Privacy Policy

Last Updated: April 21, 2026

1. Introduction

Welcome to Cazy Quiz ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application.

By installing and using Cazy Quiz, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect the following types of information:

2.1 Information Accessed via Shopify APIs

When you install Cazy Quiz, we access data from your Shopify store using the following API scopes:

  • read_products: Read product titles, images, prices, variants, and collection memberships so that quiz answers can map to recommended products.
  • write_customers: Create or update customer records when a quiz taker opts in with an email, so the merchant can follow up.
  • write_pixels / read_customer_events: Register our Web Pixel extension and receive storefront customer events (page views, quiz interactions, checkouts) to produce quiz analytics.
  • read_product_feeds (optional): Read product feed data when enabled, to sync recommendations across sales channels.

2.2 Store Information

  • Shop domain and name
  • Store owner email address
  • Store access tokens (securely stored)

2.3 Quiz Data

  • Quiz configurations and settings
  • Questions and answers created by merchants
  • Product recommendations and mappings

2.4 Customer Data

  • Quiz responses from store customers
  • Email addresses (only collected with explicit consent)
  • Quiz completion analytics

Important: We only collect customer email addresses when users explicitly provide consent through a checkbox during quiz participation. Email collection is entirely optional, and users can complete quizzes without providing an email address.

2.5 Automatically Collected Information

When a customer interacts with a quiz on a merchant's storefront, our systems and our Web Pixel extension may automatically record:

  • IP address and general geographic region
  • Browser type, device type, operating system, and time zone
  • Pages viewed, quiz start/completion timestamps, and quiz interaction events
  • Referring URL and session identifiers

This information is used to produce aggregated analytics (views, starts, completions, add-to-cart) for the merchant. We do not attempt to identify individual customers from this data unless they voluntarily provide their email address.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To provide and maintain our quiz builder service
  • To personalize product recommendations for customers
  • To analyze quiz performance and provide analytics
  • To improve our application and user experience
  • To communicate with merchants about their account or service updates
  • To comply with legal obligations

4. Data Storage and Location

Your data is stored securely using the following infrastructure:

  • Primary Database: PostgreSQL hosted on Supabase (United States)
  • Application Hosting: Secure cloud infrastructure (Europe)
  • Data Processing: All data is processed and stored with enterprise-grade security

We use Supabase as our database service provider. Both Supabase and our hosting infrastructure comply with SOC 2 Type II, GDPR, and other international data protection standards.

International Data Transfers: If you or your customers are located outside the United States or the European Economic Area, your personal information will be transferred to — and processed in — those jurisdictions. By using the Service you consent to this transfer. Where required, we rely on Standard Contractual Clauses or equivalent safeguards approved under applicable data-protection law.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • With Shopify: As required for app functionality within the Shopify ecosystem
  • Data Processors: We use the following trusted third-party service providers:
    • Supabase (PostgreSQL database hosting, United States)
    • Redis Cloud / RedisLabs (in-memory caching)
    • Hostinger (application hosting and infrastructure)
    • Google Gemini AI (AI-powered quiz generation — only merchant-authored content is sent; no customer PII)
  • Legal Requirements: When required by law or to protect our rights

All data processors are required to maintain strict data protection standards and use your data only for the purposes we specify.

Shopify Compliance Webhooks: We honour Shopify's mandatory data-privacy webhooks — customers/data_request, customers/redact, and shop/redact. Any customer data-access or erasure request submitted through Shopify is processed automatically within the timeframes required by applicable law.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • SSL/TLS encryption for all data transmissions
  • Secure token-based authentication with Shopify
  • Regular security audits and updates
  • Access controls and data encryption at rest

7. Data Retention

We retain your data for as long as your app is installed on your Shopify store. Upon uninstallation, we will delete your data within 30 days, unless required to retain it for legal purposes.

Quiz response data may be retained for analytics purposes but will be anonymized after the app is uninstalled.

8. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to the processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the information provided below.

9. Cookies and Tracking Technologies

We and our service providers use the following technologies to operate the App and our Web Pixel extension:

  • Essential cookies: Required for Shopify authentication, session management, and consent tracking. The App does not set advertising or cross-site tracking cookies.
  • Log files: Our servers automatically record IP address, user-agent string, referring/exit pages, and timestamps for each request in order to diagnose errors and detect abuse.
  • Web Pixel (Shopify Customer Events): When our "Cazy Quiz Analytics" Web Pixel is enabled, Shopify forwards storefront customer events (page views, quiz interactions, add-to-cart, checkout) to our analytics pipeline under the analyticscustomer-privacy purpose. The pixel does not fire for marketing or advertising purposes and does not sell or share personal data.

You can manage cookies through your browser settings. For more information about cookies, see allaboutcookies.org.

10. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@cazyweb.com

Website: https://cazyquiz.cazyweb.com

Mailing Address: Cazy Web IT Solutions, Baburhat, Cooch Behar, West Bengal 736156, India

Response Time: We aim to respond to all inquiries within 48 hours

Or send us a message directly: