Privacy Policy

Last updated: 13 May 2026

Bloodhound (“we”, “our”, “us”) is operated by Blue Dog Digital, a sole trader registered in the United Kingdom. This policy explains what the Bloodhound Shopify app collects, why, how long we keep it, and how to ask us to delete it. It is written to comply with UK GDPR, EU GDPR, and the Shopify App Store data-handling requirements.

1. Summary table

Bloodhound is a monitoring product. We collect technical telemetry about your storefront so we can show you errors, performance, funnel events, and supply-chain security findings. We do not collect any personal information about your customers.

We capture	We do NOT capture
Shop domain, app configuration, billing tier (via Shopify APIs).	Customer names, emails, addresses, phone numbers, or any other PII.
JavaScript error messages, stack traces, source URLs, line/column numbers.	Visitor IP addresses. We derive a two-letter ISO country code from the CDN edge header before the request reaches our origin, and discard the IP.
Core Web Vitals (LCP, CLS, INP, FCP, TTFB) sampled in the browser.	Payment, card, or bank information of any kind.
Resource Timing data for scripts (origin, transfer size, duration, blocking time).	Cookies, localStorage, sessionStorage, or any cross-site identifier. The storefront script never reads or writes browser storage.
Shopify Web Pixel funnel events: `page_viewed`, `product_viewed`, `product_added_to_cart`, `search_submitted`, `checkout_started`, `checkout_address_info_submitted`, `checkout_contact_info_submitted`, `checkout_shipping_info_submitted`, `payment_info_submitted`, `checkout_completed`, with order id, order value, currency and line item count when available.	Personal information submitted during checkout. The Shopify Web Pixel sandbox does not expose name, email, or address fields to subscribers; we receive event timestamps and order totals only.
Anonymous session identifier, a random string generated per browser session, not linked to any account or cookie.	Browser fingerprints, device IDs, advertising IDs.
User agent string, device class (mobile/tablet/desktop), connection type, screen width.	Form values, keystrokes, mouse movements, screen recordings.
Server-fetched copies of public storefront scripts (weekly, by URL) for vulnerability detection and redacted secret sampling.	Request bodies, response bodies, or any non-public asset.
Storefront response headers (weekly) for the security headers audit.	Customer-facing pages behind authentication.

2. Data we collect from merchants

When you install Bloodhound from the Shopify App Store, we collect from Shopify:

Your shop domain and store metadata (name, plan, primary email).
OAuth session tokens needed to call the Admin API on your behalf.
Your billing tier and subscription status (via Shopify Billing API).

From your usage of the dashboard we additionally store:

App configuration you enter (average order value, conversion rate, currency, exclude patterns, trusted script origins, alert webhook URLs, alert thresholds).
Issue lifecycle actions you take (resolve, snooze, assign).

3. Data we collect from storefront visitors

Theme app embed (monitoring script). Loaded on storefront pages as a deferred script under 5KB gzipped. Captures JavaScript errors, unhandled promise rejections, failed fetch/XHR requests, Core Web Vitals, and script resource timing. Sends each payload to /ingest on Bloodhound’s servers.

Shopify Web Pixel extension. Subscribed to the customer-events sandbox provided by Shopify. Captures the funnel events listed in the summary table. Cannot capture personal customer information, the Pixel sandbox does not expose those fields to the extension.

Security scanner (server-side, weekly). Fetches the public storefront, parses script URLs, and re-fetches the bodies of those scripts. Used for: (a) security header audit, (b) vulnerable library detection using the Retire.js dataset, (c) supply-chain origin allowlist, (d) redacted secret pattern scanning. We retain only a redacted prefix and suffix of any matched pattern, never the full value.

Country code. When an event arrives at our edge, we read the Cloudflare CF-IPCountry header (two-letter ISO code) and store that string. The visitor’s IP address is never stored, logged, or processed by our application code.

4. How we use the data

Display error reports, issue lifecycles, and performance metrics in your dashboard.
Compute aggregated statistics (p75 Core Web Vitals, error counts, affected sessions, conversion drop-off).
Calculate estimated revenue impact using the AOV and conversion rate that you enter.
Dispatch alert notifications to the webhook URLs you configure.
Detect supply-chain security issues (vulnerable libraries, leaked secrets, untrusted origins) and surface them on the Security page.
Operate the service: rate-limiting, capacity planning, debugging.
Send service-related emails to the merchant contact email on file (cap warnings, billing receipts, security alerts).

We do not sell, rent, or share any collected data with third parties. We do not use it to train machine-learning models. Data is used solely to provide the Bloodhound monitoring service to the merchant who installed the app.

5. Legal basis (UK and EU GDPR)

Our lawful basis for processing telemetry on a merchant’s behalf is legitimate interest: the merchant has installed Bloodhound to monitor their own storefront, and we process the minimum technical data necessary to deliver that service. Because we capture no personal data about end visitors (no IP, no PII, no cross-site identifiers), the lawful basis on the visitor side is more accurately described as “processing of non-personal technical telemetry”.

If you are a merchant in the EEA or UK, you may at any time:

Request a copy of the data we hold about your store.
Request correction of inaccurate data.
Request deletion of all data associated with your store.
Object to processing (which, in practice, means uninstalling the app, deletion follows automatically).
Lodge a complaint with your supervisory authority (ICO in the UK).

Contact [email protected] to exercise any of these rights. We respond within 30 days.

6. Storage and retention

All data is stored on servers operated by Blue Dog Digital, hosted by Hetzner Online GmbH in Helsinki, Finland (EU). The PostgreSQL database is reached only over encrypted, IP-restricted connections.

Pro plan: raw event data is retained for 30 days. Aggregated daily metrics, issues, and configuration are retained indefinitely until uninstall.
Growth plan: raw event data is retained for 90 days.
Business plan: all data is retained until the merchant uninstalls the app or requests deletion.
Backups: daily encrypted snapshots are retained for 14 days, then permanently destroyed.

7. Data deletion

When a merchant uninstalls Bloodhound, Shopify sends us an app/uninstalled webhook. On receipt we immediately mark the store as uninstalled and queue every row in every table for deletion. All data associated with that store is permanently deleted within 48 hours, including: store configuration and settings, error events, issues, CWV metrics and aggregations, script performance data, alert configurations, alert delivery logs, security scans and findings, funnel events, and OAuth session tokens.

We also respond to Shopify’s mandatory GDPR webhooks (customers/data_request, customers/redact, shop/redact) within the required timeframes. Because we hold no PII, the customers/* responses confirm that no data exists.

To request deletion outside of an uninstall, email [email protected]. We confirm deletion in writing within 30 days.

8. Sub-processors

Shopify Inc.: app installation, OAuth, billing, and webhook delivery.
Hetzner Online GmbH: server hosting (Helsinki, Finland, EU).
Cloudflare Inc.: DDoS protection and TLS termination at the edge. Cloudflare sees encrypted traffic and provides the country-code header used in section 3.
Resend: transactional email delivery (billing receipts, cap warnings, security alerts).

We do not use any analytics, advertising, or marketing tracking services inside the Bloodhound app itself.

9. Marketing site cookies

This marketing site (getbloodhound.app) shows a consent banner on first visit. No analytics or non-essential cookies are loaded until consent is granted. Essential first-party storage required to remember your consent choice is allowed under PECR without consent. See the consent banner footer to revisit your choice at any time.

10. The monitoring script

The Bloodhound storefront monitoring script:

Is loaded asynchronously via the theme app embed and never blocks rendering.
Is under 5KB gzipped.
Sets no cookies and reads no cookies.
Does not access localStorage or sessionStorage.
Does not collect IP addresses (the IP never reaches application code; the country code comes from the CDN edge header).
Does not fingerprint browsers or devices.
Does not track visitors across sites.
Redacts any matched secret pattern (API key, JWT, signed URL token) to a prefix + suffix sample before it leaves the browser.

11. Security

All data in transit is encrypted with TLS 1.2 or higher.
The PostgreSQL database is reachable only over an internal network from the application servers.
OAuth tokens are stored encrypted at rest.
API access to per-store data (Business plan) is gated by per-store bearer tokens that can be rotated from Settings.
The application is monitored for errors and abnormal traffic patterns.
Bloodhound is used to monitor itself.

12. Children

Bloodhound is a B2B product for Shopify merchants. The app is not directed at children and we do not knowingly collect data about people under the age of 16.

13. International transfers

All Bloodhound infrastructure operates inside the EU. Where Shopify, Cloudflare, or Resend transfer data outside the UK/EEA, those transfers are covered by Standard Contractual Clauses or equivalent adequacy mechanisms maintained by those vendors.

14. Changes to this policy

We update this policy when our data handling changes. Material changes are announced via the dashboard banner and via email to the merchant contact email on file at least 30 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

15. Contact

For questions about this privacy policy, data subject requests, or anything else relating to how Bloodhound handles your data:

Email: [email protected]
Data controller: Blue Dog Digital, United Kingdom
Website: weareblue.dog