Privacy Policy
Effective date: May 20, 2026
This Privacy Policy describes how TridSense (“TridSense,” “we,” “us,” or “our”) collects, uses, and shares information when you install or use TridSense — AI Bars & Bundles (the “App”) on your Shopify store, or when a shopper visits a Shopify storefront where the App is active. See Section 1 for the legal entity behind TridSense.
1. Who we are
TridSense is a sole proprietorship of Trideep Singh Chouhan, based in Harda, Madhya Pradesh, India. Full registered address is available on request via support@tridsense.comfor service of legal process. TridSense™ is a trademark of Trideep Singh Chouhan; registration is pending in India. For privacy-related questions, write to support@tridsense.com.
2. What information we collect
From the merchant (you, the Shopify store owner)
- Shop identifier and OAuth credentials. Provided by Shopify when you install the App; used to authenticate API requests against your store.
- Shop owner email. Captured from your Shopify shop record when monthly performance reports are first generated. Used solely to send you reports.
- App configuration. Milestones, campaign settings, bar design choices, A/B test configurations, and any other settings you create within the App. Stored as Shopify shop metafields and in our database. AI Assistant conversations are not stored on our servers — see Section 4 (AI Assistant) and Section 5 (Retention).
- Subscription metadata. Plan tier, billing status, and payment confirmation events received from Shopify Billing API. We never see or store payment card information.
From shoppers visiting your storefront
When the cart progress bar renders on your storefront, the App collects aggregated, anonymous event counts:
- Bar impression counts (per shop, per day, per campaign)
- Bar click counts
- Milestone-reached counts
- Upsell-add counts (if upsell is enabled)
- Deal-click counts (Plus / Pro plans)
These events are written to a per-shop, per-day, per-event-type counter table. No IP addresses, session identifiers, customer accounts, browsing history, or shopper PII is captured or stored on our servers.
Cookies set on shopper browsers
For unique-visitor counting in your dashboard analytics, the App writes a first-party cookie named _tridsense_vid to the shopper’s browser:
- Value: a randomly-generated anonymous identifier
- Lifespan: 1 year
- Scope: first-party only,
SameSite=Lax - Purpose: deduplicate impressions so analytics counts one unique visitor per browser per day. The cookie value is never sent to our servers in a way that links to a customer record.
The cookie contains no PII, no tracking pixels, and is not shared with any third party. Shoppers who clear their browser cookies will simply be counted as a new unique visitor on their next visit.
EU / UK cookie consent. Under the EU ePrivacy Directive and the UK PECR, even first-party analytics cookies set on shoppers’ browsers in those jurisdictions require the shopper’s consent. Because merchants own the storefront, the consent banner on it, and the relationship with the shopper, obtaining that consent is the merchant’s responsibility under their own privacy policy. Merchants serving EU / UK traffic should disclose the _tridsense_vid cookie in their consent banner and ensure analytics cookies are permitted before enabling the App on those markets.
3. How we use the information
- To run the App. Render the progress bar, evaluate milestone rules, apply discounts via Shopify Functions, render analytics.
- To send you performance reports. Monthly emails to your shop owner email address with KPIs, attached as PDF + CSV.
- To support you. Diagnose issues, answer support requests sent to support@tridsense.com.
- To improve the App. Aggregated event counts inform product decisions — never linked to individual shoppers.
- For the AI Chat Assistant (Pro plan). Your chat prompts are sent to OpenAI for response generation. Conversation history persists only in your browser session and is not stored on our servers. The App does not send order or customer data to OpenAI.
- To comply with law. Respond to lawful requests from courts or regulatory authorities.
Legal basis for processing (EEA / UK residents)
For individuals located in the European Economic Area or the United Kingdom, we rely on the following bases under Article 6 of the GDPR (and the corresponding provisions of the UK GDPR) for each processing purpose listed above:
| Purpose | Legal basis |
|---|---|
| Running the App on your store — rendering bars, evaluating milestone rules, applying discounts via Shopify Functions, presenting analytics | Performance of a contract (Art 6(1)(b)) — these Terms of Service constitute the contract |
| Sending monthly performance reports to the shop owner email | Legitimate interests (Art 6(1)(f)) — keeping you informed of outcomes for the features you subscribe to. You can opt out at any time from the Reports settings in the App. |
| Customer support (troubleshooting, responding to tickets) | Performance of a contract (Art 6(1)(b)), and our legitimate interests (Art 6(1)(f)) in delivering the service you have subscribed to |
| AI Assistant feature (Pro plan): processing your prompts and our analytics summary | Performance of a contract (Art 6(1)(b)) — the feature is part of the Pro plan you elected to subscribe to |
| Product improvement using aggregated, non-identifying event counts | Legitimate interests (Art 6(1)(f)) — keeping the App competitive. The counts do not identify shoppers; the balancing test favors processing. |
| Complying with tax, accounting, and other legal obligations; responding to lawful requests from courts or regulators | Legal obligation (Art 6(1)(c)) |
| Defending, establishing, or pursuing legal claims | Legitimate interests (Art 6(1)(f)) |
Where we rely on legitimate interests, you may object to that processing at any time by writing to support@tridsense.com. We will then assess whether our interests are overridden by your rights and freedoms in the specific circumstances of your request, and respond within 30 days.
4. Sharing & subprocessors
We do not sell your data. We share the minimum data necessary with the following service providers (“subprocessors”) who help us run the App:
| Subprocessor | Purpose | Data shared |
|---|---|---|
| Google Cloud Platform (Cloud Run, Cloud SQL) | Application hosting and database | All app data (encrypted at rest and in transit) |
| Google Workspace (SMTP relay) | Sending monthly report emails | Shop owner email + report HTML/PDF/CSV |
| OpenAI (Pro plan only) | AI Assistant response generation | Your AI prompts + sanitized analytics summaries |
| Shopify | The platform on which the App runs | OAuth, webhooks, billing, theme app extension assets |
We use industry-standard contracts (Data Processing Agreements) with each subprocessor. Shopify is the platform — its handling of merchant and shopper data is governed by Shopify’s own privacy policy.
Where TridSense processes personal data on your behalf as a data processor — principally your account and staff details, your support messages, and the pseudonymous storefront-analytics identifier described above — the controller-processor terms are set out in our Data Processing Addendum, which is automatically incorporated into your subscription on install and supplements these privacy commitments with the contractual provisions required by GDPR Article 28, the UK GDPR, and analogous laws.
5. Data retention
- App configuration (milestones, campaigns, design): kept for as long as the App is installed. Wiped 48 hours after uninstall via the
shop/redactShopify webhook. - Aggregated analytics events: retained for the most recent 90 days. Older rows are pruned daily.
- AI usage counters: retained for 90 days.
- AI conversation history (Pro plan): stored only in your browser’s session storage and discarded when you close the browser tab. Nothing is retained on our servers. (See Section 4 for how prompts flow to OpenAI in transit.)
- Audit logs (privacy webhook receipts and other operational events): retained for up to 30 days, matching our cloud logging provider’s default retention window.
- Support tickets: retained while the App is installed and deleted on uninstall.
6. Security
All data is transmitted over TLS 1.2+ and encrypted at rest using provider-managed keys (AES-256). Database access is restricted to authenticated app servers. We use Shopify’s OAuth token system; we never store merchant passwords. We rotate API credentials on a documented cadence. If we become aware of a security incident affecting your data, we will notify affected merchants without undue delay and within 72 hours of discovery, as required by GDPR Article 33.
Authorized personnel access. Authorized TridSense personnel may access shop data — under single sign-on with multi-factor authentication, on a least-privilege basis, and with administrative actions logged — solely for the purposes of providing support, diagnosing operational issues, responding to security incidents, and meeting the commitments described in this Policy. We do not access merchant or shopper data for any other purpose.
7. Your rights
Depending on where you and your shoppers are located, you may have the following rights over personal data we hold:
- Right to access — request a copy of your data
- Right to rectification — correct inaccurate data
- Right to erasure (“right to be forgotten”) — request deletion
- Right to restrict processing — pause our use of your data
- Right to data portability — receive a machine-readable copy
- Right to object — to specific processing activities
- Right to withdraw consent — where processing relies on consent
- Right to lodge a complaint — with your local data protection authority (e.g., the Data Protection Board of India under DPDPA, or your EU member state’s supervisory authority under GDPR)
Most rights can be exercised inside the App: open the Privacy & Data page in the admin, where you can export all data we hold for your shop or delete it on demand. For all other requests, write to support@tridsense.com. We respond within 30 days.
Shoppers who want to exercise their rights should contact the merchant whose store they visited; we don’t hold a direct relationship with shoppers and cannot identify individual shoppers in our data.
7.1 California residents (CCPA / CPRA)
If you are a California resident, in addition to the rights listed above you may have the right to know what categories of personal information we collect about you, the right to delete it, and the right to opt out of any “sale” or “sharing” of personal information. TridSense does not sell or share personal information(as those terms are defined under the CCPA and CPRA). We do not use personal information for cross-context behavioral advertising. To exercise California rights, write to support@tridsense.com. We may verify your request by matching the requester’s email against our records.
7.2 India residents (DPDPA grievance redressal)
Under India’s Digital Personal Data Protection Act, 2023, you have the right to raise a grievance with the Data Fiduciary. TridSense’s designated grievance redressal contact is support@tridsense.com. We acknowledge grievances within 7 days and respond substantively within 30 days. If you are not satisfied with our response, you may further escalate to the Data Protection Board of India.
8. International data transfers
Our infrastructure is hosted in Google Cloud Platform regions which may be located outside India or the EU. When we transfer data internationally, we rely on appropriate safeguards (Standard Contractual Clauses where applicable, and provider-level certifications such as ISO 27001 and SOC 2).
9. Children’s privacy
The App’s admin interface is intended for Shopify merchants, who must be 18 or older to operate a Shopify store. We do not knowingly collect personal data from merchants under 18. On the storefront side, the App does not collect any personally identifying information about shoppers (see Section 2), so it does not knowingly hold the personal data of children visiting your store. If you believe a minor’s personal data has nevertheless reached us, write to support@tridsense.comand we will delete it.
10. Changes to this policy
We may update this policy from time to time. The effective date at the top of the page indicates when it was last revised. Material changes will be communicated via email to your shop owner address and via an in-app banner before they take effect.
11. Contact
Questions, requests, or complaints: support@tridsense.com
Postal address: TridSense, Harda, Madhya Pradesh, India(full registered address available on request for service of legal process)