Intastellar Consents for ShopifyApp privacy

Intastellar Consents — App Privacy Policy

Last updated 24 June 2026 · Intastellar Solutions, International

Supplemental document. This policy applies specifically to the Intastellar Consents Shopify app. Public pages and install are at consentsplatform.com; the embedded Shopify admin runs at app.consentsmanagement.com. It supplements — and does not replace — Intastellar Solutions, International's general legal documents linked at the bottom of this page.

1. Who this applies to

This App Privacy Policy describes how Intastellar Solutions, International ("we", "us") processes personal data when you use the Intastellar Consents application for Shopify merchants (the "App"), including our public landing page, OAuth install flow, embedded Shopify admin, and related services at consentsplatform.com and app.consentsmanagement.com.

For how Intastellar Solutions, International processes data across its websites, consent platform, accounts, and other products, see the general Privacy & cookie policy. Where storefront visitors interact with your cookie banner, the Data Processing Agreement (DPA) describes processor obligations for consent-related processing.

2. Roles: merchant, Intastellar Consents, and Shopify

  • You (the merchant) are typically the data controller for personal data relating to your storefront visitors and customers, including cookie/consent choices on your shop.
  • Intastellar Solutions, International provides the App (Intastellar Consents) and, when the banner is enabled, consent management technology. For consent logs and banner analytics, Intastellar Solutions, International generally acts as a processor on your instructions — see the general DPA.
  • Shopify hosts your store and provides the Customer Privacy API and admin tools. Shopify's own privacy terms apply to Shopify's processing.

3. Data we process through the App

The App is designed to store merchant configuration and minimal operational data needed to run the integration. We do not use the App database to store your customers' consent records as identifiable end-user profiles.

3.1 Shopify admin / install (merchants & staff)

When you install or use the App in Shopify admin, we may process:

  • Shop domain and shop name
  • OAuth session data (access tokens and related session metadata required to operate the App)
  • Optional Shopify staff profile fields exposed during OAuth (such as name, email, locale) when available from Shopify
  • Banner configuration you save in the App (for example company name, colours, policy URL, cookie categories, language, and related window.INTA settings), stored as app installation metafields on Shopify
  • Theme/branding assets we read via Shopify Admin API scopes to help pre-fill logo or brand colour (checkout branding, theme files) — scopes: read_checkout_branding_settings, read_files, read_themes

3.2 Demo / pilot signup (landing page)

If you request a free demo store from our landing page, we collect:

  • Work email address
  • Requested store name
  • Information about your current cookie banner (CMP)
  • Provisioning status and associated Shopify development store domain

With your consent as described on the form, we may also register your email with Intastellar Accounts (intastellaraccounts.com) so you can access the Intastellar Consents Platform later. That account system is governed by the general privacy policy of Intastellar Solutions, International and account terms in addition to this document.

3.3 Storefront visitors (your customers)

When you enable the theme app embed, the Intastellar Consents consent script (uc.js) loads on your storefront. Consent decisions and related technical metadata are handled under Intastellar Consents Platform rules described in the general privacy policy (including EU/EEA storage of consent logs). The App itself does not persist customer PII in our application database.

We respond to Shopify mandatory compliance webhooks (customers/data_request, customers/redact, shop/redact). For customer data requests and redactions relating to data stored by this App's backend, we generally have no customer-level records to export; banner configuration is removed when the app is uninstalled or upon shop redaction as applicable.

4. Purposes and legal bases (GDPR)

  • Provide the App — install, authenticate, save settings, inject configuration to your theme (contract / legitimate interest).
  • Demo provisioning — create development stores and contact you about readiness (contract / consent where required).
  • Security & compliance — operate webhooks, prevent abuse, meet legal obligations (legitimate interest / legal obligation).
  • Improve the product — aggregated, non-customer operational logs (legitimate interest).

5. Recipients and subprocessors

We use service providers necessary to operate the App, including:

  • Shopify — commerce platform, OAuth, APIs, webhooks
  • Vercel — application hosting for consentsplatform.com and app.consentsmanagement.com
  • Database hosting — session and pilot-lead storage (PostgreSQL as configured for this app)
  • Intastellar Consents CDN — delivery of uc.js and consent services
  • Intastellar Accounts — optional account registration from demo signup

International transfers, where applicable, are handled under safeguards described in the general privacy policy.

6. Retention

  • OAuth sessions — until uninstall, expiry, or shop redaction webhook processing
  • Pilot / demo leads — for operational and support purposes, then deleted or anonymised according to internal retention schedules
  • Banner configuration — stored on Shopify app installation metafields until you delete them or uninstall the App
  • Consent logs — retention per general Intastellar Consents Platform policy and your Platform plan

7. Your rights

Depending on applicable law, you may have rights of access, rectification, erasure, restriction, portability, and objection. Merchants can contact us at privacy@intastellar.com. Storefront visitors should contact you as controller in the first instance; we assist merchants as processor where applicable under the DPA.

8. Changes

We may update this App Privacy Policy from time to time. The "Last updated" date at the top indicates the current version. Material changes may be communicated through the App or by email where appropriate.

This document was last reviewed on 24 June 2026. It is not legal advice; merchants should ensure their own compliance programme meets applicable laws.

Related legal documents