SegmentOS Legal

Privacy Policy

Last Updated: March 2026

1. Introduction

SegmentOS ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application for customer segmentation and tagging.

By using SegmentOS, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Merchant Data

  • Shop domain and name
  • Contact email address
  • Subscription and billing information
  • OAuth access tokens (encrypted and securely stored)

2.2 Customer Data

  • Email address (from orders only)
  • Name (from orders only)
  • Order numbers and purchase history

2.3 Segmentation and Activity Data

  • Computed customer features based on order and refund history
  • Core and semantic segment tag assignments
  • Tag change audit logs (before/after snapshots and timestamps)

2.4 Operational Data

  • Job and queue processing metadata for background tasks
  • Application logs needed to monitor reliability and security
  • Sync status and timestamps for Shopify tag updates
  • Usage telemetry to improve app performance

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Segmentation and Tagging: To compute customer segments and manage tag synchronization with Shopify
  • Analytics: To provide merchants with customer behavior and segment-level insights
  • Customer Support: To respond to inquiries and resolve issues
  • Service Improvement: To enhance and optimize the SegmentOS application
  • Security: To detect and prevent fraudulent or unauthorized access

4. Data Storage and Security

4.1 Storage Infrastructure

  • Application Data: Stored in managed PostgreSQL with encryption at rest
  • Database: PostgreSQL with encryption at rest and in transit
  • Backups: Encrypted backups with limited retention
  • Data Centers: Managed by our infrastructure providers across supported regions

4.2 Security Measures

  • Encryption at rest and in transit (TLS/SSL)
  • Encrypted data backups
  • Separate test and production environments
  • Limited staff access with role-based permissions
  • Strong password requirements for all accounts
  • Data loss prevention strategy and regular backups
  • Security incident response policy

5. Data Sharing and Third Parties

We do not sell your personal information to third parties.

5.1 Service Providers (Sub-Processors)

We share data with the following service providers to operate our service:

  • Shopify: E-commerce platform and API provider
  • OpenAI (optional): Semantic tagging inference
  • Redis Hosting: Queue and background job infrastructure
  • PostgreSQL Hosting: Database infrastructure

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

6. Data Retention

  • Active Merchants: Data retained for the duration of your subscription
  • Uninstalled Apps: Shop data deleted within 48 hours of app uninstallation
  • Analytics Data: Operational analytics retained for a limited period based on business and security needs
  • Backups: Encrypted backups retained for 30 days
  • Customer Data: Linked to orders and deleted when orders are deleted

For more details, see our Data Retention Policy.

7. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at vellir.tech@gmail.com.

8. Cookies and Tracking

SegmentOS uses minimal cookies for essential functionality only:

  • Session Cookies: Required for authentication and app functionality

We do not use advertising cookies or third-party tracking scripts.

9. Children's Privacy

SegmentOS is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us immediately.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

You are advised to review this Privacy Policy periodically for any changes. Changes are effective immediately upon posting.

12. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Company: SegmentOS

Address: 104 William St, Five Dock, NSW, Australia

Email: vellir.tech@gmail.com