Last updated: 10 July 2026
Checkout Rescue (“the app”, “we”, “us”) scans a Shopify store's checkout scripts and helps merchants migrate them to Shopify web pixels ahead of the August 26, 2026 checkout extensibility deadline. It is operated by Talivio Technology OÜ (Estonian registry code 16991406), Ahtri tn 12, Kesklinna linnaosa, Tallinn, Harju maakond, 15551, Estonia. The app is a business tool for Shopify merchants; it is not directed at consumers. This policy explains what data the app accesses, how it is used, and the choices available to you.
Shopify is an independent data controller for the Shopify platform, including your Shopify account and the payment it collects when you purchase the rescue package (see Shopify's privacy policy). Talivio Technology OÜ is the data controller for the merchant account and scan data described in this policy. In the unlikely event that content you paste into the app contains personal data (it should not — see below), we handle that content only on your instructions, as your processor, to provide the service.
When you install Checkout Rescue, the app is granted the following access through the Shopify Admin API:
We also keep a record of your rescue-package purchase status (whether the one-time charge was approved), as reported by Shopify. Payment itself is handled entirely by Shopify — we never see your payment details.
Checkout Rescue does not access or store your customers' personal information. The app does not request access to customer, order, or payment data. The replacement web pixel the app installs runs in your storefront and sends events from your customers' browsers directly to the analytics vendors you already use (for example Google or Meta) — that data never passes through our servers. For that tracking, you remain the data controller and are responsible for the required customer notices and consents.
Checkout Rescue's Additional Scripts box cannot be read via any Shopify API —
it never has been, for any app. If you choose to paste the contents of your
Additional Scripts box into the app, that pasted content is stored so we can
classify it and generate replacement web pixel code. This content is a
template you wrote yourself (typically third-party tracking snippets like
Google Ads or Meta Pixel code) — it does not contain live customer data, only
placeholder variables (e.g. {{ order_number }}) as Shopify's
Liquid template language renders them in the editor.
We use the information described above solely to scan your store for scripts affected by the deadline, classify them, generate replacement web pixel code and, if you purchase the rescue package, install it. We do not sell your data, and we do not use it for advertising. Where the data involved is personal data (such as your name or contact details), we process it on the following legal bases under Article 6(1) GDPR: to perform our contract with you — providing the app and the rescue package (Article 6(1)(b)); to comply with legal obligations such as accounting law (Article 6(1)(c)); and for our legitimate interest in keeping the service secure and reliable, including server logs (Article 6(1)(f)).
We do not share your data with third parties except our hosting provider, which stores data and runs the service on our behalf as a processor, and only to the extent necessary to operate the app, and Shopify, which operates the platform and billing as an independent controller. If our hosting involves a transfer of personal data outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's standard contractual clauses.
Scan data and store information are retained for as long as the app is
installed on your store. The app subscribes to Shopify's mandatory privacy
webhooks — customers/data_request, customers/redact
and shop/redact. Because the app stores no customer personal
data, customer requests will normally return or erase nothing. When you
uninstall the app, Shopify sends the shop/redact webhook 48 hours
later and we delete the data associated with your store within 30 days of
receiving it. Records of your purchase are kept for 7 years as required by
Estonian accounting law, and technical server logs are kept for no longer than
90 days. You may also request deletion at any time by contacting us.
Under the GDPR you may have the right to access, correct, export, restrict or object to the processing of, or delete the personal data we hold about you. To exercise any of these rights, email us at the address below. You may also lodge a complaint with a supervisory authority — for us that is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee), but you may contact the authority in your own country instead.
We use industry-standard measures, including encrypted connections (HTTPS) and access controls, to protect your data. No method of transmission or storage is completely secure, but we work to protect your information and to promptly address any issues.
The app and this website use only essential first-party cookies: a session cookie and a CSRF cookie that protects forms against abuse. Inside the Shopify admin, the embedded app authenticates with Shopify session tokens instead of cookies. We do not use analytics or advertising cookies, so no cookie consent banner is required.
We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.
If you have any questions about this policy or your data, contact us at [email protected].