Last updated · May 13, 2026
When a paid Instagram visitor lands on your store with the EscapeHatch snippet installed, we record a single event row per escape attempt. That row contains: an IP-hashed visitor ID, the user-agent string, UTM parameters from the URL, the storefront cookie identifier (_shopify_y), and the bucket assignment for the A/B test. We do not collect names, emails, phone numbers, payment data, or any first-party PII.
You get an authenticated dashboard scoped to your own merchant ID. Only you and the EscapeHatch operations team (under NDA) can see your event stream. We retain raw event rows for 13 months; aggregated daily rollups for 36 months.
The visitor data is non-personal under both regulations (IP-hashed, no identifier returned to client). You may classify EscapeHatch as a "functional" tool in your consent banner. If you need a signed Data Processing Agreement (DPA), email hi@getescapehatch.comand we'll send one over.
Customers can request deletion of any record we hold by emailing us with their _shopify_ycookie value or the timestamp of their visit. We'll honor it within 30 days.
Privacy questions: hi@getescapehatch.com. Postal mail on request.
This page is a working stub. Final policy will be reviewed by counsel before EscapeHatch exits private beta.