Privacy Policy
Last updated: April 15, 2026
Meta CAPI Sync ("we", "our", or "the App") is a Shopify application that sends purchase event data from your Shopify store to Meta (Facebook) Conversions API. This privacy policy explains what data we collect, how we use it, and your rights regarding that data.
1. Data We Collect
When you install and use Meta CAPI Sync, we access and process the following data:
- Store information: Your Shopify store domain and authentication session data, used to identify your store and maintain your login.
- Order data: Order ID, order number, total price, currency, and customer details (email, phone, name, address) from completed orders. This data is received via Shopify webhooks.
- Meta credentials: Your Meta Pixel ID, Conversions API access token, and optional test event code. These are stored securely to send events on your behalf.
- Event logs: We log each event sent to Meta, including order ID, event value, status (sent/failed), and any error messages. These logs are used for your dashboard and troubleshooting.
2. How We Use Your Data
We use your data exclusively to provide the service you installed the App for:
- Sending events to Meta: Customer data from orders (email, phone, name, city, state, zip, country) is hashed using SHA-256 before being sent to Meta Conversions API. Meta requires this hashing for privacy compliance.
- Displaying your dashboard: Event logs are used to show you event counts, statuses, and recent activity within the App.
- Billing: We record the number of events sent to calculate usage-based charges through Shopify's billing system.
3. Data Sharing
We share data only with:
- Meta (Facebook): Hashed customer data and purchase event details are sent to Meta Conversions API as configured by you. This is the core function of the App.
- Shopify: Billing usage data is shared with Shopify to process your subscription charges.
We do not sell, rent, or share your data with any other third parties.
4. Data Storage and Security
- Your Meta access token is stored in our database. We recommend using a token with minimal required permissions.
- All data is transmitted over HTTPS/TLS encryption.
- Our application is hosted on DigitalOcean with a managed PostgreSQL database.
- Customer data from orders is hashed before transmission to Meta and is not stored in plain text in event logs.
5. Data Retention
- Event logs: Stored indefinitely for your reference. You can request deletion at any time.
- Store settings: Retained while the App is installed. Deleted when you uninstall the App.
- Session data: Managed by Shopify's session system and cleared on uninstall.
6. Your Rights
You have the right to:
- Access the data we store about your shop via the App dashboard.
- Disable tracking at any time by turning off the tracking toggle in Settings.
- Delete your data by uninstalling the App. All shop settings and session data are removed on uninstall.
- Request data export or deletion by contacting us at the email below.
7. GDPR and CCPA Compliance
Customer personal data (email, phone, name, address) is hashed using SHA-256 before being sent to Meta. We act as a data processor on your behalf. You, as the store owner, are the data controller and are responsible for ensuring your customers are informed about data sharing with Meta through your own privacy policy.
8. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. Continued use of the App after changes constitutes acceptance of the updated policy.
9. Contact
If you have questions about this privacy policy or your data, contact us at: [email protected]