← Home

Privacy Policy

Last updated: May 5, 2026

Lolipop ("Lolipop", "we", "us") is an ecommerce ops audit product operated by Yummy, MB (yummygrow.com). It helps online merchants understand store performance by pulling data from Shopify and third-party analytics platforms, then generating insight reports. This policy explains what we collect, why, and what we do with it.

What we collect

When you connect a data source to Lolipop, we access:

  • Shopify shop data — orders, products, customers, inventory, discounts, price rules, fulfillments, locations, and returns. Accessed via read-only scopes you approve at install.
  • Google Analytics 4 — sessions, users, conversions, on-site search terms, funnels. Read-only via theanalytics.readonly scope you grant via OAuth.
  • Google Search Console — clicks, impressions, CTR, average position, top queries and pages. Read-only via thewebmasters.readonly scope you grant via OAuth.
  • Meta Ads — spend, ROAS, CPM, CTR, frequency, ad and creative metadata. Read-only via the ads_read and business_management scopes you grant via OAuth.
  • Email platforms (Klaviyo / Omnisend) — campaign and automation performance metrics (sends, opens, clicks, attributed revenue, flow status). Read-only API key.
  • Microsoft Clarity — behavioral signals (rage clicks, dead clicks, scroll depth) via the Data Export API.
  • Shop profile — your shop domain, name, and the timestamp at which the shop first appeared in Lolipop.

What we do not collect

We do not collect or store individual customer PII (names, emails, addresses, payment details) as a product feature. Any customer-level data surfaced by Shopify's APIs is used transiently to compute aggregated reports and is not persisted in a customer-identifiable form.

How we use it

  • Generate reports and audits you view inside Lolipop.
  • Send aggregated data to Anthropic's Claude API for analysis. Anthropic does not retain customer data submitted via the API for model training (reference).
  • Operate the service — authentication, billing, error monitoring.

How we store & protect it

Data is stored in a managed PostgreSQL database hosted on Railway (US region). We apply the following safeguards to protect your data, including sensitive data obtained through connected Google, Meta and other third-party APIs:

  • Encryption in transit: all traffic between your browser, our servers, and every third-party API is encrypted with TLS 1.2 or higher.
  • Encryption at rest: the database is encrypted at rest, and OAuth access and refresh tokens are additionally encrypted with application-level keys before they are stored.
  • Read-only access: every data-source connection uses read-only OAuth scopes. Lolipop reads your data to answer questions and produce reports — it can never modify, post, or delete anything in your connected accounts.
  • Access control & least privilege: access to production systems is restricted to authorized personnel using individual credentials. We do not access the contents of your connected-account data except where strictly necessary to operate the service or to provide support that you request.
  • Token revocation: disconnecting a source or uninstalling the app revokes the relevant OAuth token and stops all further access immediately.

Google user data & Limited Use

Lolipop's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Data accessed through the Google Analytics (analytics.readonly), Search Console (webmasters.readonly), and Google Ads (adwords) scopes is used solely to provide and improve the user-facing analytics features you request. We do not transfer this data except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger or acquisition; we do not use it for advertising; we do not sell it; and we do not use it to train generalized or third-party AI/ML models.

Who we share with

We do not sell your data. We share data only with subprocessors strictly necessary to operate the service:

  • Railway — hosting and database.
  • Anthropic — report generation (Claude API).
  • Shopify / Google / Meta / Klaviyo / Omnisend / Microsoft — read-only API access to data you authorize.

Retention & deletion

  • Disconnect: when you disconnect a data source in Lolipop, we revoke the relevant token and stop accessing that source.
  • Shopify uninstall: when you uninstall the Shopify app, we stop accessing your Shopify data. Shopify sends us a shop/redact webhook ~48 hours later; at that point we hard-delete all your shop's data from our database.
  • On request: email juras@yummygrow.com to request earlier deletion.
  • Customer data requests: Shopify's customers/data_request and customers/redact webhooks are received and logged; we process them per GDPR/CCPA requirements.

Your rights (GDPR / UK GDPR / CCPA)

If you are a resident of the EU, the UK, or California, you have specific data-protection rights under GDPR (EU/UK) and CCPA (California). Below is what each right gives you and how to exercise it.

Right of access

You can request a copy of all personal data we hold about you. We provide this within 30 days as a structured JSON export covering: your User record, the Shop(s) you have access to, your ShopMembership records, your conversation history with Lolipop, your action items, and the structured data Lolipop has pulled from your connected data sources during your active use.

Right to rectification

If any personal data we hold is inaccurate, you can ask us to correct it. For the most common cases (email, name) you can fix this yourself from the Settings page. For anything else, email us.

Right to erasure ("right to be forgotten")

You can request deletion of all your personal data. Our process:

  • We acknowledge your request within 5 business days and confirm identity.
  • Within 30 days, we hard-delete: your User record, your ShopMembership rows, your conversation history, your action items, your shop_memory entries, and the structured Shopify / GA4 / GSC / Meta / Klaviyo / Omnisend / Clarity data that Lolipop has pulled into our database.
  • Encrypted OAuth refresh tokens are deleted at the moment of the request (faster than 30 days) — within 24 hours.
  • Anonymised aggregate usage metrics (which Lolipop uses to monitor service health) are retained but contain no personal identifier.
  • If you are the only member of a Shop, deletion of your User record cascades to the Shop's data unless other members exist. If other members exist, only your User record + your specific conversation history is deleted; the Shop's shared data survives for the other members.

Right to data portability

Same mechanism as access — we deliver your data as a structured JSON file that can be imported into another system.

Right to object / restrict processing

You can ask us to stop processing your data while we investigate an objection. For Lolipop this typically means: we stop running the weekly brief and the chat agent against your shop's data until the objection is resolved. We keep the data but don't process it.

Automated decision-making

Lolipop uses AI (Claude by Anthropic) to generate insights and recommendations from your data. These are advisory only — no automated decisions are made that have legal or significant effects on you. You always have full control over whether to act on Lolipop's recommendations.

How to exercise these rights

Email juras@yummygrow.com from the email address you used to sign up. Include "GDPR request" or "CCPA request" in the subject. We will respond within 30 days.

Right to complain

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the supervisory authority in your country of residence. For EU residents, you can find your supervisory authority at edpb.europa.eu. For UK residents, the ICO at ico.org.uk. For California residents, the California Attorney General's office.

Data retention

Specific retention windows we apply:

  • Active customers: data is retained for the duration of your subscription plus 90 days for billing reconciliation.
  • Cancelled / uninstalled: encrypted OAuth tokens are deleted immediately on uninstall. Other data is retained for 30 days in case of reinstall, then hard-deleted.
  • Conversation history: retained for the duration of your subscription, deletable on request.
  • Brief + audit history: retained for 12 months for trend analysis; aggregated thereafter.
  • Usage logs: 90 days for service-quality monitoring; aggregated thereafter.
  • Billing records: retained for 7 years as required by tax law in our jurisdictions.

Changes to this policy

If we materially change this policy, we will notify users in-app and via email before the change takes effect.

Contact

Privacy questions: juras@yummygrow.com
Data controller: Yummy, MB (operator of Lolipop)

Terms of Service →