Cookie Consent Banner Policies

Welcome to Cookie Consent Banner (the "App"), provided by Sparsim org ("we", "us", or "our"). By installing or using the App in your Shopify store, you agree to the policies on this page, including the Terms of Service and Privacy Policy. If you do not agree, please uninstall the App and discontinue use.

GDPR-aware • CCPA-aware • We do not sell personal information.

We process minimal personal information to operate the App. We act as a processor for merchant store data and may be a controller for data you provide directly (e.g., your account or support communications).

Data We Collect from Your Shopify Store

• Shop Locales (read-only): Shop locale information to display the cookie banner in the appropriate language for your storefront visitors.
• No Protected Customer Data: This App does not access, read, or store any Shopify customer data, orders, or personally identifiable information (PII) from your store.

Data We Store in Our Database

• Shop table:
  • shop (domain identifier)
  • isActive (installation status)
  • createdAt, updatedAt
• BannerSettings table:
  • shopId (foreign key)
  • isEnabled, position, backgroundColor, textColor, buttonBackgroundColor, buttonTextColor, declineButtonEnabled, policyLinkEnabled, consentLifetimeDays
  • translations (JSON object containing banner text for different locales)
• CookieStats table (anonymous analytics):
  • shopId (foreign key)
  • action (ACCEPTED, DECLINED, or IGNORED) and createdAt timestamp

  Important: CookieStats records are completely anonymous. They do not contain any customer identifiers, IP addresses, user agents, or any other personally identifiable information.

Data Collected from Storefront Visitors

The App's JavaScript banner uses browser localStorage to remember visitor consent choices. This data remains entirely in the visitor's browser and is never transmitted to our servers except as an anonymous statistical action (ACCEPTED/DECLINED/IGNORED).

• localStorage key cookieConsent (value: "accepted" or "declined")
• localStorage key cookieConsentExpiry (timestamp)

How We Use Data

• Provide, secure, troubleshoot, and improve the App
• Display cookie consent banners in the appropriate language
• Generate anonymous analytics for merchants about consent trends
• Communicate service notices and support responses
• Meet legal obligations and platform requirements

Sharing

Only with subprocessors listed on this page, or when required by law. We do not sell personal data.

Lawful Bases (GDPR/UK GDPR)

• Contract necessity — provide core app features to your store
• Legitimate interests — secure, debug, and improve the App
• Consent — optional cookies/analytics or marketing, where required

International Transfers

If personal data is transferred outside your region, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and assess the destination's legal environment.

Children's Privacy

The App is not directed to children under 13 (or the applicable age of digital consent). The App does not knowingly collect or process data from children.

Your Rights & Requests

Access, correction, deletion, export/portability, and objection (region-dependent). Email info@spars.im from the store-owner email (or via a Shopify staff account) with your store URL and request type. We may verify identity/control of the store or domain. We aim to respond within 30 days.

Cookie Consent Banner requests minimal permissions necessary to deliver core functionality. We do not request any protected scopes.

Scopes Requested:

• read_locales — Retrieve your store's configured languages to display the banner in the appropriate locale for each visitor.

What We DO NOT Access:

• Customer data
• Order information
• Payment details
• Products or inventory
• Theme files
• Store content (pages, blogs, navigation)
• Any personally identifiable information

• Role: Processor (merchant as Controller)
• Subject: Minimal shop configuration data processed by the App's features
• Duration: While the App remains installed + retention window
• Security: See "Security & Compliance"

• Encryption: TLS in transit; at-rest encryption per provider
• Access: Role-based, least-privilege; MFA for staff; audit logs
• Backups: Regular backups with limited retention
• GDPR webhooks: We implement Shopify's shop/redact webhook. Shop data is deleted within ~48 hours of uninstall or shop/redact, unless earlier deletion is requested and permitted
• Incident response: We notify affected merchants without undue delay

We retain shop configuration data only as long as necessary for the App's provision or as required by law.

• Upon uninstall: we stop processing immediately
• We schedule deletion of shop data within approximately 48 hours
• Anonymous analytics (CookieStats) may be retained for aggregate reporting but contain no identifiable information
• Backups are rotated on a similar schedule (target: 30 days)

We honor Shopify's privacy webhooks (shop/redact) and respond to direct merchant requests for export or deletion.

• No unlawful, harmful, or fraudulent activity
• No collection of sensitive personal data without proper legal basis and safeguards
• No abuse of rate limits, APIs, or attempts to bypass security
• No infringement of third-party intellectual property
• Do not use the App to mislead visitors or violate applicable privacy laws
• Ensure your cookie banner content is accurate and compliant with your jurisdiction's requirements

These Terms govern your access to and use of the App. You represent and warrant that you have the authority to bind the Shopify store that installs the App. You are responsible for your store's content, banner configuration, compliance with applicable privacy and cookie laws.

• License. We grant you a limited, revocable, non-exclusive license to use the App within your Shopify store during your subscription plan term.
• Fees. The App is free to use. We do not charge any fees, subscriptions, or one-time payments through Shopify Billing or any other method. You can uninstall the App at any time, and no charges will be incurred.
• Your Responsibilities.
  • You are responsible for the content of your cookie banner messages
  • You must ensure your banner text complies with applicable privacy and cookie consent laws in your jurisdiction (GDPR, CCPA, ePrivacy Directive, etc.)
  • You must maintain accurate privacy policy links if you choose to include them
  • You are responsible for obtaining valid consent from your visitors where required by law
• Service Changes. We may change, suspend, or discontinue features with reasonable notice. Material changes will be reflected on this page.
• Disclaimer. The App is provided "as is" without warranties; to the extent permitted by law we disclaim implied warranties of merchantability, fitness for a particular purpose, and non-infringement. The App is a technical tool; legal compliance with cookie and privacy laws is your responsibility.
• Liability. To the maximum extent permitted by law, we will not be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenues, data, or goodwill arising from or related to your use of the App. Because the App is provided free of charge, our total aggregate liability for any claim will not exceed the amount you paid to us for the App in the twelve (12) months preceding the claim—typically 0. Nothing in these Terms limits liability that cannot be limited by law (e.g., for fraud or wilful misconduct).
• Governing Law. Laws of Ukraine. Courts of Kyiv have exclusive jurisdiction, except that either party may seek injunctive relief in any court of competent jurisdiction.

Last updated: November 12, 2025

We rely on trusted providers ("subprocessors") to operate the App. This list may change; material changes will be posted here. We do not permit subprocessors to use data for their own marketing.

We may update these policies to reflect new features or legal requirements. We will post updates on this page and adjust the effective date. Continued use of the App after an update constitutes acceptance.