Melt Audit Melt Active Pricing Contact Partners Request a Demo →
// Legal

Privacy Policy

Last updated: March 2026

Melt (“we”, “our”, or “us”) operates the Melt Shopify application and the meltsecurity.com website. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1
Data We Collect

When a visitor interacts with a Shopify store that has Melt installed, we collect the following anonymous behavioral telemetry:

  • Mouse movement count and distance
  • Scroll depth and timing
  • Add-to-cart click position (as a percentage of the button area)
  • Session timing signals (time to first click, time to first scroll)
  • Browser signals: user agent string, hardware concurrency, screen resolution, WebDriver flag
  • Cart token (a randomly generated identifier assigned by Shopify - not linked to any customer identity)
  • Product handle and cart value
  • IP address (used only to classify datacenter vs. residential traffic; not stored in identifiable form)
We do not collect customer names, email addresses, postal addresses, payment information, or any other personally identifying information.
2
How We Use This Data

Collected data is used exclusively to:

  • Classify sessions as human or automated (bot detection)
  • Generate weekly intelligence reports delivered to the store merchant
  • Identify patterns of non-human traffic across sessions

We do not sell, share, or disclose this data to any third parties, advertising networks, or data brokers.

3
Data Retention

Telemetry data is retained for a maximum of 90 days from the date of collection, after which it is permanently deleted. Merchants may request early deletion at any time by contacting us at support@meltsecurity.com.

4
GDPR Compliance

Melt fully supports Shopify’s mandatory GDPR webhook requirements:

  • Customer data requests - we acknowledge all requests within 30 days. As we hold no customer PII, there is no personal data to export.
  • Customer data erasure - upon receiving a redact request, we delete all telemetry rows associated with the relevant orders.
  • Shop data erasure - upon uninstallation, all telemetry data and shop records are permanently deleted within 48 hours.
5
Cookies & Tracking

Melt does not use cookies. Our telemetry script uses sessionStorage to count page views within a single browser session; this data is not persisted beyond the session and is never transmitted to a third party.

6
Merchant Data

Merchants who install Melt provide an email address for weekly report delivery. This email is stored securely and used only to send Melt intelligence reports. It is never shared with third parties.

7
Security

All data is transmitted over HTTPS and stored in an encrypted database. Access is restricted to authorised personnel only. Webhook requests from Shopify are verified using HMAC-SHA256 signatures to prevent spoofing.

8
Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to merchants via email or in-app notification. Continued use of the app after such changes constitutes acceptance of the updated policy.

9
Contact

For any privacy-related questions or requests, contact us at:
support@meltsecurity.com