Arktic
Arktic

Privacy Policy

Last updated: May 2026

Overview

Arktic ("we", "our", or "the app") is a Shopify app that enables merchants to run A/B experiments on their storefronts. This policy explains what data we collect, how we use it, and your rights regarding that data.

Data we collect

We collect the following data to operate the app:

  • Merchant data: Your Shopify shop domain, access token (to call the Shopify Admin API), store currency, timezone, and installation date.
  • Storefront visitor data: Anonymous visitor tokens (first-party cookies), device type, country, UTM parameters, referrer URL, and page URLs. We do not collect names, email addresses, or any personally identifiable information from storefront visitors.
  • Order data: Order IDs, revenue amounts, and currency — matched to visitor tokens via cart attributes to measure experiment revenue impact.
  • Event data: Page views, add-to-cart events, checkout events, and purchase events — linked to anonymous visitor tokens and experiment variants.

How we use data

  • To assign storefront visitors to experiment variants and track their journey
  • To compute statistical results (conversion rates, revenue per visitor, p-values) for each experiment
  • To display analytics in the merchant dashboard
  • To sync experiment configuration to your Shopify storefront via metafields
We do not sell your data or use it for advertising.

Data storage and security

All data is stored in a PostgreSQL database hosted on Railway (EU/US infrastructure). Data is encrypted in transit (TLS) and at rest. Shopify access tokens are stored securely and used only to call the Shopify Admin API on your behalf.

Third-party services

  • Shopify: We use the Shopify Admin API and Billing API. Shopify's privacy policy applies to data processed through their platform.
  • Google Analytics (optional): If you connect a GA4 property, we store an OAuth refresh token to read analytics data on your behalf. This token is scoped to Google Analytics only. You can disconnect at any time from the Settings page.
  • Railway: Our hosting provider. Processes data according to their privacy policy.

Storefront visitor data

Visitor tokens are anonymous — they are randomly generated identifiers stored in first-party cookies. We do not link visitor tokens to personal identities. Visitor data is associated with your shop and used only to compute experiment results for your store. Visitors can clear this data by clearing their browser cookies.

Data retention

Experiment data (events, results, visitor records) is retained for the lifetime of your account. When you uninstall the app, your data is retained for 30 days and then permanently deleted, unless you request earlier deletion.

Merchant rights

As a merchant, you may:
  • Request a copy of all data we hold about your store
  • Request deletion of your store's data at any time
  • Disconnect third-party integrations (e.g. Google Analytics) from the Settings page
To exercise these rights, contact us at info@arkticstudio.com.

GDPR and data processing

For merchants operating in the EU or serving EU customers, we act as a data processor on your behalf. Storefront visitor data is collected under your store's privacy policy and consent mechanisms. We recommend ensuring your store's cookie consent banner covers analytics cookies set by Arktic (spt_vid, spt_asgn).

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the app dashboard. Continued use of the app after changes constitutes acceptance.

Contact

For privacy questions or data requests, contact us at info@arkticstudio.com.