This Privacy Policy describes how Nivk ("we," "us," or the "Operator") processes information when you use Shopify Check at https://check.nivk.com (the "Site") and the associated domain analysis feature (the "Service"). Before publication, insert your full legal entity name, registered address, and data protection contact details, and have this Policy reviewed by qualified counsel.
By using the Service, you acknowledge this Policy. If you do not agree, please do not use the Service. We may update this Policy from time to time; the "Last updated" date reflects the latest version.
1. Who is responsible?
The Operator is the controller of personal data processed in connection with operating the Site and the Service, unless stated otherwise (for example, where a subprocessor processes data solely on our instructions). Contact for privacy inquiries: privacy@nivk.com. Replace with your designated privacy inbox if different.
2. Summary of the Service
You submit a domain (or a URL we normalize to a domain). Your browser sends that input to our server API. We forward the domain and a canonical URL (typically https:// plus your domain) to an automated workflow hosted with our automation provider (n8n Cloud or a webhook URL you configure). That workflow retrieves and analyzes publicly available technical information from the target website to produce a result (for example, Shopify detection, signals, theme-related hints). The result is returned to your browser. We do not require you to create an account to use the current Service.
3. Categories of data we process
3.1 Domain and URL you submit
We process the domain string (and derived canonical URL) that you enter. This may be considered personal data only in limited circumstances (for example, if the domain identifies a natural person). In most cases it identifies a business or a public website. We use this data solely to perform the analysis you requested and to secure and operate the Service.
3.2 Technical and usage data from your visit
When you interact with the Site or our API, our hosting provider and infrastructure may automatically collect technical data such as IP address, approximate location derived from IP, user agent, request timestamps, HTTP status codes, referrer headers (if sent by your browser), and similar server logs. We (or our providers) may use this information for security, abuse prevention, troubleshooting, capacity planning, and compliance.
3.3 Error and diagnostic data
If something fails (for example, a timeout contacting the workflow or an unexpected response), limited diagnostic information may be logged by our application or hosting environment to help us fix issues. Avoid submitting sensitive personal information in the domain field; it is not needed for the Service.
3.4 Cookies and similar technologies
The current Site is designed to work without non-essential tracking cookies. Your browser may still store essential technical data as part of normal HTTP operation. If we add analytics or marketing cookies in the future, we will update this Policy and, where required, obtain consent before using non-essential cookies.
3.5 Data we do not intentionally collect
We do not ask for your name, email, or payment details to use the basic Service. We do not seek to access password-protected merchant admin data, private customer databases, or other non-public resources on third-party sites. The workflow operates on public signals only.
4. Purposes and legal bases (EEA, UK, and similar jurisdictions)
Where the GDPR or UK GDPR applies, we rely on the following legal bases:
- Performance of a contract / steps prior to a contract: Processing your submitted domain and returning results when you use the Service at your request.
- Legitimate interests: Securing the Site, preventing abuse and fraud, improving reliability, understanding aggregate usage, and defending legal claims, where not overridden by your rights.
- Legal obligation: Processing where required by applicable law (for example, responding to lawful requests from authorities).
For jurisdictions that use a different framework, we process information as necessary to provide the Service and for the purposes described in this Policy, in line with applicable law.
5. Subprocessors and recipients
We use trusted service providers who process data on our behalf under contractual safeguards. Depending on how you deploy the Site, this may include:
- Hosting / edge platform: The server that runs the Next.js application (for example, Railway, Vercel, or another host you configure) receives API requests and may log technical data as described above.
- Automation / workflow: The check request is forwarded to a webhook endpoint (by default, n8n Cloud). That provider processes the payload (including domain and URL) to execute the detection workflow and may log operational data under its own terms and security practices.
- Detection API (optional): Your deployment may call a separate detector API for theme or platform analysis. That service may receive the domain or related parameters and process them according to its own configuration.
Update this section with the exact legal names of your subprocessors, links to their privacy documentation, and the regions where data is processed once your production stack is finalized.
6. International transfers
Our subprocessors may process data in the United States, the European Economic Area, the United Kingdom, or other regions. Where we transfer personal data from the EEA, UK, or Switzerland to countries not deemed adequate by the relevant authority, we will implement appropriate safeguards (such as Standard Contractual Clauses) as required by law, unless a specific derogation applies.
7. Retention
Retention depends on your hosting logs, workflow logs, and detector configuration. As a general rule: server logs may be retained for a limited period for security and troubleshooting; workflow providers may retain execution logs according to their settings; we do not intend to build a long-term database of every domain checked unless you configure systems to do so.
Document your actual retention periods for each environment and reflect them here after review.
8. Security
We implement reasonable technical and organizational measures appropriate to the nature of the Service, including HTTPS for browser traffic, server-side forwarding of workflow calls (so webhook URLs are not exposed to the browser), and reliance on reputable hosting and automation providers. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.
9. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, or object to certain processing of your personal data, and to data portability. You may also have the right to lodge a complaint with a supervisory authority. To exercise rights, contact privacy@nivk.com. We may need to verify your request as permitted by law.
Where processing is based on consent (if we rely on consent for specific features in the future), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
10. California and U.S. state privacy notices (summary)
If California or other U.S. state privacy laws apply, we provide this Policy to describe our practices. We do not "sell" or "share" personal information for cross-context behavioral advertising as those terms are commonly understood for the current Service, and we do not use sensitive personal information for inferring characteristics. If our practices change, we will update this section.
11. Children
The Service is not directed at children under 16 (or 13 where applicable). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us so we can delete it.
12. Third-party websites
The Service may retrieve public information from websites you specify. Those sites have their own privacy policies. This Policy does not describe their practices.
13. Changes
We may update this Policy to reflect changes to the Service, legal requirements, or our practices. Material changes will be communicated as appropriate (for example, by updating the date above or posting a notice on the Site).
14. Contact
Privacy questions: privacy@nivk.com
Terms: Terms of Service · Legal: legal@nivk.com