English

Privacy Policy & Terms of Service

This Privacy Policy & Terms of Service document describes how personal information is collected, used, and shared when you install or use the Consentmo app (iSense LLC d/b/a Consentmo) on a Shopify-supported store.

Personal Data

When you install any of our apps, we are automatically able to access certain types of information from your Shopify account. The full list available through Shopify can be seen here. This is visible in the setup process and can be reviewed before finishing the install.
We will store your *.myshopify.com domain as well as the email associated with your store. This is only to provide you with better customer support and is kept strictly confidential from third parties.

Understanding Our Role

Consentmo is not a lawyer or a law firm and does not engage in the practice of law or provide legal representation. Our Consentmo app is provided as a tool that will serve you in your GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/LGPD/APPI compliance needs. The app itself is not intended to substitute professional legal advice. You can use it as a tool that will provide you the basis for being compliant (Cookie Bar, Preferences popup, Compliance Pages, Cookie and Data management) and adjust it as per your local needs. The use of our app is subject to our Privacy Policy & Terms of Service. By using our app, you expressly acknowledge that you have read the Privacy Policy & Terms of Service page and agree to its content.

Data Collection and Usage

We have access only to the information that is given to us voluntarily via e-mail, live chat or from direct contact with our customers. We confirm that this information won’t be sold to any third-party organizations.
This information will only be used in responding to our customer’s requests, regarding the various reasons they have contacted us about. This also applies to the store client’s requests submitted through the pre-generated Compliance pages by our app.
From January 2021, all data that is stored on our end for GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/LGPD/APPI acceptances and the GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/LGPD/APPI requests (all kinds of information that can be requested through the app) will be deleted after 12 months. Meaning that, after this period is over, we will no longer keep any data for these respective website visitors/customers associated with the respective merchants/store owners.
In the event you decide to uninstall the app, we will retain the Policy Acceptance records for your store for a period of 3 months to ensure continuity of service and compliance with your preferences. This information can be readily restored should you decide to reinstall the app at a later time.
We may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy unless you specifically request to be excluded from this list. It is your right to do that too.
The service uses Google Analytics to improve the functionality and the experience for you. You may opt-out of Google Analytics by using the Opt-out Browser add-on, which is available by visiting Google Analytics Opt-out Browser Add-on, to enable you to opt-out of Google’s programs.
We do not use other analytics or tracking cookies on our website.

Use of Artificial Intelligence (AI)

We incorporate Artificial Intelligence (AI) technologies into certain features of our services to enhance functionality and user experience. Below is a detailed description of how and where AI is utilized:
1. AI-Powered Chatbot in Customer Support
As part of our customer support services provided through the Crisp platform, we use an AI-powered chatbot powered by ENUM to assist with common inquiries and provide timely responses. Here are important details about this service:
  • Interaction with AI: When you engage with our support chat, you may be interacting with an AI system designed to understand and respond to your queries efficiently.
  • Data Processing: The AI chatbot processes the information you provide during the chat to generate appropriate responses. This may include personal data such as your name, email address, or any other information you choose to share. The data is used solely for the purpose of assisting you and improving our services.
  • Option to Speak with a Human: If you prefer to communicate directly with a human representative, you may request this at any time during your interaction. Our support team is always available to assist you personally.
  • Third-Party Services: Our AI chatbot is powered by ENUM and provided through the Crisp platform. Both ENUM and Crisp adhere to strict data protection standards. For more information on how they handle data, please refer to their privacy policies:
    ENUM's Privacy Policy
    Crisp's Privacy Policy
2. AI for Cookie Categorization in Cookie Scanner
Our app includes a cookie scanner feature that employs AI algorithms to automatically identify and categorize cookies used on your website. This aids in providing accurate cookie information for compliance purposes. Key points include:
  • Functionality: The AI system analyzes data related to cookies detected on your website to classify them into appropriate categories (e.g., essential, analytics, marketing).
  • No Personal Data Processing: This process does not involve processing or storing any personal data of your website visitors. The AI focuses solely on cookie data for categorization purposes, ensuring privacy is maintained.
3. Compliance with EU AI Act
We are committed to ensuring that our use of AI technologies complies with the EU AI Act and other relevant regulations. This includes:
а. Risk Assessment and Mitigation
    • AI System Risk Classification: We assess our AI systems to ensure they are classified as minimal or low risk under the EU AI Act guidelines. Our current AI implementations are considered to pose minimal risk to users.
    • Mitigation Measures: We have implemented measures to mitigate any potential risks associated with our AI systems, including regular audits, system evaluations, and adherence to ethical AI practices.
    b. Human Oversight
    • Human-in-the-Loop: While our AI systems enhance efficiency, human oversight is maintained to monitor AI outputs. In customer support interactions, human representatives are available upon request to assist you directly.
    • Decision-Making: No significant decisions affecting your rights or interests are made solely by automated means. Human intervention is available to review and adjust AI-generated outcomes as necessary.
    c. Fairness and Non-Discrimination
    • Bias Prevention: We take proactive steps to prevent and mitigate biases in our AI systems. This includes regular reviews of training data and algorithms to ensure fairness and non-discrimination.
    • Inclusive Design: Our AI technologies are designed with inclusivity in mind to serve all users effectively and equitably.
    d. Data Governance and Quality
    • Data Management: The data used to train and operate our AI systems is carefully managed to ensure accuracy, relevance, and compliance with data protection laws.
    • Data Minimization: We adhere to the principle of data minimization, ensuring that only data necessary for the intended AI functions is processed.
    e. Your Rights Regarding Automated Decision-Making
    • Right to Object: You have the right to object to decisions made by our AI systems and request human intervention.
    • Right to Information: You can request information about the logic involved in the AI processes and the significance and envisaged consequences of such processing for you.
    f. Transparency in Automated Processes
    • Clarity on AI Use: We clearly indicate when you are interacting with an AI system, especially in customer support scenarios.
    • Explanation of AI Functions: Detailed explanations of how our AI systems function and for what purposes they are used are provided in this Privacy Policy.
    g. Security and Reliability of AI Systems
    • Technical Measures: We implement robust security measures to protect against unauthorized access, alteration, disclosure, or destruction of data processed by our AI systems.
    • System Monitoring: Continuous monitoring and testing are conducted to maintain the reliability and performance of our AI technologies.
    h. Third-Party AI Providers
    • Due Diligence: We conduct thorough due diligence on third-party AI providers like ENUM and Crisp to ensure their compliance with applicable laws, including the EU AI Act.
    • Accountability: While we utilize third-party services, we remain accountable for the protection of your data and the compliance of AI systems used in our services.
    i. Continuous Compliance and Updates
    • Regulatory Monitoring: We stay informed about changes in AI regulations and update our practices accordingly to maintain compliance.
    • Policy Updates: Any significant changes to our use of AI technologies will be reflected promptly in this Privacy Policy.
    4. Your Rights and Choices
    • Right to Be Informed: You have the right to be informed when you are interacting with an AI system. We ensure transparency in our AI interactions as outlined above.
    • Data Protection: Any personal data processed by our AI systems is handled in accordance with our data protection policies and applicable data protection laws, including GDPR.
    • Opting Out: If you have concerns about interacting with AI systems or wish to opt out, please contact us at support@consentmo.com, and we will accommodate your preferences where possible.
    Transparency and Commitment
    We are dedicated to maintaining transparency regarding our use of AI technologies. Our goal is to enhance your experience while ensuring your data is protected and your rights are respected. We adhere strictly to the EU AI Act, GDPR, and other relevant regulations to provide you with safe, reliable, and ethical AI services.

    Data Processing

    We use Shopify API calls when we get information for customers, so a data processing agreement for our app is the same as the one for Shopify itself. Additionally, you can check out our app's Data Processing Addendum document. By using our Consentmo app, you agree to all the terms and conditions of this Data Processing Addendum and Terms of Use.
    Additionally, you can check what we are collecting here: Data Collection and Usage part. Unlike other apps, we are actually not collecting any personal information, such as names, addresses, etc. All this information is stored in Shopify, we do not have access to it. What we do collect, is only the email of the customer, and this is only if he/she makes a GDPR request, otherwise, we do not have it. Having the email when a GDPR, or any other, request is made is required because this is the only way we can track which request was made by this specific user. As for the IPs, they are masked for the Shopify merchants and are visible only for the visitors themselves (if they make a GDPR request). Unfortunately, due to limitations in Shopify, the only personal data that we store (emails and IP), cannot be saved inside of Shopify. No app is able to do that, not just GDPR apps, but apps in general. That is why we have added this Data collection text here in the preferences popup as well as here in the Compliance pages upon submitting a request. For more information, please check this FAQ question

    Cookie Information

    Our app is setting two cookies on your store, in order for the app to function properly.
    Here is a brief explanation for these cookies:

    Cookie name: cookieconsent_status

    This cookie will be set as soon as one of the Accept or Close buttons is pressed. It holds information about which exact button is pressed. Here is a list of all of the available options for the cookie's contents:
    • dismiss - When the 'Close' button is pressed
    • allow - When the 'Accept' button from the Consent Bar is pressed
    • accept_selected - When the 'Accept Selected' button is pressed ( from the Preferences popup )
    • accept_all - When the 'Accept all' button is pressed ( from Preferences popup )
    Duration: 1 year
    Cookie description: This cookie is set by Consentmo app to hold information on which cookie accept button is pressed by the visitor.

    Cookie name: cookieconsent_preferences_disabled

    This cookie will be set based on the selected option from the app setting Initial state of the cookie bar. It holds information about the cookie groups, which are currently blocked. The blocking can be either based on the initial state, or when the customer manually opts out of a certain cookie group. Here is an example:
    If you have checked the options Block marketing cookies until visitor opts-in and Block analytics cookies until visitor opts-in this would mean that the Analytics and Marketing cookie group will be blocked initially. The information, which this cookie will contain will be: marketing%2Canalytics
    The information, which this cookie containts, will be changed every time when the customer changes his preferences. Based on this cookie, the blocking of the cookies is maintained.
    Duration: 1 year
    Cookie description: This cookie is set by Consentmo app to hold information on which cookie groups are currently blocked by the app.

    Application Specifics

    1. Policy acceptances
    When a visitor of your store accepts your privacy policy through the cookie bar, our app is collecting the following data:
    • Customer ID (if registered)
    • Customer email (if registered)
    • Customer IP (masked for the Shopify merchants)
    • Accepted page ID - the ID of the page which you have set for your privacy policy texts
    • Date & Time - the exact date of the action
    2. GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/LGPD/APPI requests
    When a visitor of your store makes a GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/LGPD/APPI request from the GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/LGPD/APPI Compliance page, we are collecting the following data:
    • Store ID - the ID of your store
    • Request type - the type of the request that was made
    • Customer ID (if registered)
    • Customer email (if registered)
    • Customer IP (masked for the Shopify merchants)
    • Customer User Agent (masked for the Shopify merchants)
    • Date & Time - the exact date of the request
    3. Deletion requests
    When a visitor of your store requests his/her data to be removed from your store, we are collecting the following data:
    • Customer ID (if registered)
    • Customer email (if registered)
    • Date & Time - the exact date of the request
    4. API permissions that our app needs to function
    Below you will find a list of all of the scopes that our app is using and that you are agreeing on upon installation. For additional reference, check Shopify API access scopes
    • read_customers,write_customers - Used for customer data that can be accessed by submitting a request through one of the compliance pages. The customer data can also be edited.
    • read_orders, read_all_orders - Used for accessing order information, which can be accessed by submitting a request through one of the compliance pages for orders
    • read_content, write_content - Used for creating the compliance pages on the merchant’s store
    • read_script_tags - Used for reading the script tags on the merchant’s store. For more information check: ScriptTag
    • read_themes - Used for getting theme information (ID of the theme only) that we use to check if the app block for our app is enabled
    • read_locales - Used for reading the store locales for a feature within our app for text translation
    For additional questions, feel free to reach out to our support team
    Exporting personal customer data
    When a visitor of your store makes a GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/ LGPD/APPI request ("Data Rectification", "Data Portability", "Access to Personal Data", "Right to be Forgotten"), no data will be saved by us or by the app. The data is taken directly from Shopify and sent to the user.
    Note: All of the data we collect for the sole purpose of handling the requests through the GDPR/CCPA-CPRA/VCDPA/CPA/CTDPA/UCPA/PIPEDA/LGPD/APPI Compliance pages is saved with us for 12 months and after this period is over, it is being automatically deleted. All the GDPR data we collect is stored in EU servers, located specifically in a datacenter in Amsterdam, Netherlands.
    Security incident response policy page here
    Unsubscribe of Marketing
    You can opt out of receiving marketing or promotional emails from Consentmo at any time by clicking the unsubscribe link in any of our email communications.

    Changes

    We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
    If you have any questions, feel free to contact us at support@consentmo.com.
    Last updated: 24 October, 2024
    Subscribe to get our monthly newsletter
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    Get Started
    FeaturesPricingBlack Friday Offer⚡
    Regulations
    GDPR (EU)CCPA (California)LGPD (Brazil)PIPEDA (Canada)APPI (Japan)
    Resources
    BlogeBooksKnowledge baseCookie ScannerAdaptive Mobile Experience
    Comparison
    Consentmo vs. Shopify Consentmo vs. Pandectes
    Company
    About us
    FAQs
    Contact
    Legal
    Privacy PolicySupport Policy
    Shopify app storeShopify app store
    Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
    © 2024 Consentmo. All Rights Reserved.

    The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.
    Subscribe to get our monthly newsletter
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.
    Get Started
    FeaturesPricingBlack Friday Offer⚡
    Regulations
    GDPR (EU)CCPA (California)LGPD (Brazil)PIPEDA (Canada)APPI (Japan)
    Resources
    BlogeBooksKnowledge baseCookie ScannerAdaptive Mobile Experience
    Comparison
    Consentmo vs. Shopify Consentmo vs. Pandectes
    Company
    About us
    FAQs
    Contact
    Legal
    Privacy PolicySupport Policy
    Shopify app storeShopify app storeShopify partners
    Shopify app storeShopify app store
    Facebook social iconTwitter social iconLinkedIn social iconInstagram social iconYouTube social iconTikTok social icon
    © 2024 Consentmo. All Rights Reserved.

    The information on the Consentmo website, platform, or services, as well as any part thereof, does not constitute actual legal or regulatory advice, opinion, or recommendation. Consentmo is committed to providing tools to aid in compliance but is not a law firm. For legal advice, users should consult with a qualified attorney.