TY Bridge migrates Shopify pixels and ad platform
signals (including Meta, GA4, TikTok, and Google Ads)
while honoring customer consent. This policy explains
what information we collect, how we use it, and the
controls you have.
Who we are
TY Bridge (“we”, “us”, or “our”) is operated by eCom
in motion, a company established in Sweden and
located at Salongsgatan 24G, 21116 Malmoe. We
provide a consent-aware server-side event
orchestration service for Shopify merchants. We are
the data controller for information we collect about
visitors to this marketing site, prospective
customers, and merchant administrators who sign into
the TY Bridge console. When we handle customer data
on behalf of a merchant—such as end-customer events
routed to ad platforms—we act as the merchant’s data
processor.
Data we collect
Shopify account data. Store
URL, contact details, installed apps,
permissions, and billing preferences supplied by
Shopify during the OAuth install process.
Merchant administrator information.
Names, email addresses, and login metadata
provided when your team accesses the TY Bridge
admin console.
Support communications.
Messages, attachments, or troubleshooting
details you send to
support@ecominmotion.com.
Pixel and vanity domain
configuration.
Event schemas, consent rules, and domain
settings entered within the product.
End-customer event payloads.
Consent-aware event data that you instruct TY
Bridge to process and transmit to destinations
like Meta, GA4, TikTok, and Google Ads. By
default we strip or hash personal identifiers
when consent is absent, consistent with your
configuration.
Usage telemetry. Aggregated
logs, performance metrics, and error diagnostics
generated by our Cloudflare Workers, D1, and
Queues infrastructure.
Fallback relay payloads. If
Cloudflare experiences an incident, purchase events
may be briefly proxied through a Vercel function
that immediately forwards them to Cloudflare
Queues. The same HMAC signature used by the pixel
is re-verified downstream.
Security and operational logs.
Request metadata, firewall decisions, and edge
observability traces that help us defend the
service, monitor relay health, and investigate
abuse while limiting the personal data captured.
Marketing site analytics.
Pseudonymous usage data captured via
privacy-respecting analytics tools to understand
page performance. We do not use third-party
advertising cookies on this site.
How we use data
Provision and secure your TY Bridge account,
including Shopify OAuth flows and vanity domain
issuance.
Process consent-aware event payloads and deliver
them to the channels you configure (e.g., Meta,
GA4, TikTok, Google Ads).
Monitor system health, detect abuse, and
troubleshoot performance issues.
Provide product support, respond to questions,
and send operational notices.
Send product updates or onboarding guidance
where permitted. You can opt out at any time.
Comply with legal obligations and enforce our
agreements.
Legal bases
If you are based in the European Economic Area,
United Kingdom, or Switzerland, we process personal
data under the following legal bases:
Contract. To provide TY Bridge
according to our agreements with you or your
organization.
Legitimate interests. To
improve and secure the service, prevent fraud,
and market relevant features to existing
customers.
Consent. Where you have granted
consent, such as receiving optional marketing
communications.
Legal obligations. To meet
regulatory requirements, including responding to
lawful requests from authorities.
Retention
We keep personal data only as long as necessary for
the purposes described above. Merchant event
payloads are retained in operational logs for up to
90 days before automatic deletion. Configuration
records, billing history, and contractual
documentation are stored for the lifetime of the
account and any statutory retention periods that
follow. When retention periods end, we delete or
irreversibly anonymize the data.
Security controls
TY Bridge relies on Cloudflare Workers, D1, Queues,
and R2 to run the platform. We enforce Cloudflare
WAF rules, rate limits, and TLS enforcement,
maintain strict Content Security Policies, monitor
request patterns through edge logging, and protect
secrets with Cloudflare’s encrypted storage. Event
payloads and identifiers are hashed or encrypted
before we persist them.
How we share information
Service providers. We rely on
vetted vendors such as Shopify (for app
distribution and billing), Cloudflare (for
hosting, Workers, D1, Queues, and security),
and email tooling to deliver TY Bridge. During a
Cloudflare incident, a Vercel-hosted fallback
relay may forward signed pixel payloads straight
into Cloudflare Queues for durability; payloads
are not stored on Vercel.
Marketing and analytics tools.
Limited to first-party or privacy-focused
providers that do not resell or repurpose your
data.
Law enforcement and compliance.
We disclose information when required by law or
to protect our rights and the rights of others.
Business transfers. If we
undergo a merger, acquisition, or asset sale,
data may be transferred with appropriate
safeguards.
We do not sell personal data or share it with third
parties for their independent advertising purposes.
Cookies & similar technologies
TY Bridge uses essential cookies and local storage
to keep you authenticated in the admin console and
protect against fraud. We may deploy analytics
cookies to understand aggregated usage, but we
disable advertising identifiers and never track
visitors across unaffiliated sites. You can adjust
cookie settings through your browser. Blocking
essential cookies may prevent portions of the
product from functioning.
Security
We secure TY Bridge with encryption in transit and
at rest, granular access controls, and continuous
monitoring through Cloudflare’s edge platform.
Production secrets are stored using dedicated secure
vaults, and access to customer data is limited to
personnel who require it to deliver support or
maintain the service. While no system is perfectly
secure, we regularly review our controls and follow
industry best practices to protect your information.
International transfers
TY Bridge operates from Sweden and relies on
Cloudflare infrastructure located in the European
Union, the United States, and other global regions.
Whenever personal data is transferred outside the
European Economic Area, including to the United
States, we rely on the European Commission’s
Standard Contractual Clauses or other legally
recognized safeguards and assess vendor practices for
compliance with applicable privacy laws.
Your privacy choices
Depending on where you live, you may have rights to
access, correct, delete, or export your personal
data, as well as to object to or restrict certain
processing. Merchants who integrate TY Bridge remain
responsible for honoring their end-customer
requests. To exercise your rights with respect to
data we control, contact us using the details below.
We will respond in line with applicable laws.
Contact us
For questions about this policy or to submit a
privacy request, email
support@ecominmotion.com. You can also write to us at eCom in motion,
Attn: Privacy, Salongsgatan 24G, 21116 Malmoe,
Sweden.
We may update this policy as our product evolves.
When we make material changes, we will post a notice
here and, if appropriate, notify account owners by
email.