Privacy Policy
Last updated: February 19, 2026
Overview
AgeGuard is an age verification gate for Shopify stores. We are committed to protecting user privacy. This policy explains what data we collect (almost none) and how we handle it.
What We Collect
From Store Visitors (Your Customers)
Nothing. AgeGuard does not collect, transmit, or store any personal data from store visitors. When a visitor confirms their age, a simple browser cookie (ageguard_verified) is set on their device. This cookie contains only the value "1" — no names, emails, birthdates, IP addresses, or any other identifiable information is ever recorded.
If a visitor uses the date of birth verification mode, the entered date is checked in the browser only and is never sent to any server.
From Store Owners (Merchants)
When you install AgeGuard, Shopify provides us with a standard OAuth access token to authenticate your admin session. This token is stored securely on our server and is used solely to verify that you are an authorized merchant when you open the app in your Shopify admin. We do not access your store data, customer lists, orders, or any other Shopify resources.
What We Do Not Collect
- No personal information from store visitors
- No browsing or behavioral data
- No analytics or tracking pixels
- No third-party cookies
- No customer data from your Shopify store
Cookies
AgeGuard sets a single first-party cookie on the visitor's browser:
| Cookie | Purpose | Duration |
|---|---|---|
ageguard_verified | Remembers that a visitor has confirmed their age so they are not asked again | Configurable by the merchant (default: 30 days) |
A sessionStorage fallback is also used in case cookies are blocked by the browser.
Data Storage and Security
Merchant OAuth sessions are stored in an encrypted SQLite database on a secure server hosted by Fly.io in the United States. Access tokens are never exposed publicly and are used exclusively for session authentication.
Third-Party Services
AgeGuard does not integrate with or send data to any third-party analytics, advertising, or tracking services. The only external communication is with Shopify's OAuth system during app installation and authentication.
GDPR and CCPA Compliance
Because AgeGuard does not collect personal data from store visitors, there is no personal data to access, rectify, or delete. For merchants who wish to remove their data, uninstalling the app will remove your session from our database.
Changes to This Policy
If we make changes to this privacy policy, we will update the "Last updated" date at the top of this page.
Contact
If you have questions about this privacy policy, please contact us at vaibhavrai46@gmail.com.