Mavira Logo

Privacy Policy

Mavira AI LLC — Shopify App

Effective Date: April 15, 2026

1. Overview

This Privacy Policy describes how Mavira AI LLC ("we," "us," or "our") collects, uses, and protects data through our Shopify application (the "App"). The App is designed to track sales conversions that originate exclusively from traffic referred by the Mavira website (maviraai.com). The App does not monitor or collect data from general traffic on a Merchant's Shopify store — only visitors who arrived via a Mavira referral link are within scope.

By installing or using the App, you (the "Merchant") agree to the data practices described in this policy.

2. What Data We Collect

The App collects a limited, specific set of data — and only when a qualifying purchase occurs. A "qualifying purchase" is one made by a visitor who arrived at your Shopify store via a link from the Mavira website (identified by the href=maviraai URL parameter). The App does not track, collect, or store any data related to orders from customers who did not originate from a Mavira referral link.

When a qualifying purchase is made, we collect the following data:

  • Timestamp — the date and time the purchase was completed
  • Shop domain — the Shopify store from which the purchase originated
  • Order ID — the unique identifier assigned to the order by Shopify
  • Pre-tax / pre-shipping order amount — the subtotal before taxes and shipping fees
  • Total order amount — the final order total including taxes and shipping
  • Currency — the currency in which the transaction was processed

No PII Collected: We do not collect any personally identifiable information (PII) about the end customer, including name, email address, billing or shipping address, or payment details.

3. How We Collect Data

When a visitor arrives at a Merchant's Shopify store via a Mavira referral link, a cookie is set in the visitor's browser to identify them as a Mavira-referred visitor. This cookie persists for 90 daysfrom the date of the visitor's initial referral visit. It is used solely to attribute a subsequent purchase to Mavira's referral traffic. Visitors who arrive through any other channel are not tracked by the App in any way.

Rather than relying on real-time event webhooks, the App uses a polling mechanism to periodically check for new orders and identify those attributable to Mavira referral traffic. Only orders associated with a Mavira referral cookie are processed. No data is collected or stored for any other orders.

4. How We Use Your Data

The data we collect is used exclusively to:

  • Track and report sales conversions attributable to Mavira referral traffic
  • Provide Merchants with accurate performance metrics for their Mavira partnership
  • Calculate any revenue-sharing or commission amounts, where applicable

We do not use the collected data for advertising, profiling, or any purpose beyond the referral tracking functionality described above.

5. Data Sharing and Disclosure

We may share tracked order data with the specific Shopify merchant (partner) whose store the sale occurred on. This is limited to situations where the partner needs to verify a sale that Mavira referred to their store, and is restricted to the purchase data described in Section 2.

We do not sell or rent your data. We do not share data with any other third parties for advertising, marketing, or any other purpose. We may disclose data if required to do so by law, regulation, or valid legal process (such as a court order or subpoena).

6. Data Storage and Security

All data collected by the App is stored securely on Supabase, a managed cloud database platform. Data is stored in the United States. Supabase employs industry-standard security practices including encryption at rest and in transit.

Retention:We retain collected purchase data for a period of 1 year from the date of collection, or until you uninstall the App, whichever comes first. Upon uninstallation, all data associated with your store is deleted within 36 hours. Before deletion, we create a billing record containing only the referring partner's internal identifier and the aggregated amount owed—this record contains no information identifying your store or your customers and is retained for internal accounting purposes. You may also request deletion at any time by contacting team@maviraai.com.

7. How the App Accesses Order Data

The App uses a polling mechanism to access order data from the Shopify API on a periodic basis. This means the App periodically queries the Merchant's store for recent orders and checks whether any are associated with a Mavira referral cookie. Only orders that match a Mavira referral are recorded; all other order data is disregarded and not stored.

This polling approach does not require real-time event hooks and is limited in scope to identifying and recording qualifying conversions as described in this policy.

8. Merchant Data Rights and Deletion Requests

As a Merchant using our App, you have the right to:

  • Request a copy of the data we hold associated with your store
  • Request correction of any inaccurate data
  • Request deletion of all data associated with your store

To exercise any of these rights, please send an email to team@maviraai.com. We will respond to all requests within 30 days.

End Customer Requests: End customers (visitors who made a purchase through a Mavira-referred link) may also request deletion of their order data by emailing team@maviraai.com with their order number. We will locate and delete any associated data within 30 days.

9. GDPR and International Compliance

If you or your customers are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR). Our legal basis for processing purchase data is our legitimate interest in tracking sales conversions attributable to Mavira referral traffic.

Because we do not collect personal data about end customers (only order-level data for referral-attributed purchases), our data processing scope under GDPR is limited. We are committed to honoring all data subject and merchant data requests submitted to us directly.

Legal Basis for Cookie

The referral cookie described in Section 3 is set on the basis of Mavira's legitimate interests in accurately attributing sales conversions to its referral traffic. The cookie is limited in scope, persists for 90 days, and is used for no purpose other than referral attribution.

Data Minimization

We collect only the minimum data necessary to fulfill the referral tracking purpose described in this policy. No additional data fields are collected or stored beyond those listed in Section 2.

International Data Transfers

All data is stored on Supabase, which is based in the United States. If you or your customers are located in the EEA, your data may be transferred to and stored in the US. Supabase maintains GDPR compliance and covers cross-border transfers under Standard Contractual Clauses (SCCs), providing appropriate safeguards for international data transfers.

Data Processing Agreement

Where Mavira processes order data on behalf of merchants established in the EEA, Mavira acts as a data processor and the merchant acts as the data controller under GDPR. A Data Processing Agreement (DPA) is available upon request by contacting team@maviraai.com. Mavira will only process merchant data in accordance with the merchant's instructions and as described in this policy.

Right to Lodge a Complaint

EEA-based merchants and their customers have the right to lodge a complaint with their local data protection supervisory authority. A list of supervisory authorities is available at edpb.europa.eu. We encourage you to contact us at team@maviraai.com first so we can attempt to resolve any concerns directly.

10. Children's Privacy

The App is intended solely for use by Shopify merchants and is not directed at or designed for use by individuals under the age of 13. We do not knowingly collect any data from children under 13. If you believe that a child under 13 has provided data through the App, please contact us at team@maviraai.com and we will promptly delete any such data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify Merchants through the Shopify App Store or via the App interface. The updated policy will include a revised effective date. Continued use of the App after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Mavira AI LLC

Website: maviraai.com

Email: team@maviraai.com

Privacy Contact (Voluntary)

While not required to do so under applicable law, Mavira AI LLC has voluntarily designated a privacy contact to oversee data protection matters:

Aubrey Stevens — aubrey@maviraai.com

Last Updated: April 15, 2026

© 2026 Mavira AI LLC. All rights reserved.

Site Privacy PolicyTerms of ServiceCookie Policy