Privacy Policy

Last updated: December 23, 2025

Introduction

This policy ("Privacy Policy") describes how Kevin Henrich, trading as Henrich Digital ("MOJO", "we", "us" and/or "our") may collect, use, disclose, and otherwise process user data when you visit our website or use our application and associated platforms (our "Application" and together with any website, our "Services").

CCPA NOTICE: We adopt this notice to comply with the California Consumer Privacy Act of 2018 and all amendments ("CCPA"). Any terms defined in the CCPA have the same meaning when used in this Privacy Policy.

GDPR NOTICE: As a data controller established in the European Union (Germany), we comply with the General Data Protection Regulation (GDPR). If you are located in the European Economic Area, United Kingdom, or Switzerland, you have certain rights regarding your personal data as described in this policy.

This Privacy Policy applies to information we collect:

On our Services.
In email, text, and other electronic communications between you and our Services.
Through the Shopify application and associated integrations.

This Privacy Policy does not apply to information collected by:

Us offline or through any other means, except as otherwise provided through our Services.
Any third party, including through non-MOJO applications or content (including advertising) that may link to or be accessible from or on our Services.

Please review this Privacy Policy carefully. By accessing or using our Services, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to This Privacy Policy). Your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

If you do not agree to this Privacy Policy or our practices, do not access or use our Services.

Information We Collect

The term "Personal Information" in this Privacy Policy refers to information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.

Information from Shopify APIs

With your consent, upon installing MOJO from the Shopify App Store, we send and receive certain data to and from your Shopify storefront using the Shopify GraphQL Admin API and Webhooks, specifically:

Theme Object: Theme names and template files (to enable A/B testing of templates)
Assets Object: Theme assets and files (to create and manage test variants)
Products Object: Product titles and handles (for targeting configuration)
Orders Object: Order totals and timestamps (for conversion tracking and revenue attribution)

MOJO is unable to function without access to the Shopify Admin API objects listed herein. The data collected from Shopify's APIs does not include personally identifiable information related to any end customer, specifically: a customer's first name, last name, email address, phone number, or street address.

Information Collected Directly from Merchants

When you install and use our Application, we collect:

Account Information: Your Shopify store credentials are used for authentication via Shopify OAuth. We do not store your Shopify password.
Store Information: Your store name, domain, and Shopify plan.
Test Configurations: Settings you create for A/B tests, including test names, descriptions, traffic splits, targeting rules, and scheduling preferences.
Billing Information: Subscription plan selection. Payment processing is handled entirely by Shopify; we do not store credit card information.
Communications: Records of support requests and communications with us.

Information Collected from Store Visitors

To provide A/B testing and analytics services, we collect the following information from visitors to your store:

Visitor Identifier: A randomly generated, anonymized identifier stored in a first-party browser cookie to ensure consistent test experiences across sessions.
Page Views: Pages visited on your store during A/B tests.
Conversion Events: Add-to-cart actions, checkout initiations, and completed purchases.
Device Information: Device type (desktop, mobile, tablet) and browser type.
Visitor Type: Whether the visitor is new or returning.
Traffic Source: General traffic channel (direct, organic, paid, social, email, referral).

We do NOT collect from store visitors:

Names, email addresses, or other personally identifiable information
Payment or credit card information
Precise geolocation data
Data from pages not involved in active A/B tests

Information Collected Automatically

As you navigate through and interact with our Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

Traffic data and location data (based on IP address)
Log data including IP addresses, browser type, operating system, and device information
Usage data such as pages visited, time spent, and actions taken within our Application

For the purposes of the CCPA, in the past 12 months, we have collected the following categories of personal information: identifiers; personal information listed in the California Customer Records statute; Internet or other electronic network activity information; commercial information; and inferences drawn from other personal information.

How We Use Personal Information

We use information that we collect about you or that you provide to us, including any Personal Information, to:

Provide A/B Testing Services: Assign visitors to test variants and ensure consistent experiences.
Generate Analytics: Calculate conversion rates, revenue impact, and statistical significance for your tests.
Operate and Maintain Services: Provide the features and functionality of our Application.
Improve Our Services: Analyze usage patterns to enhance app functionality and performance.
Communicate with You: Send important updates about your account, respond to support requests, and provide customer service.
Marketing Communications: With your consent, send you information about products, services, or promotions we believe may interest you. Each marketing communication will contain instructions permitting you to "opt-out" of receiving future marketing communications.
Personalize Experiences: Deliver content and product offerings relevant to your interests.
Maintain Security: Help maintain the safety, security, and integrity of our Services.
Legal Compliance: Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including our Terms of Service.

We do NOT:

Sell your data or your customers' data to third parties
Use merchant customer data for advertising purposes
Share data with third parties for their own marketing purposes

Data Retention

We retain Personal Information for as long as reasonably necessary to maintain our relationship and provide you with our Services; to comply with our legal and contractual obligations; or to protect ourselves from potential disputes.

Test and Analytics Data

We retain test and analytics data according to your subscription plan:

Plan	Data Retention Period
Starter	7 days
Growth	30 days
Pro	Unlimited
Business	Unlimited

After the retention period, event data is automatically deleted.

Account Data

When you uninstall the Application, we retain your data for 30 days in case you reinstall. After 30 days, all data associated with your account is permanently deleted.

Requesting Deletion

You may request deletion of all your data at any time by contacting us at support@mojo-ab.com. We will process your request within 30 days.

Disclosure of Your Information

We may disclose your Personal Information in the following circumstances:

Service Providers

We may employ third parties and service providers to provide services on our behalf. We may share your information with service providers for purposes such as:

Cloud hosting and data storage (Supabase, Amazon Web Services)
Analytics services
Customer support tools

These service providers are prohibited from using your Personal Information except for these purposes, and they are required to maintain the confidentiality of your information.

Third-Party Widgets

If you interact with third-party widgets or social media features on our Services, these widgets may collect information and set cookies. Your interactions with such features are governed by the privacy policies of those third parties.

Legal Requirements

We may disclose your Personal Information if required to do so by law or in the good faith belief that such action is necessary to:

Comply with a legal obligation or applicable law, court order, or governmental regulation
Enforce or apply our Terms of Service and other agreements
Protect the rights, property, or safety of MOJO, our customers, or others

Business Transfers

We may disclose Personal Information in connection with a merger, acquisition, or sale of assets, in which personal information held by us about our Services users may be among the assets transferred.

We Do Not Sell Personal Information

We do not sell or share personal information as such terms are defined by CCPA.

Cookies and Tracking Technologies

What We Collect

As you navigate through and interact with our Services, we may use automatic data collection technologies including:

Cookies

A cookie is a small file placed on the hard drive of your computer. We use the following types of cookies:

Strictly Necessary Cookies: These cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how our Services function.
Personalization Cookies: These enable our Services to remember information that changes the way the service behaves or looks, like your preferred settings.
Analytical/Performance Cookies: These cookies allow us to recognize and count the number of visitors to our Services, and to see how visitors move around when they are using them. This helps us improve the way our Services work.
Marketing Cookies: These cookies record your visit to our Services, the pages you have visited, and the links you have followed. We use this information to make our Services and advertising more relevant to your interests.

Web Beacons

Pages of our Services and email communications may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us to track traffic on our Services.

Third-Party Tracking

We use the following third-party services that may collect information about you:

Google Analytics: For website and application usage analytics
Google Ads: For conversion tracking and remarketing
Meta Pixel (Facebook): For conversion tracking and remarketing

These third parties may use cookies, alone or in conjunction with other tracking technologies, to collect information about you when you use our Services. They may use this information to provide you with interest-based advertising.

Your Choices About Cookies

You can set your browser to refuse cookies or to alert you when cookies are being sent. However, if you disable cookies, some parts of our Services may not function properly.

To opt out of interest-based advertising:

In the United States: visit www.aboutads.info/choices or www.networkadvertising.org/choices
In the European Economic Area: visit www.youronlinechoices.com
In Canada: visit www.youradchoices.ca

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Specifically:

Data Storage: Your data is stored on secure cloud infrastructure provided by Supabase (hosted on Amazon Web Services) in the United States.
Data Controller Location: We are established in Germany (European Union).

If you are located in the European Economic Area, United Kingdom, or Switzerland, please note that your data will be transferred to the United States. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable.

By using the Services or by providing any personal or other information to us, you consent to such transfer and processing.

Your Privacy Rights and Choices

Depending on your location, you may have certain rights regarding your Personal Information:

For All Users

Access: Request a copy of the data we hold about you.
Deletion: Request deletion of your data.
Correction: Request correction of inaccurate data.
Opt-Out of Marketing: Unsubscribe from marketing emails at any time.
Uninstall: You can uninstall the Application at any time to stop data collection.

For European Users (GDPR)

If you are located in the EU, UK, or Switzerland, you additionally have the right to:

Request data portability (receive your data in a portable format)
Restrict or object to processing of your data
Withdraw consent at any time (where processing is based on consent)
Lodge a complaint with your local data protection authority

Legal Bases for Processing: We process your Personal Information based on:

Contract: To perform services you have requested
Consent: Where you have given consent (which you may withdraw at any time)
Legal Obligation: To comply with applicable laws
Legitimate Interests: For our legitimate business interests, such as improving our Services, provided these interests do not override your rights

For California Residents (CCPA)

If you are a California resident, you have the right to:

Know what personal information we collect about you
Request deletion of your personal information
Opt out of the sale of personal information (note: we do not sell personal information)
Non-discrimination for exercising your rights

To exercise any of these rights, please contact us at support@mojo-ab.com. We will respond to your request within the applicable statutory period (generally 30-45 days).

Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. We will not:

Deny you goods or services
Charge you different prices or rates for goods or services
Provide you a different level or quality of goods or services
Suggest that you may receive a different price or rate or different level of quality

Data Security

We take reasonable steps to protect your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction, including:

Encryption of data in transit (TLS/SSL)
Encryption of data at rest
Access controls limiting data access to authorized personnel
Regular security assessments

However, no application, Internet, or email transmission is ever fully secure or error-free, and we do not guarantee the security of any Personal Information. You are also responsible for ensuring that your account credentials are protected.

Children's Privacy

Our Services are intended for use by businesses and are not directed at children under 18 years of age. We do not knowingly collect Personal Information from children under 18. If we learn we have collected Personal Information from a child under 18, we will delete that information. If you believe we have collected information from a child, please contact us at support@mojo-ab.com.

Changes to This Privacy Policy

We may make changes to this Privacy Policy from time to time. We will post all changes on this page with a new "Last updated" date. For material changes, we may also notify you by email or through our Application. Your continued use of our Services after changes are posted constitutes your acceptance of the updated policy.

How to Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Kevin Henrich / Henrich Digital

Rhabanusstraße 20

55118 Mainz

Germany

Email: support@mojo-ab.com

This Privacy Policy is provided to help you understand how MOJO handles data. For legal advice specific to your situation, please consult with a qualified attorney.