Privacy Policy

How Shop Insight collects, uses, and protects your data

Last updated: December 15, 2025

Privacy at a Glance

No PII Collected

We don't collect names, emails, or personal identifiers

Anonymous Tracking

Session-based analytics with no cross-site tracking

GDPR & CCPA

Fully compliant with privacy regulations

Encrypted Storage

All data encrypted at rest and in transit

1. Introduction

Keypoint Technologies ("we", "us", "our") operates Shop Insight, a behavioral analytics platform that helps e-commerce merchants understand what content their customers read, not just what they click.

This privacy policy explains how we collect, use, and protect data when you:

  • Visit a store using Shop Insight tracking
  • Are a merchant using Shop Insight services

2. Data We Collect

For Store Visitors

When you visit a store using Shop Insight, we collect:

  • Behavioral data: Text highlights, hover interactions, click events, scroll depth, viewport visibility, time spent reading
  • Session data: Anonymous session IDs (UUID v7), timestamps, page URLs visited, referrer information
  • Technical data: Browser type, device information, page titles

What We DON'T Collect

  • Names, email addresses, phone numbers
  • Payment information or credit card details
  • Account credentials or passwords
  • Social Security numbers or government IDs
  • Personal identifiable information (PII)

For Merchants

  • Shop domain and configuration settings
  • Shopify OAuth tokens (encrypted at rest)
  • Dashboard API credentials
  • Business context for insight generation
  • Email address for account management

3. How We Use Data

We use collected data to:

  • Generate behavioral insights: Analyze reading patterns to create content recommendations for merchants
  • Keyword extraction: Identify topics and products customers are interested in (rule-based, no AI on raw visitor data)
  • Content analytics: Understand which pages and content sections engage customers
  • Weekly reports: Create AI-powered insight summaries based on aggregated, anonymized pattern data
  • Service improvement: Enhance accuracy and performance of our analytics

Important: AI Processing

We use OpenAI's API to generate weekly insight summaries. OpenAI processes aggregated, anonymized pattern data only — never individual visitor behavior or personal information.

4. Data Protection & Security

  • PII Filtering: Automatic detection and removal of sensitive information (SSNs, credit cards, API keys)
  • URL Normalization: Remove identifying information from URLs (e.g., /client/123 becomes /client/:id)
  • Encryption: All data encrypted at rest and in transit (TLS 1.3+, 256-bit SSL)
  • Anonymous Sessions: No cross-site tracking or user identification across different stores
  • Secure Authentication: Separate token types for different access levels
  • Regular Security Audits: Ongoing security assessments and improvements

5. Third-Party Services

Shop Insight uses the following third-party services:

  • OpenAI: Processes aggregated weekly patterns to generate insight recommendations (no individual visitor data sent)
  • Shopify: OAuth integration for fetching product catalogs (used only with merchant authorization)
  • Cloud Hosting: PostgreSQL database for secure data storage

We do not sell, rent, or share your data with third parties for marketing purposes.

6. Merchant Responsibilities

Merchants who embed Shop Insight tracking must:

  • Disclose behavioral tracking to their customers in their own privacy policy
  • Obtain necessary consents under applicable law (GDPR, CCPA)
  • Configure PII filtering appropriately for their shop type
  • Understand they own the data collected from their store

Important: Keypoint Technologies acts as a data processor for merchant data. Merchants are the data controllers and are responsible for compliance with privacy laws in their jurisdiction.

7. Data Retention

  • Raw tracking data: Retained based on your plan (7 days for Free, 12 months for Premium, unlimited for AI Pro)
  • Aggregated insights: Retained for 12 months for historical comparison
  • Merchant account data: Retained while account is active, deleted within 30 days of account closure

8. Your Rights

Under GDPR (EU Visitors)

  • Right to access your data
  • Right to deletion ("right to be forgotten")
  • Right to data portability
  • Right to object to processing
  • Right to restrict processing

Under CCPA (California Visitors)

  • Right to know what data is collected
  • Right to deletion
  • Right to opt-out of data sale

Note: Shop Insight does not sell personal data.

How to Exercise Your Rights

  • Store visitors: Contact the merchant directly (they own and control the data)
  • Merchants: Email us at support@shopinsight.app or through your dashboard settings

9. Cookies & Tracking

Shop Insight uses:

  • Session storage for temporary session IDs (not cookies)
  • No third-party advertising cookies
  • No cross-site tracking
  • No persistent tracking across stores

Tracking script identifier: behavioriq-tracker.min.js

10. International Data Transfers

Shop Insight infrastructure:

  • Primary database: Hosted in secure cloud infrastructure
  • OpenAI API: US-based processing for insight generation
  • Data transfers comply with GDPR standard contractual clauses

11. Children's Privacy

Shop Insight is not directed at children under 13 years of age. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify merchants of material changes via email. Merchants must notify their customers of changes as required by law.

Continued use of Shop Insight after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, data access requests, or to exercise your rights:

We will respond to all privacy requests within 30 days.

Privacy-First Analytics

Shop Insight is designed from the ground up to respect privacy while delivering powerful behavioral insights. We track reading behavior, not people.

No PII CollectionGDPR CompliantCCPA CompliantSOC 2 (In Progress)