Privacy Policy

We do not collect payment card details. All billing is processed exclusively through Shopify's built-in Billing API.

We process your data on the following legal bases under GDPR:

• Contract performance: Processing Shopify store data is necessary to deliver the analytics service you subscribed to.
• Consent: You grant explicit consent through Shopify's OAuth flow when you install the App and approve the requested data scopes.
• Legitimate interest: Usage analytics to improve the Service, provided it does not override your rights.
• Legal obligation: Where we are required to retain or disclose data by law.

We use your data exclusively to provide and improve the Service:

• Generate profit dashboards, reports, and product analytics
• Compute COGS-based profit metrics and product classifications
• Produce AI-powered insights and actionable recommendations
• Track competitor pricing and discover trending products
• Send weekly profit audit reports and daily action summaries
• Provide customer support and resolve tickets
• Improve the Service based on aggregated usage patterns

When generating AI insights, we send aggregated, anonymized metrics (revenue totals, margin percentages, product performance scores) to our AI provider. No personally identifiable information (names, emails, addresses, or payment details) is ever included in AI requests.

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. We share data only with the following service providers necessary to operate the App:

We may disclose information if required by law, court order, or governmental regulation, or to protect our legal rights.

We retain your data only as long as necessary to provide the Service:

• Account data: Retained while your account is active. Deleted within 30 days of account closure or deletion request.
• Store metrics and orders: Retained for 90 to 365 days depending on your subscription plan, then automatically pruned.
• Chat conversations: Retained for 90 days, then automatically deleted.
• Compliance audit records: Retained as long as legally required for regulatory compliance.
• Webhook event logs: Pruned after 30 days.

When you disconnect a Shopify store, we immediately revoke and delete the stored OAuth access tokens. Cached store data (products, orders, metrics) is deleted within 48 hours. When Shopify sends a shop/redact webhook, we delete all data associated with that store atomically.

ProfitPilot fully complies with Shopify's mandatory privacy webhooks as required by the Shopify App Store:

• Customer Data Request (customers/data_request): When a merchant's customer requests their data, we log the request and notify the merchant. No customer PII is stored in the log.
• Customer Data Erasure (customers/redact): When a merchant's customer requests erasure, we immediately remove all associated customer identifiers (email, customer ID) from our order records.
• Shop Data Erasure (shop/redact): When a merchant uninstalls the App and Shopify requests full erasure, we delete all shop data including orders, products, metrics, reports, suggestions, AI insights, tokens, costs, and subscriptions.

All webhooks are verified using HMAC-SHA256 signatures to prevent unauthorized requests. Compliance actions are processed synchronously to ensure they complete within Shopify's required timeframe.

We implement industry-standard security measures to protect your data:

• Shopify OAuth access tokens encrypted with AES-256 at rest
• All data transmitted over HTTPS with TLS encryption
• Webhook signatures verified cryptographically using constant-time comparison on every request
• Passwords hashed with bcrypt (never stored in plaintext)
• CSRF protection on all form submissions
• Content Security Policy (CSP) headers enforced across the application
• SSRF protection applied to all user-provided URLs
• Rate limiting on API endpoints and authentication routes

We use only essential cookies required for the Service to function:

• Session cookie: Maintains your login session (expires on browser close or after 120 minutes of inactivity)
• CSRF token: Protects against cross-site request forgery attacks
• Chat widget cookie: Identifies anonymous chat sessions for support continuity

We do not use third-party tracking cookies, advertising pixels, or analytics trackers. For more details, see our Cookie Policy.

Regardless of your location, you have the following rights concerning your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Update or correct inaccurate data via your profile settings
• Erasure (Right to be Forgotten): Request deletion of your account and all associated data
• Restrict processing: Ask us to limit how we use your data
• Data portability: Export your reports and metrics in standard formats
• Object: Object to data processing based on legitimate interest
• Withdraw consent: Revoke Shopify store access at any time by disconnecting your store or uninstalling the App

To exercise any of these rights, email us at no-reply@profit-pilot.io or use the self-service options in your account settings. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information
• The right to non-discrimination for exercising your privacy rights

We do not sell personal information to third parties. To exercise your CCPA rights, contact us at no-reply@profit-pilot.io.

ProfitPilot processes order data from your Shopify store to compute profit analytics. Regarding your customers' data:

• We do not store customer PII (email, name, address) unless Shopify has approved our Protected Customer Data access request
• We never contact your customers directly
• We never share your customers' data with third parties
• We never use your customers' data for marketing, advertising, or profiling
• Customer identifiers, when stored, are used solely for order attribution within your analytics
• When a customer requests data erasure through your Shopify store, we process the erasure request automatically via Shopify's mandatory webhook

Merchants are the data controllers for their customers' data. ProfitPilot acts as a data processor on behalf of the merchant.

Your data is stored on secured servers. When data is transferred to third-party AI providers (Google, OpenAI) for insight generation, only aggregated, anonymized metrics are transmitted. No personally identifiable information leaves our servers for AI processing.

If you are located in the European Economic Area (EEA) and your data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.