Zizr – Shopify App Privacy Policy

Last updated: 14 October 2025
Applies to: Merchants installing the Zizr Shopify app and their storefront end‑customers (“Shoppers”).

Plain‑English summary (non‑binding): Zizr helps Shoppers pick the right size and helps stores understand fit and returns. We access order, product, size and limited customer data from Shopify to run the app. We delete personal data when you uninstall or when we receive Shopify’s redaction webhooks. We may keep de‑identified/aggregated analytics to improve our algorithms and infrastructure. In some regions (e.g., the EEA/UK), certain features require consent; in California and other U.S. states you may opt out of “selling”/“sharing” and targeted advertising. Details below.

Who we are & scope
Roles: controller vs processor
Data we collect
How we use data (purposes & legal bases)
Automated decisions & profiling
Data retention
Data sharing & subprocessors
International transfers
Security
Your privacy rights
CPRA (California) disclosures
Cookies/SDKs on storefronts
Children’s data
Merchant responsibilities
Shopify-required webhooks
Changes to this policy
Contact
Annexes

Who we are & scope

Zizr AS (“Zizr”, “we”, “us”) provides a Shopify app that delivers personalized sizing, FitBack (structured post‑purchase fit/return feedback), returns analytics, and evolving infrastructure features (e.g., product data normalization, “Zizr ID”, “Findr”, and circularity enablement).

This policy explains how we process merchant store data and shopper personal data obtained via Shopify APIs and storefront integrations when our app is installed on a merchant’s store.

This document is informational and not legal advice. Merchants remain responsible for their own privacy notices toward Shoppers.

Roles: controller vs processor

We act in two capacities:

Processor / Service Provider (default): For most Shopify‑sourced personal data (orders, products, limited customer data) we process on behalf of the merchant to deliver the app’s contracted features (e.g., size recommendations, return analytics).
Independent Controller (limited, clearly framed):
- Security & fraud prevention (e.g., detecting abuse of the service).
- Product analytics & algorithm improvement using de‑identified or aggregated data that no longer reasonably identifies a person or a specific store.
- Benchmarking & infrastructure R&D (e.g., de‑identified SKU/category fit profiles, catalog standardization).

We do not commingle identifiable shopper data across merchants for any purpose. Cross‑merchant insights are produced only in aggregated/de‑identified form.

Data we collect

We request the minimum Shopify scopes necessary and may receive:

Order & transaction data: order ID(s), line items, SKU/product identifiers, brand/model/style, price, taxes, discounts, currency, quantity, fulfillment/return status, timestamps.
Customer data (limited): name, email (or hashed email), phone, shipping/billing addresses (country/region level, where required), Shopify customer ID.
Product & size data: product titles/descriptions, variant/size attributes, images/URLs, category metadata.
Behavioral/feature signals (“FitBack” & usage): size recommendations shown/selected, add‑to‑bag interactions, return reason codes, fit feedback, widget/app interactions, timestamps, device/browser metadata.
Merchant & store data: store name, domain, contact details, app configuration, subscription/billing status.

Sensitive categories: We do not seek special categories of data (e.g., health, religion). If such data are inadvertently provided (e.g., in free‑text notes), we will delete or minimize it.

How we use data (purposes & legal bases)

Below is the purpose matrix. Legal bases apply primarily to the EEA/UK (GDPR). Other regions follow equivalent grounds under local law.

Purpose	Examples	Legal basis
Core app delivery	Generating size recommendations; processing FitBack; showing product/size alternatives; returns analytics	Performance of contract (merchant), and/or legitimate interests of merchant and shoppers
Support & operations	Troubleshooting, billing, service communications	Performance of contract / legitimate interests
Security & abuse prevention	Detect, investigate, prevent fraud or misuse	Legitimate interests / legal obligation where applicable
Product improvement (de‑identified/aggregated)	Train/evaluate models, create category/SKU fit profiles, improve catalog standardization	Legitimate interests with pseudonymization/aggregation and safeguards
Benchmarking & infrastructure R&D (de‑identified)	Size/fit insights by category/brand without identifying individuals or stores	Legitimate interests with de‑identification
Marketing modules (optional)	Size‑aware segments, lifecycle messaging, ads integrations (if merchant enables)	Consent where required in EEA/UK; opt‑out rights under U.S. state laws

For optional marketing features (e.g., audience building or ad integrations), merchants must ensure valid consent in the EEA/UK and honor opt‑out choices in the U.S. Zizr provides settings to respect these signals.

Automated decisions & profiling

We use automated processing and profiling to:

Generate personalized size recommendations and product relevance scores (SKU‑level where supported).
Build pseudonymous fit profiles (e.g., “Zizr ID”) to reuse prior fit outcomes for that person across sessions on the same store.

These do not produce legal or similarly significant effects. Where required, you may object to profiling or request human review via the merchant or Zizr (see Your privacy rights).

Data retention

We retain personal data only as long as necessary for the purposes above, then delete or irreversibly de‑identify it.

While installed: We keep shop‑scoped personal data for the duration of the subscription.
Uninstall / shop redaction: When we receive Shopify’s shop/redact webhook after app uninstall, we delete or anonymize shop‑scoped personal data within 30 days.
Customer redaction: When we receive customers/redact, we delete that customer’s personal data within 30 days.
Event & log data: Security logs and operational telemetry: typically 90–180 days, unless needed to investigate incidents.
Model artifacts & analytics: We may retain aggregated/de‑identified outputs (no re‑identification) for longer to ensure model stability, benchmarking, and auditability.

Default retention targets (illustrative):

Dataset	Typical retention
Identifiable order/return records (per shop)	Lifetime of installation + up to 30 days post‑`shop/redact`
Per‑customer data	Until deleted via `customers/redact` or per merchant request
Raw event logs	90–180 days
De‑identified model features & aggregates	As needed for statistical purposes (no re‑identification)

We share personal data only with:

Subprocessors / service providers: cloud hosting, databases, analytics, logging/monitoring, support tools, email/SMS providers (for merchant‑enabled messaging). These vendors act under contract and follow security requirements.
The merchant (controller): reports, dashboards, and data needed to operate the app.
Authorities: where legally required.

We do not sell personal information. If a marketing integration could be considered “sharing” for cross‑context behavioral advertising under CPRA, we provide the required opt‑out mechanisms and honor signals (including Global Privacy Control).

Subprocessor list availability: Our current subprocessor list is provided in Annex B and is available on request from privacy@zizr.com.
Data Processing Addendum (DPA): Available on request from privacy@zizr.com.

International transfers

If we transfer personal data outside your region (e.g., EEA/UK to other countries), we use appropriate safeguards such as the EU Standard Contractual Clauses and the UK IDTA/Addendum, plus transfer impact assessments and technical/organizational measures (encryption, access controls). Details are available in our DPA (on request).

Security

We implement administrative, technical and organizational safeguards, including:

Encryption in transit and at rest
Network segregation and least‑privilege access
Pseudonymization (e.g., hashing of identifiers) where feasible
Vulnerability management and logging/monitoring
Employee confidentiality and training
Vendor due diligence and contractual controls

No method is 100% secure; we maintain and improve controls consistent with industry practices.

Your privacy rights

Depending on your location, you may have the right to access, correct, delete, object to or restrict processing, port your data, and not be subject to certain automated decisions.

Shopify stores: We honor rights via Shopify’s GDPR webhooks: customers/data_request, customers/redact, and shop/redact.
Direct requests to Zizr: Contact us (see Contact). We will coordinate with the merchant (controller) as needed.

If you are in the EEA/UK, you can also complain to your local data protection authority. In Norway, that is Datatilsynet.

CPRA (California) disclosures

For California residents:

We process the categories of personal information described in Data we collect for the purposes in How we use data.
We do not sell personal information. If any optional feature constitutes “sharing” for cross‑context behavioral advertising, you can opt out via the Privacy Options provided in the Zizr widget (where enabled) or by emailing privacy@zizr.com with the subject line “CPRA Opt‑Out”. We honor Global Privacy Control (GPC) signals.
You may request access, deletion, correction, and to limit use/disclosure of sensitive personal information (if any). See Your privacy rights.

Cookies/SDKs on storefronts

If the merchant enables Zizr widgets or SDKs on the storefront, we may set strictly necessary cookies (e.g., to maintain session or preference) and, if configured, analytics/marketing cookies or local storage for measurement and features.

In the EEA/UK, merchants must present a compliant consent mechanism (CMP) before non‑essential cookies fire.
We provide configuration options to respect consent frameworks and regional requirements.

A cookie/SDK inventory template is provided in Annex C. Merchants should tailor Annex C to their implementation.

Children’s data

Our services are not directed to children under 13 (or applicable local age). We process purchaser/guardian data. If we learn that we have collected children’s data, we will delete it.

Merchant responsibilities

Provide a clear storefront privacy notice explaining use of Zizr and the data shared with us.
Obtain and manage consents/opt‑outs where required (e.g., EEA/UK cookies; CPRA opt‑outs).
Configure Zizr features in line with your legal basis (e.g., marketing modules only where you have consent/opt‑out controls).
Notify us of data subject requests or legal holds where relevant.

Shopify-required webhooks

We subscribe to and honor the following Shopify privacy webhooks:

customers/data_request – Provide customer data to the merchant
customers/redact – Delete a single customer’s personal data
shop/redact – Delete shop‑scoped personal data after uninstall

Operational targets: within 30 days of receipt (or faster where required). We also delete test stores and development data periodically.

Changes to this policy

We may update this policy to reflect operational, legal, or regulatory changes. We will post updates here with a revised “Last updated” date. Material changes will be communicated via in‑app notice or email to merchant admins.

Contact

Zizr AS
Attn: Privacy
Dronningens gate 38, 7011 Trondheim
Email: contact@zizr.com
If applicable: Data Protection Officer (DPO): contact@zizr.com
Supervisory authority (EEA/UK): You may contact your local authority. In Norway: Datatilsynet.