Privacy Policy

Last updated: February 2026

1. Introduction

ConsentLite ("the App") is developed by Swedish Developer ("we", "us"). This privacy policy explains how the App handles data when installed on a Shopify store.

2. Data we collect from merchants

When you install ConsentLite, we access the following Shopify data:

• Shop domain and name (to identify your store)
• Theme information (to display the cookie banner)

We store the following data on our servers:

• Your app settings (banner text, colors, Google Analytics ID)
• Cookie category definitions
• Consent log records (visitor consent events)

3. Data collected from store visitors

ConsentLite does NOT collect personal data from your store visitors. Specifically:

• No IP addresses are stored
• No names or email addresses are collected
• No browsing behavior is tracked

The App stores the following non-personal data:

• A random visitor ID (generated locally, not linked to any personal data)
• The consent action taken (accept all, reject all, or custom selection)
• Cookie categories consented to
• Timestamp and browser user agent
• Consent version number

This data is stored solely for GDPR audit trail purposes.

4. Google Analytics and Google Ads

If configured by the merchant, ConsentLite loads Google Analytics and/or Google Ads scripts ONLY after a visitor gives consent. Before consent, no Google scripts are loaded and no data is sent to Google.

The App implements Google Consent Mode v2 to communicate visitor consent preferences to Google services. For information about how Google processes data, see:

• Google Analytics Terms of Service
• Google Privacy Policy

5. Third-party services

ConsentLite connects to the following external services:

• Google Tag Manager / Analytics (googletagmanager.com): Loaded only after visitor consent. Used to provide analytics tracking as configured by the merchant. See Google's Privacy Policy.
• ConsentLite API (consentlite.fly.dev): Our own server that stores app settings and consent logs. Hosted on Fly.io in Stockholm, Sweden (EU).

6. Data retention

• App settings: Retained while the App is installed. Deleted upon uninstallation.
• Consent logs (Free plan): Retained for 30 days, then automatically deleted.
• Consent logs (Pro/Business): Retained for up to 5 years as required by GDPR audit requirements.

Upon app uninstallation, all merchant data is deleted within 48 hours.

7. Data location

All data is stored on servers located within the European Union (Neon PostgreSQL via AWS eu-central region, Fly.io Stockholm).

8. GDPR compliance

We process merchant data as a Data Processor under GDPR. Merchants remain the Data Controller for their store visitors. The App helps merchants fulfill their GDPR obligations by:

• Obtaining explicit consent before setting non-essential cookies
• Providing granular consent controls
• Maintaining audit-ready consent logs
• Implementing Google Consent Mode v2

9. Contact

For questions about this privacy policy or data handling:

• Email: support@swedev.eu
• Website: https://swedev.eu