Privacy Policy

Account information: Name and email address when you register.

Shopify store data: Orders, products, and aggregated metrics accessed via Shopify's API with your explicit consent through OAuth. Core analytics use read-heavy scopes; optional product features may request additional scopes when you enable them.

Usage data: Pages visited, features used, and session duration to improve the Service.

Contact information: Name, email, and message content if you use our contact form.

We do not collect payment card details — all billing is handled through Shopify's built-in subscription system.

We use your data exclusively to provide and improve the Service:

• Generate profit dashboards, reports, and analytics
• Produce AI-powered insights and recommendations
• Send profit reports and plan-based email digests where enabled
• Provide customer support
• Improve the Service based on usage patterns

When generating AI insights, we send aggregated, anonymized metrics to our AI provider. No personally identifiable customer data (names, emails, addresses) is ever included in AI requests.

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:

• Shopify: Through their official API for store data access and billing
• AI providers: Aggregated metrics only (no PII) for generating insights
• Infrastructure providers: Hosting and database services bound by data processing agreements

We may disclose information if required by law or to protect our legal rights.

We retain your data only as long as necessary to provide the Service:

• Account data: Retained while your account is active. Deleted within 30 days of account closure.
• Store metrics: Retained for up to 365 days depending on your plan, then automatically pruned.
• Chat conversations: Retained for 90 days, then automatically deleted.

When you disconnect a Shopify store, we delete the associated access tokens and cached store data within 48 hours.

We use only essential cookies required for the Service to function:

• Session cookie: Maintains your login session (expires on browser close or after 120 minutes of inactivity)
• CSRF token: Protects against cross-site request forgery
• Chat widget cookie: Identifies anonymous chat sessions for support continuity

We do not use third-party tracking cookies, advertising pixels, or analytics trackers.

We implement industry-standard security measures to protect your data:

• Shopify access tokens encrypted with AES-256 at rest
• All data transmitted over TLS 1.3
• Webhook signatures cryptographically verified on every request
• Passwords hashed with bcrypt
• We are a verified Shopify Partner

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Update or correct inaccurate data via your profile settings
• Deletion: Delete your account and all associated data from your settings page
• Disconnect: Revoke Shopify store access at any time
• Data portability: Export your reports and metrics

To exercise any of these rights, email us at no-reply@profit-pilot.io or use the self-service options in your account settings.

We support privacy-related requests and Shopify-required data handling workflows for stores using the service.

• Access requests: Merchants can contact us to request account-related privacy information.
• Deletion requests: Merchants can disconnect stores, delete accounts, or contact support for assistance.
• Shopify data handling: ProfitPilot supports Shopify customer data request, data erasure, and shop redaction workflows where applicable.

If you have a privacy-related question, contact us at no-reply@profit-pilot.io.