TrackPanda ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.
Information We Collect
1. Store Information
When you install TrackPanda, we collect:
Store domain and contact information
Order data (amounts, products, quantities)
Product and variant information including cost of goods
Store currency and exchange rates
2. Meta (Facebook) Integration
When you connect your Meta account, we collect:
Ad account information and access tokens
Campaign, ad set, and ad performance data
Ad spend and metrics information
3. Google Ads Integration
When you connect your Google Ads account, we access the following Google user data via the Google Ads API:
Google Ads account identifiers (customer IDs and account names)
Campaign, ad group, and ad performance metrics (impressions, clicks, cost/spend, conversions, and conversion values)
Campaign and ad group names, statuses, and IDs
OAuth access tokens and refresh tokens required to maintain the connection
How we use Google Ads data:
To display advertising performance metrics (spend, clicks, impressions, CPC, CPM, CTR) on your dashboard
To calculate return on ad spend (ROAS) and profitability by combining Google Ads spend data with your Shopify order revenue and cost of goods
To attribute specific orders to Google Ads campaigns, ad groups, and individual ads
How we store Google Ads data:
OAuth tokens (access and refresh tokens) are stored securely in our PostgreSQL database, encrypted at rest, and are used solely to authenticate API requests on your behalf
Campaign performance metrics are fetched in real-time from the Google Ads API when you load your dashboard — we do not permanently store campaign performance data
Your selected ad account preference is stored in our database to remember your selection between sessions
How we share Google Ads data:
We do not sell, rent, or share your Google Ads data with any third parties
We do not use your Google Ads data for advertising, marketing, or any purpose other than providing you with the TrackPanda analytics service
Google Ads data is only accessible to you (the authenticated store owner) within your TrackPanda dashboard
TrackPanda's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google Ads data to provide and improve the user-facing features that are visible to you in the TrackPanda application.
4. Attribution Data
Our web pixel collects:
UTM parameters from ad clicks (stored client-side)
Order completion events
Ad attribution data linking orders to specific ads
How We Use Your Information
We use the information we collect to:
Calculate profit metrics and return on ad spend (ROAS)
Track which advertisements drive sales
Provide analytics dashboards and reports
Manage your subscription and billing
Communicate with you about the service
Improve and optimize our application
Data Storage and Security
Your data is stored securely in PostgreSQL databases hosted on secure infrastructure. We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.
All data transmission between your store and our servers uses HTTPS encryption. Access tokens for Meta and Google Ads integrations are stored securely and used only to fetch advertising data on your behalf.
Data Sharing and Disclosure
We do not sell your data to third parties.
We may share your information only in the following circumstances:
Service Providers: We use third-party services including Shopify, Meta Graph API, Google Ads API, and hosting providers to operate our service.
Legal Requirements: We may disclose your information if required by law or in response to valid legal requests.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.
Your Rights (GDPR Compliance)
If you are in the European Economic Area, you have the following rights:
Right to Access: Request a copy of your personal data we hold.
Right to Rectification: Request correction of inaccurate data.
Right to Erasure: Request deletion of your personal data.
Right to Data Portability: Request transfer of your data to another service.
Right to Object: Object to our processing of your data.
To exercise these rights, please contact us or uninstall the app from your Shopify store. When you uninstall TrackPanda, all your data will be deleted within 48 hours.
Data Retention
We retain your data for as long as you use our service. When you uninstall TrackPanda:
Your session data is deleted immediately
All store data, purchases, and settings are permanently deleted within 48 hours
Meta and Google Ads integration tokens are immediately revoked and deleted
You may also request immediate data deletion by contacting us directly.
Cookies and Tracking
Our web pixel uses browser localStorage to temporarily store ad attribution data (ad IDs from UTM parameters). This data is stored client-side on your customers' browsers and is only sent to our servers when a purchase is completed.
We do not use cookies for tracking user behavior across websites.
Third-Party Services
TrackPanda integrates with the following third-party services:
Hosting Provider: For secure data storage and processing
Each of these services has its own privacy policy governing their use of your information.
Children's Privacy
TrackPanda is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child, please contact us immediately.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
Continued use of TrackPanda after changes constitutes acceptance of the updated Privacy Policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: