Signal CRO — Shopify App
Last updated: March 2026
Signal CRO ("we", "our", or "the app") is a Shopify app that helps merchants understand and improve their store's conversion rate. This policy explains what data we collect, how we use it, and your rights regarding that data.
By installing Signal CRO, you agree to the practices described in this policy.
When a visitor browses your store, our web pixel collects anonymous behavioural events including:
We do not collect visitor names, email addresses, IP addresses, or any other personally identifiable information through the pixel. Session identifiers are random strings with no link to individual identity.
We store order metadata from your Shopify store including order totals, product line items, currency, fulfilment status, and order creation dates. We use an internal customer identifier (Shopify's numeric customer ID) to detect repeat purchase patterns — we do not store customer names, emails, or addresses.
We store product titles, types, prices, image counts, tags, and review counts to power product-level recommendations.
We store your Shopify store domain, access token (for API calls), plan tier, currency, and timezone. This is necessary to operate the app.
We do not sell your data, use it for advertising, or share it with third parties except as described below.
We use the Anthropic Claude API to generate the written detail and action plans for CRO recommendations. When generating a recommendation, we send anonymised metric data (conversion rates, funnel numbers, product names and prices) to Anthropic's API.
We do not send any customer personal data, visitor identifiers, or order-level data to Anthropic. Only aggregated metrics and product catalogue information are included.
Anthropic's privacy policy is available at anthropic.com/privacy.
Your store data is stored in a PostgreSQL database hosted on Supabase. Supabase is SOC 2 Type II certified and stores data in the United States. Their privacy policy is at supabase.com/privacy.
The Signal CRO application server is hosted on Railway. Application logs may contain store domain names and anonymised event metadata. Railway's privacy policy is at railway.com/legal/privacy.
Signal CRO is compliant with the General Data Protection Regulation (GDPR) and Shopify's mandatory privacy requirements:
As a Shopify merchant using Signal CRO, you have the right to:
We take reasonable technical and organisational measures to protect your data:
We may update this policy as the app evolves. Material changes will be communicated via the Shopify admin notification system. Continued use of the app after changes constitutes acceptance of the updated policy.
For privacy-related questions, data requests, or concerns, contact us at: privacy@signal-cro.com