage (Customer Storefront)

• Duration: Until browser tab/window is closed
• Deletion: Automatic when session ends
• Server-Side: Session data aggregated into daily analytics (Premium only) and stored indefinitely

12.2 App Admin Session

• Duration: 90 days from last activity
• Deletion: Automatic expiration after 90 days of inactivity
• Manual Deletion: Uninstall the App to delete all data within 48 hours

12.3 Analytics Data (Premium)

• Duration: Retained indefinitely for historical reporting
• Deletion: Contact us at iain@ape-x.shop to request deletion
• Automatic Deletion: All data deleted within 48 hours of uninstalling the App

13. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our technologies, legal requirements, or business practices. When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email (for app administrators)
• We will display a notice in the App dashboard
• Continued use after changes take effect constitutes acceptance

We recommend reviewing this Cookie Policy periodically. You can request previous versions by contacting iain@ape-x.shop.

14. Contact Us

If you have questions or concerns about our use of cookies and tracking technologies, please contact us:

Ape-X Performance and Fitness Limited
Email: iain@ape-x.shop
Subject Line: "Cookie Policy Inquiry"

Response Time: We aim to respond within 48 hours (business days).

For GDPR Inquiries: Use subject line "GDPR Cookie Inquiry"
For CCPA Requests: Use subject line "CCPA Cookie Request"

15. Summary

What You Need to Know:

• We do NOT use traditional cookies on customer storefronts
• We use sessionStorage (temporary, session-scoped) for customer tracking
• We do NOT engage in cross-site tracking or advertising
• We do NOT sell or share data with advertising networks
• Shopify manages authentication cookies in the app admin interface
• You can disable sessionStorage via browser settings without breaking core functionality
• Analytics tracking is opt-in (Premium Plan subscription required)