Security & Trust
Built to handle your shoppers' data carefully.
Popups touch real customer data. Here's exactly how Popchime protects it, who it shares it with, and how you stay in control.
Encrypted at rest
Sensitive captured data is encrypted with AES-256-GCM. Encryption keys are derived per-record with HKDF, so a single key never protects everything.
Data minimization
We store what's needed to run your popups and deliver your leads — nothing more. Captured contacts flow to your own destinations (Klaviyo, Mailchimp, webhook).
GDPR-ready by default
Add a consent checkbox to any capture popup, and Popchime honors Shopify's GDPR webhooks: data-request, customer redaction, and shop redaction.
You stay in control
Your data is yours. Request export or deletion at any time and we'll act on it — see how below.
Subprocessors
The third parties that may process data on our behalf. We add a subprocessor only when it's needed to run the product.
GDPR webhooks
Popchime implements Shopify's mandatory compliance webhooks, so shopper and store requests are handled automatically.
-
customers/data_requestA shopper asks for their data — we return what we hold. -
customers/redactA shopper asks to be deleted — we erase their captured data. -
shop/redactA store uninstalls — we erase that store's data after the grace period.
Export or delete your data
Want a copy of your data, or want it erased? Email [email protected] and we'll handle it. For the full detail, read our Privacy Policy and Data Processing statement.