Guides Privacy policy disclosures for eventabee merchants

Privacy policy disclosures for eventabee merchants

Copy-paste templates for adding eventabee + your ad-platform destinations to your store's privacy policy.

Updated

When you install eventabee and connect destinations like Meta, Google Ads, TikTok, or Klaviyo, you become responsible for disclosing that activity in your own privacy policy. Eventabee enforces the technical consent and opt-out — but the disclosure obligation is yours, not ours, under GDPR, CCPA, CPRA, and equivalent laws.

This guide gives you copy-paste blocks you can adapt. It is not legal advice. If you’re unsure, talk to a privacy lawyer; this is a starting point, not a substitute.

What to add (everyone)

Add a section to your privacy policy describing how eventabee processes events on your behalf:

Event tracking and ad-platform forwarding

We use eventabee, an event-tracking application, to collect information about visits and orders on our store and to forward that information server-side to advertising and analytics platforms we have configured. Eventabee acts as our data processor.

Information forwarded includes: page visits, product views, cart actions, checkout events, and completed orders. Where you have provided contact information at checkout (email, phone, shipping address), eventabee transmits that information in cryptographically hashed form (SHA-256) to advertising platforms for the purpose of attributing your order to ads you may have seen.

You can manage your consent at any time via the cookie banner on our store.

If you’ve connected Meta (Facebook / Instagram)

Add to your “Third parties” or “Sharing” section:

We share hashed contact information and order details with Meta Platforms (Facebook, Instagram) via Meta’s Conversions API for the purpose of measuring ad performance and showing you relevant ads. Under California’s CPRA, this constitutes a “sale” or “sharing” of personal information for cross-context behavioral advertising. You can opt out at any time via the cookie banner.

If you’ve connected Google (Ads / Analytics 4)

We share hashed contact information and order details with Google (Google Ads, Google Analytics) for the purpose of measuring ad performance and improving our advertising. Under California’s CPRA, this may constitute a “sale” or “sharing” of personal information.

If you’ve connected TikTok

We share hashed contact information and order details with TikTok via the TikTok Events API for the purpose of measuring ad performance.

If you’ve connected Pinterest, Snapchat, Klaviyo, PostHog, or Segment

Use the Meta/Google template above and substitute the destination name. The pattern is the same: name the destination, name the purpose, point at the cookie banner for opt-out.

CCPA “Do Not Sell or Share My Personal Information”

If you have visitors from California (or any of the 19 US states with comparable laws), you should:

  1. Display a “Do Not Sell or Share” link on your storefront.
  2. Honor the choice — eventabee already enforces this in its consent banner when you have CCPA opt-out mode enabled.
  3. Disclose in your privacy policy that you respond to Global Privacy Control (GPC) signals (eventabee does this automatically when you enable GPC auto-reject in the consent banner settings).

Updating your policy when you add a destination

Every time you add a new destination in eventabee, return to this page and add (or remove) the corresponding paragraph in your policy. The “Request a destination” form sends you a confirmation when a new connector is shipped — that’s a good prompt to refresh your policy.

Questions

If you’re not sure how to phrase something for your specific store, email us at [email protected] and we’ll point you in the right direction. We’re not lawyers, but we’ve helped a lot of merchants through this.