Privacy Policy

Last Modified: July 19, 2025

This Privacy Policy explains how Push Capital Ventures Ltd. ("Push Capital Ventures," "we," "us," or "our") collects, uses, shares, and protects personal data processed through our Shopify app Origin UTM Tracking (the "App"). It also describes the rights and choices available to individuals whose data we process and the responsibilities of merchants who install and use the App on their Shopify storefronts.

Privacy and data protection

Origin UTM Tracking is a privacy-first analytics company. We process as little personal data as possible. We never sell or give away private user data.

Your rights

  • You may object to the processing of your personal information.
  • You may request a copy of the information we hold about you.
  • You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.
  • You may request the deletion of any information we hold about you. We cannot delete any information that we are required to process by law.
  • You may request a transfer of your data to another platform.

To exercise these rights, you can contact us by email at contact@pushcapital.io. If you have a complaint about how we handle your data, we would like to hear from you.

How we get your personal data

We process your personal data when you:

  • Communicate with us online
  • Use our products/services
  • Enter into a collaboration with us

We do not rent, buy, or sell personal information to or from third parties.

Scope of This Policy

This Policy applies to:

  1. Personal data processed by the App when installed on a merchant’s Shopify store.
  2. Data we collect from merchants (store owners, staff accounts) who sign up for and configure the App.
  3. Support, billing, and account communications between merchants and Push Capital Ventures.

This Policy does not cover data collected independently by Shopify or by third-party advertising platforms used by the merchant (e.g., Meta Ads, Google Ads). Those parties have their own privacy notices.

Details on processing of personal data

When you communicate with us

Whether you're a customer, vendor, or anyone else, we process the personal data you share when you reach out by email, phone, text, or social media. This typically includes your name, contact details, IP address, and any information you provide. All interactions are logged in our customer-support system.

Why we process it

Our legitimate interest (GDPR Art. 6 (1)(f)) is to answer your inquiries and—when needed—retain a record for complaints or legal claims.

How long we keep it

We review these records during our regular GDPR audits and delete them once they're no longer needed—usually within two years, or up to six years where accounting or other legal obligations apply.

You install the Origin UTM Tracking app onto your store

When you install our app, Shopify shares with us the store details needed to create your account (e-mail, store name/URL, contact email, etc.) and information about the orders on your store. We use this information to provide the service

Why we process it

Our legitimate interest (GDPR Art. 6 (1)(b)) is to deliver the features you requested

How long we keep it

We keep order information while your subscription is active, after you uninstall the app all information is deleted

You receive marketing content

We may (rarely) send existing customers emails containing a promotional element. The personal data we process is your name and email address. You can opt-out of marketing emails at any time by clicking the unsubscribe link in any such email.

Why we process it

Our legitimate interest (GDPR Art. 6 (1)(b)) is to offer our relevant products and services

How long we keep it

We process the data for as long as we have a customer relationship with you or if the processing is based on your consent until you withdraw it.

Our role as a data processor

When you use our app on your storefront, we process data from your website visitors on your behalf. Here, you are the controller of such data, and we are a data processor of yours. We comply with the requirements of GDPR Article 28, such as:

  • Only carry out processing on your behalf and as per your instructions
  • Use sufficient technical and organizational security measures to protect the data we process on your behalf
  • Require our employees to treat your data as confidential
  • Govern this processing by a Data Processing Addendum (DPA)
  • We also engage other (sub)processors as per your general written authorization and will inform you of any intended changes regarding such (sub)processors to object to such changes, should you not agree to them.

Minimal data processing

We process the minimal amount of personal data possible for our app to function. This is (only) the IP address and User-Agent of visitors. This is in line with GDPR; Article 5(1)(c).

IP address and User-Agent are considered personal data under GDPR. The lawful basis for processing is usually consent or legitimate interest. Since the IP address is provided by the internet service provider and not by the user's terminal equipment, we do not consider such information to constitute "information stored in the terminal equipment". IP addresses provided in that manner are therefore outside the scope of Article 5 (3), and the consent requirement will not apply under the ePrivacy Directive (Directive 2009/136/EC). In addition, User-Agent is not accessed from terminal equipment, it is sent to us by your browser, and it's impossible for us not to receive it.

How to contact us

If you have any questions regarding this Privacy Policy please get in touch:

contact@pushcapital.io