Privacy Policy

Last updated: March 7, 2026

1. Introduction

Jeff Analytics (“Jeff”, “we”, “us”) is a privacy-first analytics platform operated by Niro Digital d.o.o. This policy explains how we collect, use, and protect data when you use the Jeff service, including our Shopify app.

2. Data We Collect

Account data: When you create an account, we store your name, email address, and authentication credentials (managed by Clerk).

Analytics data: Our tracker collects page views, sessions, scroll depth, time on page, and Web Vitals. By default, we use cookieless, privacy-friendly visitor hashing — no persistent identifiers are stored on the end user's device.

Shopify store data (when connected): Orders, customers, products, collections, inventory, checkouts, returns, and refunds synced via the Shopify Admin API. Access tokens are encrypted at rest using AES-256-GCM.

Event properties: Custom event properties you send via the tracking API. We automatically classify events and extract metadata (device type, OS, browser, country, referrer, UTM parameters).

3. How We Use Data

  • Provide analytics dashboards, AI insights, and reports
  • Power conversion funnels, user segmentation, and cohort analysis
  • Generate AI-powered recommendations and anomaly detection
  • Forward events to configured third-party pixels (Google Analytics, Meta Pixel) when enabled by you
  • Improve the Jeff service and fix bugs

4. Shopify-Specific Data Handling

When you install Jeff on your Shopify store, we request access to read orders, customers, products, and related data. We use this data solely to provide analytics within your Jeff dashboard. We do not sell Shopify merchant data or use it for advertising.

Our Shopify Web Pixel extension collects storefront events (page views, product views, add-to-cart, checkout) in compliance with Shopify's Customer Privacy API. Events are only collected when the visitor has granted the appropriate consent level (analytics, marketing).

When you uninstall the Jeff app from your Shopify store, we mark your connection as inactive. Upon receiving a shop/redact webhook from Shopify, we permanently delete all Shopify-sourced data associated with your store.

5. Data Storage & Security

Data is stored in a PostgreSQL database hosted on Neon (EU region). Shopify access tokens are encrypted with AES-256-GCM. All connections use TLS. We follow OWASP security best practices for our API endpoints.

6. Third-Party Services

  • Clerk — authentication and user management
  • Neon — database hosting (EU)
  • Vercel — application hosting
  • Sentry — error monitoring (no PII sent)
  • Google Gemini — AI insights generation (anonymized data only)

7. Cookies & Tracking

Jeff supports a cookieless mode by default. When cookies are used, we use a first-party analytics cookie for session tracking only. We support Google Consent Mode v2 and provide three-tier consent management (analytics, marketing, personalization).

8. Your Rights (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a machine-readable format
  • Object to or restrict processing of your data

For Shopify store visitors, merchants can exercise these rights on behalf of their customers. Jeff provides GDPR export and deletion endpoints, and responds to all Shopify mandatory GDPR webhooks.

9. Data Retention

Analytics event data is retained according to each project's configured retention period (default: 365 days). Account data is retained while your account is active. Shopify store data is deleted upon receiving a shop/redact webhook after app uninstallation.

10. Contact

For privacy-related inquiries, contact us at privacy@nirodigital.com.

Niro Digital d.o.o.
Slovenia, EU