Privacy & data
Protected customer data
Pixel Proof audits the health of the conversion tracking you already run. It analyzes your events as boolean presence of already-hashed match keys — it never reads, stores, or receives raw customer data.
PCD LEVEL 2 · HASHED PRESENCE ONLY
What Pixel Proof accesses
read_products
Catalog metadata, to anchor an audit to your store. No orders, no customers, no checkouts.
Your conversion-event sample
From the source you connect (Meta Conversions API / server-side GTM): event_id, client-vs-server, event name, and a yes/no for each already-hashed match key.
Aggregates only
We persist counts and percentages per audit run (dedup %, hit ratio, key coverage) — never a per-customer row.
Separate Meta review
Conversions API access goes through Meta’s own App Review; Pixel Proof requests the minimum read scope needed to grade your setup.
What Pixel Proof never accesses
Raw emails, phone numbers, or IPs. Orders, customers, or checkouts. Pixel Proof does not request read_orders or read_customers; the engine is structurally unable to see a raw identifier — it receives a boolean for each hashed key.
How your data is handled
- Hashed-presence boundary: raw match-key values are reduced to booleans at the source adapter and never cross into the rest of the app.
- Encrypted at rest: Shopify access tokens are stored with AES-256-GCM encryption.
- Deleted on uninstall: on app uninstall and on a Shopify shop-redaction request, all of your data is removed.
Honesty
Health scores are a diagnostic of your existing tracking — not a guarantee of recovered conversions or attribution. Pixel Proof tells you what’s broken and how to fix it; the fixes happen in your own tracking stack.