Last updated: March 2026
What we do
Tagmux is a server-side event forwarding service. When a merchant installs our Shopify app,
we receive order and checkout webhook events from Shopify and forward them to the merchant's
configured advertising platforms (e.g., Meta Conversions API, Google Ads, TikTok Events API).
What data we collect
-
Order and checkout event data sent by Shopify webhooks (order ID, value, currency, line items)
-
Customer identifiers that Shopify includes in webhook payloads (email, phone, IP address, user agent)
- Shopify store domain and access credentials for API communication
How data is processed
-
Customer PII (email, phone) is SHA-256 hashed before being sent to ad platforms, as required by their APIs
-
Events are forwarded to the merchant's configured destinations within seconds of receipt
-
We do not enrich, sell, or share event data with any party other than the merchant's configured ad platforms
Data retention
- Event delivery jobs are automatically pruned after 24 hours
-
We do not store raw customer PII beyond the time needed to process and forward the event
-
Ad platform credentials are stored encrypted (AES-256-GCM) and deleted when the merchant removes a destination or uninstalls the app
GDPR compliance
We support Shopify's mandatory GDPR webhooks:
-
Customer data request
— we respond with confirmation that no long-term customer data is retained
-
Customer data erasure
— we confirm erasure (no persistent customer data to delete)
-
Shop data erasure
— we delete the store record and disable all associated destinations
App uninstall
When a merchant uninstalls Tagmux, we mark the store as uninstalled and stop processing events.
All destinations are disabled. The merchant can reinstall at any time and their previous configuration
will be restored.
Contact
For privacy questions, data requests, or concerns, contact us at privacy@tagmux.com.