Privacy Policy

VitalityNode Pet Connector
Last updated: May 25, 2026

1. Introduction

VitalityNode Pet Connector ("we", "our", or "the App") is a Shopify application that helps merchants connect Pet metaobjects with Customer profiles using metafields. We are committed to protecting your privacy and complying with all applicable data protection laws, including GDPR.

2. Data We Collect

Our app collects and processes minimal data necessary for its operation:

• Shop Information: Your Shopify store domain and shop ID
• Customer References: Customer IDs (numeric identifiers only)
• Customer Email Addresses: For Klaviyo email marketing integration (optional feature)
• Pet Metaobject References: Global IDs (GIDs) of Pet metaobjects
• Pet Metaobject Data: Pet names, species, breeds, birthdays (for Klaviyo integration only)
• Metafield Data: The custom.pet_list metafield values
• Klaviyo API Key: If you enable Klaviyo integration (stored encrypted)

3. Data We DO NOT Collect

We explicitly DO NOT collect or store:

• Customer personal information (names, phone numbers, addresses) - except email for Klaviyo integration
• Pet photos or health records
• Payment information
• Order data
• Any sensitive personal information beyond what's listed in section 2

Important: Customer emails and pet data are only collected when you enable Klaviyo integration. All data remains in your Shopify store and is controlled by you. We only sync data to Klaviyo when explicitly authorized.

4. How We Use Your Data

We use the collected data solely for:

• Synchronization: Linking Pet metaobjects with Customer profiles via the custom.pet_list metafield
• Webhooks: Automatically updating metafield references when Pets are created, updated, or deleted
• Analytics: Displaying dashboard statistics about pet profile completion rates
• App Authentication: Maintaining secure session data in our database
• Klaviyo Integration (Optional): When you enable Klaviyo integration, we use customer emails and pet data to:
  • Synchronize Profile Properties (pet names, species, breeds) to Klaviyo
  • Create and manage Birthday Events for pet birthday campaigns
  • Update customer segments based on pet ownership

5. Data Storage

In Our Database:

• Shop authentication sessions
• Synchronization status flags (initialSyncCompleted, initialSyncDate)

In Your Shopify Store:

• All Pet metaobject data (owned by the Pet Profiles app)
• The custom.pet_list metafield containing GID references

Data Encryption: All data transmitted between your store and our app is encrypted using HTTPS/TLS.

6. Data Sharing

We DO NOT sell or rent your data to third parties.

Klaviyo Integration (Optional): When you explicitly enable Klaviyo integration, we share customer email addresses and pet data (names, species, breeds, birthdays) with Klaviyo for email marketing purposes. This sharing:

• Only occurs when you enable the integration and provide your Klaviyo API key
• Is controlled entirely by you (you can disable it at any time)
• Is subject to Klaviyo's own privacy policy: https://www.klaviyo.com/legal/privacy
• Is necessary for pet birthday email campaigns and customer segmentation

Klaviyo Profile Safety: Our app follows a "Safe Coexistence" principle with the official Klaviyo app:

• We only add custom properties with the vn_* prefix (namespaced)
• We only send custom events for pet birthdays
• We NEVER modify or delete standard Klaviyo profile fields (name, phone, address, etc.)
• We NEVER delete customer profiles in Klaviyo
• Full compatibility with the official Klaviyo app - both can work in parallel

All other data is only used internally for the app's functionality and is not shared with third parties.

7. Your Rights (GDPR Compliance)

We fully comply with GDPR and provide the following data rights:

• Right to Access: Request a copy of your data via the customers/data_request webhook
• Right to Erasure: Request deletion of your data via the customers/redact webhook
• Right to Rectification: Update your data through the Shopify Admin
• Right to Restriction: Uninstall the app to stop data processing

When a customer requests data deletion (GDPR "right to be forgotten"), we:

1. Clear the customer's custom.pet_list metafield (set to empty array)
2. Remove any session data from our database
3. Do NOT delete Pet metaobjects (they are owned by the Pet Profiles app and the merchant)

8. Data Retention

We retain data only as long as necessary:

• Session Data: Retained while the app is installed; automatically deleted when the app is uninstalled via shop/redact webhook
• Metafield References: Stored in your Shopify store; you control the retention period
• Logs: Application logs are retained for 30 days for debugging purposes

9. Data Security

We implement industry-standard security measures:

• HTTPS/TLS encryption for all data transmission
• OAuth 2.0 authentication for Shopify API access
• Secure database storage with access controls
• Regular security updates and monitoring

10. Children's Privacy

Our app does not knowingly collect data from individuals under 16 years of age. The app is designed for use by Shopify merchants only.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Significant changes will be communicated via email to app administrators.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Email: info@vitalitynode.com
App Name: VitalityNode Pet Connector
Developer: VitalityNode

For Shopify App Review

Protected Customer Data Access:

• We request read_customers and write_customers scopes
• Purpose: To write GID references to the custom.pet_list metafield
• We request read_customer_email scope (optional feature)
• Purpose: To synchronize customer emails with Klaviyo email marketing platform for pet birthday campaigns
• Email access is ONLY used when merchant explicitly enables Klaviyo integration
• For core app functionality (pet-customer linking), we only use Customer ID to identify which metafield to update
• We DO NOT access other protected customer fields (name, phone, address) except email for Klaviyo integration
• GDPR webhooks are fully implemented: customers/data_request, customers/redact, shop/redact

Note: This privacy policy is compliant with GDPR, CCPA, and Shopify's App Store requirements for Protected Customer Data access.