Chartimatic

Privacy Policy

Last updated: March 20, 2026

Overview

Chartimatic is operated by Averva Corporation (“we,” “us,” or “our”). We are committed to protecting the privacy and security of our users' information. This Privacy Policy describes how we collect, use, store, and share data when you use our Shopify app and related services at chartimatic.com and app.chartimatic.com.

Information We Collect

Account Information

When you sign up for Chartimatic, we collect your email address and, optionally, your name and business context you provide during onboarding (such as business name, industry, and goals).

Store Data (via Shopify API)

When you install Chartimatic on your Shopify store, we request access to the following Shopify scopes:

  • read_analytics— To retrieve your store's analytics and performance metrics for your daily briefing.
  • read_orders — To analyze order trends, revenue patterns, and sales data.
  • read_products — To identify top products and category performance in your briefings.
  • read_customers — To provide customer acquisition and retention insights.

We access this data using Shopify's official APIs with OAuth 2.0 authorization. We only request read-only access — we never modify your store data.

Third-Party Integration Data

If you connect additional platforms (Google Analytics, Google Ads, Klaviyo), we collect analytics data from those services via their official APIs with your explicit authorization.

Usage Data

We collect standard web analytics (via Google Analytics) including page views, session duration, and referral sources. We do not use this data for advertising.

How We Use Your Data

  • Daily Briefings — We process your connected data to generate AI-powered business intelligence briefings delivered to your email.
  • Industry Intelligence — We use aggregated, anonymized data patterns to provide industry benchmarks and market context. Individual store data is never shared.
  • Product Improvement — We use usage patterns to improve the service. We do not sell your data.

Data Storage and Security

Your data is stored securely using Supabase (hosted on AWS infrastructure) with Row-Level Security policies enforcing data isolation between users. OAuth tokens are encrypted at rest. All data transmission uses TLS 1.2+.

We retain your store metrics data for the period required to generate trend analysis in your briefings (typically 90 days of historical snapshots). OAuth tokens are stored only while your integration remains active.

Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Service Providers — Supabase (database hosting), Vercel (application hosting), Resend (email delivery), Stripe (payment processing), and xAI (AI analysis). These providers process data solely on our behalf.
  • Legal Obligations — When required by law or to protect our rights and safety.

Shopify GDPR Compliance

We comply with Shopify's mandatory data protection requirements by supporting the following webhook-based requests:

  • Customer Data Request — Upon receiving a customers/data_request webhook from Shopify, we compile and return all data we hold about the specified customer.
  • Customer Data Erasure — Upon receiving a customers/redact webhook, we delete all personally identifiable data associated with the specified customer.
  • Shop Data Erasure — Upon receiving a shop/redact webhook (48 hours after app uninstall), we delete all data associated with the uninstalled shop.

Your Rights

You have the right to:

  • Access — Request a copy of the data we hold about you.
  • Correction — Request correction of inaccurate data.
  • Deletion — Request deletion of your account and associated data. You can also disconnect integrations at any time from your dashboard.
  • Portability — Request your data in a machine-readable format.
  • Uninstall— Uninstalling the Shopify app revokes our access to your store data. Residual data is purged within 48 hours per Shopify's requirements.

Cookies and Tracking

We use essential cookies for authentication (Supabase session tokens). We use Google Analytics for aggregate traffic analysis. We do not use third-party advertising cookies or retargeting pixels.

Children's Privacy

Chartimatic is not intended for use by individuals under 16 years of age. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or in-app notification. The “Last updated” date at the top reflects the most recent revision.

Contact Us

For privacy-related questions, data requests, or concerns: