Checkout Rescue

Privacy Policy

Last updated: 10 July 2026

Checkout Rescue (“the app”, “we”, “us”) scans a Shopify store's checkout scripts and helps merchants migrate them to Shopify web pixels ahead of the August 26, 2026 checkout extensibility deadline. It is operated by Talivio Technology OÜ (Estonian registry code 16991406), Ahtri tn 12, Kesklinna linnaosa, Tallinn, Harju maakond, 15551, Estonia. The app is a business tool for Shopify merchants; it is not directed at consumers. This policy explains what data the app accesses, how it is used, and the choices available to you.

Our role — and Shopify's

Shopify is an independent data controller for the Shopify platform, including your Shopify account and the payment it collects when you purchase the rescue package (see Shopify's privacy policy). Talivio Technology OÜ is the data controller for the merchant account and scan data described in this policy. In the unlikely event that content you paste into the app contains personal data (it should not — see below), we handle that content only on your instructions, as your processor, to provide the service.

Information we access

When you install Checkout Rescue, the app is granted the following access through the Shopify Admin API:

We also keep a record of your rescue-package purchase status (whether the one-time charge was approved), as reported by Shopify. Payment itself is handled entirely by Shopify — we never see your payment details.

Checkout Rescue does not access or store your customers' personal information. The app does not request access to customer, order, or payment data. The replacement web pixel the app installs runs in your storefront and sends events from your customers' browsers directly to the analytics vendors you already use (for example Google or Meta) — that data never passes through our servers. For that tracking, you remain the data controller and are responsible for the required customer notices and consents.

Information you provide directly

Checkout Rescue's Additional Scripts box cannot be read via any Shopify API — it never has been, for any app. If you choose to paste the contents of your Additional Scripts box into the app, that pasted content is stored so we can classify it and generate replacement web pixel code. This content is a template you wrote yourself (typically third-party tracking snippets like Google Ads or Meta Pixel code) — it does not contain live customer data, only placeholder variables (e.g. {{ order_number }}) as Shopify's Liquid template language renders them in the editor.

How we use information — and our legal basis

We use the information described above solely to scan your store for scripts affected by the deadline, classify them, generate replacement web pixel code and, if you purchase the rescue package, install it. We do not sell your data, and we do not use it for advertising. Where the data involved is personal data (such as your name or contact details), we process it on the following legal bases under Article 6(1) GDPR: to perform our contract with you — providing the app and the rescue package (Article 6(1)(b)); to comply with legal obligations such as accounting law (Article 6(1)(c)); and for our legitimate interest in keeping the service secure and reliable, including server logs (Article 6(1)(f)).

Data sharing

We do not share your data with third parties except our hosting provider, which stores data and runs the service on our behalf as a processor, and only to the extent necessary to operate the app, and Shopify, which operates the platform and billing as an independent controller. If our hosting involves a transfer of personal data outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's standard contractual clauses.

Data retention and deletion

Scan data and store information are retained for as long as the app is installed on your store. The app subscribes to Shopify's mandatory privacy webhooks — customers/data_request, customers/redact and shop/redact. Because the app stores no customer personal data, customer requests will normally return or erase nothing. When you uninstall the app, Shopify sends the shop/redact webhook 48 hours later and we delete the data associated with your store within 30 days of receiving it. Records of your purchase are kept for 7 years as required by Estonian accounting law, and technical server logs are kept for no longer than 90 days. You may also request deletion at any time by contacting us.

Your rights

Under the GDPR you may have the right to access, correct, export, restrict or object to the processing of, or delete the personal data we hold about you. To exercise any of these rights, email us at the address below. You may also lodge a complaint with a supervisory authority — for us that is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee), but you may contact the authority in your own country instead.

Security

We use industry-standard measures, including encrypted connections (HTTPS) and access controls, to protect your data. No method of transmission or storage is completely secure, but we work to protect your information and to promptly address any issues.

Cookies

The app and this website use only essential first-party cookies: a session cookie and a CSRF cookie that protects forms against abuse. Inside the Shopify admin, the embedded app authenticates with Shopify session tokens instead of cookies. We do not use analytics or advertising cookies, so no cookie consent banner is required.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.

Contact

If you have any questions about this policy or your data, contact us at [email protected].