This Privacy Policy describes how MACCA STUDIOS LIMITED (“we”, “us”, “our”) collects, uses, processes, and protects information in connection with the A/B Genius Shopify application (the “App”).

A/B Genius is a Shopify application that enables merchants to run A/B tests and analyze store performance directly within Shopify.

1. Company Information

A/B Genius is operated by:

MACCA STUDIOS LIMITED

United Kingdom

Email: support@abgenius.app

MACCA STUDIOS LIMITED is established in the United Kingdom and subject to UK data protection laws, including UK GDPR.

2. Our Role Under Data Protection Laws

When merchants install and use A/B Genius:

• The merchant is the Data Controller.

• MACCA STUDIOS LIMITED acts as a Data Processor.

We process store and customer-related data solely on behalf of merchants and only as necessary to provide A/B testing functionality.

Merchants are responsible for ensuring their own privacy policies properly disclose their use of A/B testing and analytics tools.

3. Information We Collect and Process

We collect and process only the data necessary to operate the App.

A. Merchant Account Information

When a merchant installs the App, we may collect:

• Store name

• Store URL

• Shopify store ID

• Merchant contact email

• Shopify plan details

• Billing status and subscription data via Shopify Billing API

We do not collect Shopify account passwords.

B. Store and Order Data

To provide A/B testing and analytics functionality, we may process:

• Product identifiers and pricing information

• Order identifiers

• Revenue amounts

• Timestamps of transactions

• Page view events

• Add-to-cart events

• Checkout events

• Purchase events

• Experiment assignment data

• Traffic allocation data

We only access the Shopify API scopes granted during installation.

C. End Customer Data

The App may process limited customer-related data in pseudonymous form, including:

• Anonymous session identifiers

• Device type and browser information

• Behavioral event data (e.g., page views, add-to-cart, purchases)

We do not intentionally collect or store:

• Full payment card details

• Customer passwords

• Government-issued identification numbers

• Sensitive personal data

Customer data is processed solely to measure experiment results and generate performance analytics.

4. Legal Basis for Processing

Where applicable under UK GDPR, GDPR, or other data protection laws, processing is carried out on the basis of:

• Performance of a contract (providing App functionality)

• Legitimate interests (analytics and experimentation)

• Merchant instructions as Data Controller

When we act as a Data Processor, the merchant determines the lawful basis for processing.

5. How We Use Information

We use information to:

• Provide A/B testing functionality

• Assign visitors to experiment groups

• Calculate conversion and revenue metrics

• Generate analytics dashboards

• Manage billing via Shopify

• Provide customer support

• Improve reliability and security

• Detect fraud or abuse

We do not sell, rent, or use merchant or customer data for advertising purposes.

We do not share merchant or customer data for unrelated commercial use.

6. Sub-Processors

We may engage trusted third-party service providers (“sub-processors”) to support operation of the App, including:

• Shopify (API access, billing)

• Cloud infrastructure providers (e.g., hosting and storage)

• Data synchronization platforms (e.g., Mantle)

• Monitoring and security providers

These providers process data only on our instructions and are contractually required to implement appropriate security safeguards.

7. Data Storage and Security

We implement appropriate technical and organisational measures to protect data, including:

• Encrypted data transmission (HTTPS/TLS)

• Secure cloud hosting environments

• Access controls and role-based permissions

• Logging and monitoring systems

• Regular backups

We take reasonable steps to protect data against unauthorized access, disclosure, alteration, or destruction.

8. International Data Transfers

Data may be processed outside the merchant’s country of operation.

Where personal data is transferred outside the United Kingdom or European Economic Area, we implement appropriate safeguards in accordance with applicable data protection laws.

9. Data Retention and Deletion

We retain merchant and store data only for as long as necessary to:

• Provide App functionality

• Comply with legal obligations

• Resolve disputes

• Enforce agreements

If a merchant uninstalls the App, associated store data will be deleted or anonymized within a reasonable period, unless retention is legally required.

10. Data Subject Rights

Depending on applicable law, individuals may have rights to:

• Access personal data

• Request correction

• Request deletion

• Restrict processing

• Object to processing

• Request data portability

Because we act as a Data Processor, customer-related requests should generally be directed to the merchant (Data Controller).

Merchants may contact us for assistance with lawful requests.

11. Cookies and Tracking

A/B Genius may use tracking technologies necessary to:

• Assign experiment variations

• Measure performance metrics

• Ensure system reliability

We do not use tracking technologies for advertising purposes.

Merchants are responsible for managing their own cookie disclosures where required.

12. Data Breach Response

In the event of a data security incident affecting merchant data, we will:

• Investigate promptly

• Take appropriate remediation steps

• Notify affected merchants as required under applicable law

13. Children’s Data

The App is not intended for use by individuals under 18 years of age.

We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy periodically.

Updates will be posted with a revised “Last Updated” date.

Continued use of the App constitutes acceptance of the updated policy.

15. Contact Information

For privacy-related inquiries:

MACCA STUDIOS LIMITED

Email: support@abgenius.app