Skip to main content

Our approach to privacy

NSM is designed to be privacy-first by architecture — not by checkbox. We minimize the personal data we collect, hash everything that could identify a person, and delete data automatically after its useful life.

What data NSM collects

DataWhat we storeFormatRetention
Device fingerprintA hash of browser characteristicsSHA-256 hash30 days
IP address/24 CIDR block (not the full IP)Hashed30 days
Customer emailFor cross-device matchingSHA-256 hashUntil deletion request
Order dataOrder ID, revenue, channel, UTMsPseudonymous2 years
Raw PIINever stored
Key point: We never store email addresses, full IP addresses, names, or any other directly identifiable information in our database. All matching is done on irreversible hashes.

GDPR compliance

NSM is GDPR-compliant as a data processor for your store. Here’s how we fulfill each requirement:

Lawful basis

  • Our tracking is based on legitimate interest (marketing analytics) when consent is not required, or consent when your store requires it via a CMP.
  • When a visitor declines tracking in your consent banner, NSM stops fingerprinting immediately.

Data minimization

  • We collect only the signals needed to create a unique device fingerprint
  • Full IP addresses are never stored — only a /24 CIDR block is used for bucketing
  • Fingerprint data is automatically deleted after 30 days

Data subject rights

Right of access (Article 15) When a customer submits a data access request to your store, Shopify automatically notifies NSM via webhook. We compile all attribution data we hold for that customer and log it. Right to erasure (Article 17) When a customer requests deletion:
  1. Shopify sends NSM a customers/redact webhook
  2. NSM deletes all attribution records for that customer from our database
  3. Fingerprint/session data in ClickHouse is anonymized (visitor IDs are randomized)
Right to erasure — full store (Article 17) When your store is deleted from Shopify:
  1. Shopify sends a shop/redact webhook 48 hours after uninstall
  2. NSM deletes all data associated with your store

Data Processing Agreement (DPA)

A Data Processing Agreement is available at northstarmetric.io/dpa. This agreement is required under GDPR when you use NSM as a data processor.

Your privacy policy

You should update your store’s privacy policy to mention that you use third-party analytics for marketing attribution. Here’s sample language you can adapt:
“We use North Star Metric, a server-side analytics service, to measure the effectiveness of our marketing campaigns. This service uses device fingerprinting (a privacy-safe method that creates an anonymous hash of browser characteristics) to attribute sales to advertising. No personally identifiable information is collected or stored. Fingerprint data is automatically deleted after 30 days. For more information, see northstarmetric.io/privacy.”

Visitor opt-out

Visitors can opt out of tracking in several ways:
  1. Consent banner — Declining analytics/marketing cookies in your store’s consent banner stops NSM tracking
  2. Browser console — Visitors can run NSM_optOut() in the browser console
  3. Contact you — Visitors can request data deletion through your store’s privacy contact
NSM does not use third-party cookies. The tracking script may set a first-party cookie or use localStorage to store a visitor UUID — this is required for session continuity and is covered by the “strictly necessary” or “analytics” category depending on your consent setup.

Data location

All NSM data is stored on servers located in the European Union (Germany). No data is transferred to third countries without appropriate safeguards.

CCPA (California)

NSM does not sell personal data. For CCPA purposes, NSM acts as a service provider processing data on your behalf. Our data practices are consistent with CCPA requirements.

Questions?

For privacy-related questions or to submit a data deletion request, contact support@northstarmetric.io or visit northstarmetric.io/privacy.