Feather

Privacy Policy

Last updated: July 2, 2026

Feather (“Feather,” “we,” “us”) is a Shopify app built and operated by Heaps Good Studio. This policy describes what data Feather collects when a merchant installs it, and what data it observes on that merchant’s storefront — not what any individual merchant does with their own store or customers, which remains the merchant’s own responsibility.

What we don’t collect

Feather requests a single, read-only Shopify Admin API scope: read_privacy_settings, used only to check whether Shopify’s own native cookie banner is turned on, so we can warn you if it might double up with Feather’s banner. Feather cannot read your products, customers, orders, or any other store data through Shopify’s Admin API. Feather also does not use per-staff-member (“online”) access tokens, so it never learns the name or email of anyone on your team who installs or manages the app.

Data we collect from your store (the merchant)

Data we collect from your storefront visitors

Feather’s consent banner and Tracker Monitor observe activity on your storefront to do their job. Specifically:

What we do with this data

We use it solely to operate the features you’ve installed: showing/hiding the consent banner correctly, recording consent for your compliance records, and building your Tracker inventory. We do not sell it, and we do not share it with advertisers, analytics vendors, or any other third party. Feather does not send any storefront data to Google, Meta, or similar platforms — it only observes what’s already present on the page.

Our role

For the storefront-visitor data described above (consent choices and tracker fingerprints), Feather acts as a data processor on your behalf — you, the merchant, are the controller. For your own account data (shop domain, settings, and access token) we act as the controller. A data-processing agreement (DPA) is available on request to support your GDPR Article 28 obligations — email the address below.

Where data is stored

All data is stored in Google Cloud (PostgreSQL, hosted in the United States). As with any web service, our hosting provider may retain standard server access logs (which can include IP addresses) for operational and security purposes; this is separate from, and not linked to, the consent/tracker records described above.

Sub-processors

Currently, Google Cloud Platform (hosting only). Feather does not currently use any AI or third-party data-processing service. If that changes, this policy will be updated first.

Retention and deletion

Your store’s data is retained while the app is installed. If you uninstall Feather, Shopify notifies us automatically and we permanently delete all data associated with your shop — consent logs, tracker records, settings, and access tokens — within 48 hours.

Your rights

Since we don’t store data tied to individual visitors, there’s no per-visitor data to access or delete on request — there’s simply nothing to look up. As the merchant, you can request full deletion of your store’s data at any time by uninstalling the app, or by emailing us at the address below.

Changes to this policy

If we materially change what we collect or how we use it, we’ll update this page and change the “last updated” date above.

Contact

Heaps Good Studio — support@heapsgood.studio