Legal

Privacy Policy

This policy describes how Tessera collects, uses, and protects information when you use our services or visit tessera-systems.io.

Effective date: 1 March 2026 · Last updated: 17 March 2026

1. Who we are

Tessera is a Shopify commerce engineering service operating under ABN 51476861500, based in Melbourne, Australia. References to "Tessera", "we", "us", or "our" in this policy refer to this entity. Contact: hello@tessera-systems.io.

2. Information we collect

a) Website visitors. When you visit tessera-systems.io, we may collect standard web analytics data including pages visited, referrer, browser type, and general geographic region. This data is aggregated and not linked to individuals.

b) Audit tool users. When you submit a store URL for an audit, we collect the URL and the resulting Lighthouse and PageSpeed performance data. We do not collect or store any data about your store's customers or orders.

c) Email subscribers. If you subscribe to updates, we collect your email address. We use this solely to send relevant updates about Tessera. You can unsubscribe at any time.

d) Engagement clients. For clients on a retained engagement, we access your Shopify store via OAuth 2.0 with read-only scopes. We do not store customer PII (names, email addresses, payment information) outside of Shopify. See our Security Overview for full details.

3. How we use information

  • To provide and improve our audit and optimisation services
  • To communicate with you about your engagement or inquiry
  • To send updates you've opted into (email subscribers only)
  • To monitor and improve the performance of tessera-systems.io
  • To comply with legal obligations

We do not sell your data. We do not use your data for advertising purposes.

4. Data sharing

We do not sell, rent, or share your personal information with third parties except:

  • Infrastructure providers — Vercel (hosting), Neon (database), and similar providers necessary to operate the service. These are data processors acting under our instruction.
  • Legal requirements — If required by law or to protect our legal rights.

5. Data retention

Audit results are retained for 12 months to support trend analysis and reporting. Email addresses are retained until you unsubscribe. Engagement-related data is retained for the duration of the engagement plus 2 years for accounting purposes. You can request deletion at any time.

6. Cookies

tessera-systems.io uses minimal cookies. We may set a session cookie for functional purposes (e.g. audit state). We do not use tracking or advertising cookies.

7. Your rights

Under Australian Privacy Act 1988 and applicable privacy legislation, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your information
  • Opt out of marketing communications at any time

To exercise these rights, contact hello@tessera-systems.io.

8. Security

We take reasonable steps to protect information from unauthorised access, misuse, or disclosure. For a detailed description of our security practices, see our Security Overview.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to active engagement clients via email. The effective date at the top of this page will reflect the most recent update.

10. Contact

Questions about this policy? hello@tessera-systems.io