Privacy Policy

Last updated: April 2, 2026

Introduction

This Privacy Policy describes how KeywordROI, operated by iMarket LLC doing business as WPAppDev ("we," "us," or "our"), collects, uses, protects, and handles your data when you use our Shopify application and related services.

What data we collect

KeywordROI collects the following categories of data:

Shopify store data: Order information (order IDs, amounts, dates, UTM parameters, customer email addresses) for the purpose of ad attribution analysis. We access this data through Shopify's authorized API using OAuth credentials you grant during installation.

Google Ads data: Campaign and keyword performance metrics (impressions, clicks, cost, conversions) retrieved through the Google Ads API using OAuth 2.0 authorization that you grant. We request only read-only access to advertising performance data. We do not access or modify your ad campaigns, billing information, or any other Google account data.

Microsoft Ads data: Campaign and keyword performance metrics retrieved through the Microsoft Advertising API using OAuth 2.0 authorization that you grant.

Account information: Your email address and store URL provided during registration.

Usage analytics: Basic, anonymized usage analytics (page views, feature usage) to improve the app experience.

How we use your data

Your data is used solely to provide keyword-level ad attribution analysis. We match your Shopify order data with your ad platform performance data to calculate true return on ad spend (ROAS) at the campaign and keyword level. We do not use your data for any other purpose.

Specifically, we do not:

  • Sell, rent, or trade your data to any third parties
  • Use your data for advertising, profiling, or marketing purposes
  • Use your data to train machine learning or AI models
  • Share your data with any third-party analytics or data broker services
  • Transfer your data outside of the services described in this policy
How we protect your data

We implement the following technical and organizational measures to protect your data:

Encryption in transit: All data transmitted between your browser, our servers, and third-party APIs (Shopify, Google Ads, Microsoft Ads) is encrypted using TLS 1.2 or higher (HTTPS). No data is ever transmitted in plain text.

Encryption at rest: Our database servers use encrypted storage volumes. OAuth tokens and API credentials are stored in an encrypted database and are never exposed in logs, URLs, or client-side code.

Access controls: Access to production servers and databases is restricted to authorized personnel only, secured with SSH key-based authentication. There is no shared or public access to the infrastructure that stores your data.

Credential security: OAuth refresh tokens for Google Ads and Microsoft Ads are stored securely on the server side. We never store or log your Google or Microsoft account passwords. Access tokens are short-lived and refreshed automatically using industry-standard OAuth 2.0 flows.

Tenant isolation: Each merchant's data is logically isolated using unique tenant identifiers. Queries are scoped to your tenant, ensuring you can only access your own data.

Minimal data access: We request only the minimum API scopes necessary to retrieve advertising performance data. For Google Ads, we request read-only access to ad performance reports. We do not request access to modify campaigns, access billing, or read personal information beyond what is needed for authentication.

Data sharing

We do not sell, share, or transfer your data to any third parties. Your data remains within our secure infrastructure. The only external services that process your data are:

  • Shopify: To retrieve your order data via their authorized API
  • Google Ads API: To retrieve your advertising performance data
  • Microsoft Advertising API: To retrieve your advertising performance data

These services are accessed using OAuth 2.0 credentials that you authorize, and data flows only from these platforms into KeywordROI — we do not write data back to any external platform.

Data retention

Your data is retained for as long as your KeywordROI account is active. If you uninstall the app from Shopify, we delete all of your data (orders, ad metrics, credentials, and account information) within 48 hours, in compliance with Shopify's data protection requirements. You may also request immediate data deletion at any time by contacting us.

Your rights

You have the right to:

  • Request a copy of all data we store about you
  • Request correction of any inaccurate data
  • Request deletion of your data at any time
  • Revoke API access by disconnecting your ad accounts from the Settings page or by uninstalling the app
  • Withdraw consent at any time by uninstalling KeywordROI from your Shopify store

For GDPR, CCPA, or any other data protection requests, contact us at the address below.

Google API Services — Limited Use Disclosure

KeywordROI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google Ads data to provide and improve the ad attribution features of KeywordROI. We do not use Google user data for serving advertisements or for any purpose other than providing the KeywordROI service.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the app. Your continued use of KeywordROI after changes are posted constitutes acceptance of the updated policy.

Contact

iMarket LLC, doing business as WPAppDev
Columbia, MO, United States
keywordroi@wpappdev.com