Skip to main content
Bloom does not capture personally identifiable information about your shoppers. Notify Me sign-ups (email or phone) are forwarded directly to your Klaviyo account and your Shopify customer records, and not persisted by Bloom. Storefront tracking events are anonymous - the only identifier is an opaque random UUID kept in browser localStorage if the shopper has accepted marketing cookies via Shopify’s customer privacy banner. This page covers what Bloom captures on its own infrastructure. What’s forwarded to Klaviyo, GA4, GTM, Meta, or Google Ads is already covered by those processors in your existing policy.

What Bloom stores

About your shop

  • Pre-order and Notify Me configuration per variant.
  • Design, content and settings saved in the Bloom admin.
  • Audit log of admin saves and the Shopify staff account that made each change.
  • Billing plan, status and current period.
Shop-scoped. No customer data.

About shoppers

Aggregate event counts per shop, day, product and variant - views, add-to-carts, checkout starts, orders, sign-ups, revenue. No row identifies an individual. Bloom does not store:
  • Shopper email addresses, phone numbers, names or any customer profile data.
  • IP addresses or user agents. Shopper country is derived at the edge to a 2-letter code and device to a mobile/tablet/desktop bucket - neither the raw IP nor the user-agent string is stored.
  • Order line items, shipping addresses, or any other Shopify order content beyond the variant-level pre-order metadata Bloom writes back to Shopify.
  • Notify Me submissions - email and phone pass straight to Klaviyo and your Shopify customer records.

Merchant data

This is data about you and your team - the people who install and use Bloom - not your shoppers. Your shoppers’ personal data is never stored in our CRM or support tools; it stays in your Shopify admin and, for Notify Me sign-ups, your Klaviyo account. What we store about you
  • Name and email of signed-in Bloom users, from your Shopify login.
  • Your shop domain, plan and usage details.
Where it goes
  • HubSpot - our CRM. To manage our relationship with you and exclude existing customers from Good Native’s advertising.
  • Gorgias - our support tool. To handle your support requests.
Lawful basis: legitimate interest. To access or delete this data, email support@goodnative.co.

Storefront events

Bloom tracks the following anonymously on every event - shop domain, event type (e.g. preOrder_view, notifyMe_submit, soldOut_view, backInStock_visit), product and variant ID, currency, market, locale, page type, price, quantity, device type, and shopper country. None of these identify a shopper. If consent is allowed via Shopify’s customer privacy API, Bloom also generates a random browser UUID (clientId) to deduplicate views in the funnel - so 10 page views from the same browser count as 1 viewer, not 10. It persists in that browser’s localStorage and is scoped to your store domain. It is used for nothing else. No profile is built. No PII. Nothing identifiable about the shopper. Full payload:
FieldValuePersonal?
Shop domainyour-store.myshopify.comNo
Event typee.g. preOrder_view, notifyMe_submitNo
Product ID, variant IDShopify global IDsNo
Currency, market, localeShopify contextNo
Page typeproduct, cart, checkout, collection, homeNo
Cart tokenShopify cart cookie valueSession, not person
Client IDRandom browser UUID for dedup, only if consentedAnonymous browser
Price, quantityFor revenue rollupsNo
Country2-letter code from Cloudflare edge geoCoarse, not person
Device typemobile, tablet or desktopCoarse, not person
UTM source/medium/campaignFirst-touch campaign labels, only if consentedNo
Bloom checks Shopify’s customer privacy API before generating the browser UUID:
Shopify.customerPrivacy.userCanBeTracked() === true
If the shopper hasn’t consented, clientId, cart token, and first-touch UTM are omitted - the event still fires with the coarse, non-identifying fields (country, device, market), just without dedup. Bloom inherits your existing Shopify customer privacy banner - no separate consent mechanism needed. When set, the UUID lives in browser localStorage under _bloom_cid and contains no information about the shopper.

Cookies and browser storage

Bloom does not set cookies. It reads Shopify’s own cart cookie to attribute events to a session. Bloom writes to the browser:
  • localStorage._bloom_cid - anonymous browser UUID. Only written when consent allows.
  • localStorage.bloom_messagePlacement - internal preview value. No personal data.
  • sessionStorage.bloom_preorder_config - per-tab cache of public pre-order config. No personal data.
When a shopper arrives from a back-in-stock email, Bloom also stamps a _bloom_bis attribute on the Shopify cart - the landed product and variant ID only, no personal data. It lives and dies with the cart (about two weeks) and is used to attribute the eventual order to the back-in-stock flow.

Notify Me sign-ups

Email or phone goes through Bloom’s worker as a pass-through to your Klaviyo account and your Shopify store. Bloom doesn’t write it to a database, log it, or retain it. Klaviyo and Shopify are the storage points. In Shopify, Bloom finds or creates the customer record and - only when the shopper opts in - sets their email or SMS marketing consent, with the consent timestamp recorded. Consent for marketing is captured on the form and recorded on the Klaviyo profile - see Connect Klaviyo.

Where data lives

  • Cloudflare Workers, D1 and Analytics Engine - Bloom’s app and storage.
  • Shopify - your store, your orders, your customer records. Bloom writes back to Shopify (variant metafields, order metafields, order notes, and Notify Me sign-ups as customer records with marketing consent) but doesn’t store customer records itself.
  • Klaviyo - Notify Me sign-ups only.
  • HubSpot - CRM (merchant contact details).
  • Gorgias - customer support (merchant contact details).

Retention

  • Raw analytics events: 90 days in Cloudflare Analytics Engine.
  • Aggregated daily counts: kept while the app is installed.
  • Configuration, settings, audit log: kept while the app is installed.
  • On uninstall, Shopify fires shop/redact after 48 hours. Bloom hard-deletes every row for the shop.

In your privacy policy

Add or check:
  • Cloudflare as a processor for the Bloom app data layer.
  • Klaviyo as the destination for Notify Me sign-ups (most stores already disclose this).
  • A note that the storefront emits anonymous interaction events, gated on your Shopify customer privacy consent.
You don’t need:
  • A separate consent category for Bloom.
  • A new cookie disclosure - Bloom doesn’t set cookies.
  • A new data subject access route - the standard Shopify customers/data_request and customers/redact flows cover it. Bloom acknowledges both with no data to return.
  • Strictly necessary / transactional - pre-order display, ATC swap, Notify Me form rendering, order tagging, cart messages.
  • Statistics / analytics - storefront events with clientId, cart token, and first-touch UTM. Gated on Shopify customer privacy.
  • Marketing - Notify Me sign-up itself is a shopper-initiated opt-in. Consent is captured on the form and stored in Klaviyo, not Bloom.