passoagency.com/Data deletion
Data deletion

How to delete your data, and what happens when you do.

A plain-English account of the three deletion paths we offer, the schedule we follow, and the records we are obliged to keep. For the legal policy, see our privacy policy. For what we read in the first place, see data & privacy.

Three ways to delete

Most of the data we hold is tied to a Shopify store, an ad account you have connected, or a customer record one of those stores has shared with us. There is one path for each.

1. Disconnect a single source from the dashboard

Once the Passo app is installed in your Shopify admin, the dashboard lives inside Shopify. To stop sending data from one connected source while keeping Passo connected to the rest of your stack, open the app and follow the steps below.

  1. Open the Passo app from the Apps menu in your Shopify admin.
  2. Open Settings, then Connections.
  3. Click Disconnect next to the source you want to remove.
  4. Confirm in the dialog that appears.

The moment you confirm, we call the relevant revocation endpoint at the upstream provider, delete the encrypted refresh token from our database, and stop reading from that source. The historical rows we already hold for that source remain in your dashboard so the strategy report stays coherent. If you also want those historical rows removed, follow path three below.

2. Uninstall the Passo app from your Shopify admin

Uninstalling the app from your Shopify admin is the full delete. Everything we hold for your store, including your raw ad-account rows, aggregated metrics, the strategy report, the dashboard configuration, the prepaid media balance ledger, and the encrypted credentials for every connected source, is scheduled for deletion immediately.

  1. In your Shopify admin, go to Apps.
  2. Find The Passo Agency in your installed apps list.
  3. Click Uninstall.
  4. Confirm in the dialog that appears.

Within thirty days every piece of data we hold for your store is removed from our production database and from any encrypted backup retained for disaster recovery. We will email you a confirmation when deletion is complete, addressed to the contact on file for the Shopify store.

If there is an unused prepaid media balance on your account when you uninstall, we refund it to the same payment method within thirty days. The financial record of that refund is kept for the period our auditors and HMRC require, currently seven years from the end of the relevant accounting year.

3. Written request for any other case

For everything else, including deletion of historical rows from a still-connected source, deletion on behalf of an end customer whose data may have reached us through a connected pixel or the Conversions API, or any request under UK GDPR, write to us.

  1. Email hello@passoagency.com from the email address registered to your Shopify store. If you are writing on behalf of an end customer, write from a verifiable contact for that customer or the merchant who holds their record, and tell us which store the request relates to.
  2. Tell us what you want deleted. "All historical rows from my Google Ads connection," "the customer record matching this hashed email," "everything you hold for my store" are all acceptable phrasings.
  3. We acknowledge within two working days, complete the deletion within thirty days, and email a written confirmation when it is done.

If you are a Meta reviewer, Google reviewer, or other platform auditor verifying this path, write from your reviewer email address with the platform name in the subject line and we will reply on the next working day.

End-customer data specifically

Data we receive about your customers, for example through a Meta pixel or a Conversions API feed configured on a merchant store, is held under the merchant's data controller relationship with that customer. If one of your customers asks you to delete their data, you can forward the request to us at hello@passoagency.com with the customer's hashed identifier and the affected store. We will remove the matching rows from our database and the matching identifier from any downstream caches within thirty days.

Customer information parameters we transmit on a merchant's behalf, including hashed email, phone, name, address, city, post code, and external identifier, are not stored in raw form at any point. They are hashed in transit and we retain only the hashed values used for match-quality reporting. Deleting the customer's record from our database removes those hashes alongside the rest of the row.

The schedule we follow

Encrypted credentials for any connected source: deleted on the same day you disconnect or uninstall. Raw ad-account rows, dashboard configuration, the prepaid media balance ledger, and any customer-record hashes: deleted within thirty days. Encrypted backups: rotated out within thirty days; deletion is propagated to backups as part of the same job. Aggregated category-level signals we have used in cross-merchant learning are not tied to a single store and remain in our learning layer in their anonymised form, as set out in our privacy policy.

What we keep, and why

We keep financial records, including invoices, credit notes, and the audit trail of payment-method changes, for the period our auditors and HMRC require under UK tax law, currently seven years from the end of the relevant accounting year. We keep the log of deletion requests themselves, including who asked, when, and what we deleted, for the same period so that we can prove compliance if we are ever asked. Both records are stored separately from the rest of your account data and access is restricted to a small number of authorised people.

Contact

If you have a question about deletion that this page does not answer, write to hello@passoagency.com. We aim to reply within two working days.

Last updated: May 2026.