Privacy Policy

1. Introduction

This Privacy Policy describes how GeoMatch ("we", "our", or "us") collects, uses, and discloses information about visitors to merchant storefronts that have installed the GeoMatch app, as well as information about merchants who use the GeoMatch admin interface.

GeoMatch is a Shopify app that displays a geolocation popup on merchant storefronts and offers a translation engine. We are committed to protecting personal data in compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, and other applicable laws.

2. Who we are

GeoMatch is operated by Elarix Medical Ltd, a company registered in England and Wales under company number 16602969, with its registered office at 167-169 Great Portland Street, London, England, W1W 5PF. GeoMatch is a software product developed under the Elarix Dev brand, a software-focused initiative within the Elarix group.

For any privacy-related question, you can contact us at: support@elarixmedical.co.uk

3. Data we collect

We collect two categories of data:

3.1 Visitor data (storefront-side)

• IP address (used briefly to detect the country of origin via a third-party geolocation service; not stored on our servers)
• Country code derived from the IP address (e.g., FR, US, GB)
• An anonymous cookie identifier (random string), stored for 30 days, used solely to avoid showing the popup repeatedly to the same visitor
• Anonymous analytics events: popup shown, popup dismissed, conversion (no personal identifier attached)

We do not collect names, email addresses, phone numbers, payment details, or any other directly identifying information from storefront visitors.

3.2 Merchant data (admin-side)

• Shopify shop domain and shop ID (provided by Shopify when the merchant installs the app)
• App configuration (popup text, colors, enabled countries and languages)
• Translation files uploaded by the merchant (CSV files exported from Shopify Translate & Adapt)

4. How we use data

We use collected data only for the following purposes:

• To detect the country of a storefront visitor and display the relevant popup content
• To remember that a popup has already been shown to a given visitor (cookie)
• To provide aggregated, anonymized analytics to the merchant (popup views, conversions)
• To process translation jobs requested by the merchant via the Translation Engine
• To communicate with the merchant about service updates and support requests

We do not sell, rent, or share personal data with third parties for marketing purposes.

5. Sub-processors

To deliver the GeoMatch service, we rely on the following sub-processors:

• Shopify Inc. (Canada / United States): hosts the app within its platform and provides merchant authentication.
• Fly.io (United States, with European servers in Paris): hosts the GeoMatch backend and database.
• ipapi.co (United States): receives the visitor's IP address from the visitor's browser to return a country code. The IP is not stored by us. Their privacy policy: https://ipapi.co/privacy/
• Anthropic, PBC (United States): processes translation requests through the Claude AI API when a merchant uses the Translation Engine.

6. International data transfers

Some of our sub-processors are located outside the European Economic Area (EEA). When personal data is transferred outside the EEA, we rely on appropriate safeguards as required by the GDPR, in particular the European Commission's Standard Contractual Clauses or equivalent mechanisms.

7. Data retention

• The visitor cookie expires after 30 days.
• Anonymous analytics events are retained for up to 12 months, then aggregated or deleted.
• Merchant configuration data is retained for as long as the app is installed, plus 30 days after uninstall (to allow easy reinstallation).
• Translation job content is retained for up to 30 days after job completion, then deleted.

8. Your rights

Under the GDPR and UK GDPR, you have the right to: access your data, rectify inaccurate data, request deletion, object to processing, request data portability, and lodge a complaint with a supervisory authority (such as the Information Commissioner's Office in the UK or the CNIL in France).

To exercise any of these rights, please contact us at support@elarixmedical.co.uk.

9. Cookies

GeoMatch uses one first-party cookie (geomatch_seen) on storefronts where the app is installed, valid for 30 days, used to avoid showing the popup repeatedly. For details, see our Cookie Policy.

10. Security

We use industry-standard security practices, including HTTPS encryption for all data in transit, server-side authentication, and access controls limited to authorized personnel.

11. Children's privacy

GeoMatch is a tool for Shopify merchants and is not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates the most recent revision. Material changes will be communicated to merchants by email or via the GeoMatch admin interface.

13. Contact

For any question or request regarding this Privacy Policy:
Elarix Medical Ltd
167-169 Great Portland Street, London, England, W1W 5PF
Email: support@elarixmedical.co.uk

Legal entity

Company name: Elarix Medical Ltd
Company number: 16602969
Registered office: 167-169 Great Portland Street, London, England, W1W 5PF
Country of incorporation: England and Wales