> ## Documentation Index
> Fetch the complete documentation index at: https://help.goodnative.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Data and privacy

> Bloom does not capture personally identifiable information about your shoppers.

Bloom does not capture personally identifiable information about your shoppers. Notify Me sign-ups (email or phone) are forwarded directly to **your** Klaviyo account and **your** Shopify customer records, and not persisted by Bloom. Storefront tracking events are anonymous - the only identifier is an opaque random UUID kept in browser localStorage if the shopper has accepted marketing cookies via Shopify's customer privacy banner.

This page covers what Bloom captures on its own infrastructure. What's forwarded to Klaviyo, GA4, GTM, Meta, or Google Ads is already covered by those processors in your existing policy.

## What Bloom stores

### About your shop

* Pre-order and Notify Me configuration per variant.
* Design, content and settings saved in the Bloom admin.
* Audit log of admin saves and the Shopify staff account that made each change.
* Billing plan, status and current period.

Shop-scoped. No customer data.

### About shoppers

Aggregate event counts per shop, day, product and variant - views, add-to-carts, checkout starts, orders, sign-ups, revenue. No row identifies an individual.

Bloom does **not** store:

* Shopper email addresses, phone numbers, names or any customer profile data.
* IP addresses or user agents. Shopper country is derived at the edge to a 2-letter code and device to a `mobile`/`tablet`/`desktop` bucket - neither the raw IP nor the user-agent string is stored.
* Order line items, shipping addresses, or any other Shopify order content beyond the variant-level pre-order metadata Bloom writes back to Shopify.
* Notify Me submissions - email and phone pass straight to Klaviyo and your Shopify customer records.

## Merchant data

This is data about you and your team - the people who install and use Bloom - not your shoppers. Your shoppers' personal data is never stored in our CRM or support tools; it stays in your Shopify admin and, for Notify Me sign-ups, your Klaviyo account.

**What we store about you**

* Name and email of signed-in Bloom users, from your Shopify login.
* Your shop domain, plan and usage details.

**Where it goes**

* **HubSpot** - our CRM. To manage our relationship with you and exclude existing customers from Good Native's advertising.
* **Gorgias** - our support tool. To handle your support requests.

Lawful basis: legitimate interest. To access or delete this data, email [support@goodnative.co](mailto:support@goodnative.co).

## Storefront events

Bloom tracks the following **anonymously** on every event - shop domain, event type (e.g. `preOrder_view`, `notifyMe_submit`, `soldOut_view`, `backInStock_visit`), product and variant ID, currency, market, locale, page type, price, quantity, device type, and shopper country. None of these identify a shopper.

If consent is allowed via Shopify's customer privacy API, Bloom also generates a **random browser UUID** (`clientId`) to deduplicate views in the funnel - so 10 page views from the same browser count as 1 viewer, not 10. It persists in that browser's localStorage and is scoped to your store domain. It is used for **nothing else**. No profile is built. No PII. Nothing identifiable about the shopper.

Full payload:

| Field                      | Value                                               | Personal?           |
| -------------------------- | --------------------------------------------------- | ------------------- |
| Shop domain                | `your-store.myshopify.com`                          | No                  |
| Event type                 | e.g. `preOrder_view`, `notifyMe_submit`             | No                  |
| Product ID, variant ID     | Shopify global IDs                                  | No                  |
| Currency, market, locale   | Shopify context                                     | No                  |
| Page type                  | `product`, `cart`, `checkout`, `collection`, `home` | No                  |
| Cart token                 | Shopify cart cookie value                           | Session, not person |
| Client ID                  | Random browser UUID for dedup, only if consented    | Anonymous browser   |
| Price, quantity            | For revenue rollups                                 | No                  |
| Country                    | 2-letter code from Cloudflare edge geo              | Coarse, not person  |
| Device type                | `mobile`, `tablet` or `desktop`                     | Coarse, not person  |
| UTM source/medium/campaign | First-touch campaign labels, only if consented      | No                  |

### Consent

Bloom checks Shopify's customer privacy API before generating the browser UUID:

```js theme={null}
Shopify.customerPrivacy.userCanBeTracked() === true
```

If the shopper hasn't consented, `clientId`, cart token, and first-touch UTM are omitted - the event still fires with the coarse, non-identifying fields (country, device, market), just without dedup. Bloom inherits your existing Shopify customer privacy banner - no separate consent mechanism needed.

When set, the UUID lives in browser localStorage under `_bloom_cid` and contains no information about the shopper.

## Cookies and browser storage

Bloom does **not** set cookies. It reads Shopify's own `cart` cookie to attribute events to a session.

Bloom writes to the browser:

* `localStorage._bloom_cid` - anonymous browser UUID. Only written when consent allows.
* `localStorage.bloom_messagePlacement` - internal preview value. No personal data.
* `sessionStorage.bloom_preorder_config` - per-tab cache of public pre-order config. No personal data.

When a shopper arrives from a back-in-stock email, Bloom also stamps a `_bloom_bis` attribute on the Shopify cart - the landed product and variant ID only, no personal data. It lives and dies with the cart (about two weeks) and is used to attribute the eventual order to the back-in-stock flow.

## Notify Me sign-ups

Email or phone goes through Bloom's worker as a pass-through to **your** Klaviyo account and **your** Shopify store. Bloom doesn't write it to a database, log it, or retain it.

Klaviyo and Shopify are the storage points. In Shopify, Bloom finds or creates the customer record and - only when the shopper opts in - sets their email or SMS marketing consent, with the consent timestamp recorded. Consent for marketing is captured on the form and recorded on the Klaviyo profile - see [Connect Klaviyo](/bloom/notify-me/connect-klaviyo).

## Where data lives

* **Cloudflare Workers, D1 and Analytics Engine** - Bloom's app and storage.
* **Shopify** - your store, your orders, your customer records. Bloom writes back to Shopify (variant metafields, order metafields, order notes, and Notify Me sign-ups as customer records with marketing consent) but doesn't store customer records itself.
* **Klaviyo** - Notify Me sign-ups only.
* **HubSpot** - CRM (merchant contact details).
* **Gorgias** - customer support (merchant contact details).

## Retention

* Raw analytics events: **90 days** in Cloudflare Analytics Engine.
* Aggregated daily counts: kept while the app is installed.
* Configuration, settings, audit log: kept while the app is installed.
* On uninstall, Shopify fires `shop/redact` after 48 hours. Bloom hard-deletes every row for the shop.

## In your privacy policy

Add or check:

* **Cloudflare** as a processor for the Bloom app data layer.
* **Klaviyo** as the destination for Notify Me sign-ups (most stores already disclose this).
* A note that the storefront emits anonymous interaction events, gated on your Shopify customer privacy consent.

You don't need:

* A separate consent category for Bloom.
* A new cookie disclosure - Bloom doesn't set cookies.
* A new data subject access route - the standard Shopify `customers/data_request` and `customers/redact` flows cover it. Bloom acknowledges both with no data to return.

## Consent classification

* **Strictly necessary / transactional** - pre-order display, ATC swap, Notify Me form rendering, order tagging, cart messages.
* **Statistics / analytics** - storefront events with `clientId`, cart token, and first-touch UTM. Gated on Shopify customer privacy.
* **Marketing** - Notify Me sign-up itself is a shopper-initiated opt-in. Consent is captured on the form and stored in Klaviyo, not Bloom.

## Related

* [Connect Klaviyo](/bloom/notify-me/connect-klaviyo)
* [Plans and billing](/bloom/plans-and-billing)
* [Change history](/bloom/change-history)
