Privacy Policy

Last updated:

Secure OAuth • Read‑only by default AES‑256 at rest • TLS in transit DPA available

Quick summary (for convenience only)

  • We analyze your Shopify data to deliver AI guidance—you own your data.
  • We don’t sell your personal/store data. Limited sharing with vetted processors (hosting, payments, email, analytics).
  • Security: TLS, AES‑256, least‑privilege access, audit logs.
  • Rights: access, correction, deletion, export, consent withdrawal; regional rights (GDPR/CCPA) supported.
  • Cookies: essential for auth; optional analytics/preferences configurable in our Cookie Preferences.

This summary is non‑binding. The full policy below governs.

1. Information We Collect

We collect information to provide and improve DropifyXL:

Personal Information

  • Name and email when you create an account
  • Payment details (handled by our PCI‑compliant processor)
  • Support messages and communication preferences
  • Profile settings

Shopify Store Data

  • Catalog and inventory
  • Orders, revenue, and performance analytics
  • Traffic/behavior metrics
  • Configuration relevant to insights (e.g., theme, PDP fields)
  • Optional: ad platform metrics if you connect them

Usage & Device Data

  • Features used, time in app, interaction with recommendations
  • Device, browser, IP address, and approximate location

2. How We Use Information

Service Delivery

  • Generate product insights and recommendations
  • Create AI‑powered ad copy/angles
  • Produce weekly action plans
  • Monitor store health and KPIs
  • Price optimization suggestions

Improvement of AI & Product

  • Train and evaluate models using aggregated, anonymized data
  • Improve accuracy, relevance, and safety
  • Develop new features and user experience enhancements

Communication & Admin

  • Service notifications and important updates
  • Billing and subscription management
  • Support and troubleshooting

3. Sharing & Disclosure

We do not sell your data. We share only as needed to operate the Service:

Processors (Service Providers)

We work with vetted vendors for hosting, storage, payments, email, analytics, monitoring, and customer support. Each is bound by contractual confidentiality and data‑protection obligations (see our DPA).

Legal

  • Compliance with legal process and lawful requests
  • Protect rights, property, or safety of users and the public
  • Detect, prevent, or address fraud/abuse/security issues

Business transfers

In a merger, acquisition, or asset sale, data may transfer subject to this Policy.

4. Security

Technical
  • TLS in transit, AES‑256 at rest
  • Secrets management & key rotation
  • Backups and disaster recovery
  • Automated dependency scanning
Organizational
  • Least‑privilege, role‑based access
  • Audit logs & regular access reviews
  • Security training for staff
  • Change‑management procedures

No method of transmission or storage is 100% secure, but we use reasonable safeguards aligned with industry best practices.

Report a security issue: security@dropifyxl.com

5. Data Retention

  • Account info: while active + 30 days
  • Store data: up to 90 days after disconnect (for easy reconnection)
  • Usage analytics: aggregated/anonymized may be kept to improve AI
  • Support records: 2 years
  • Billing & tax: 7 years (compliance)

You may request deletion at any time (see Rights below).

6. Your Rights & Choices

Depending on your region (e.g., EU/EEA, UK, California), you may have the right to:

  • Access and obtain a copy of your data (portability)
  • Correct inaccurate information
  • Delete your personal data
  • Object to or restrict certain processing
  • Withdraw consent where processing is based on consent

To exercise rights, email privacy@dropifyxl.com. We respond within 30 days.

Data Requests

You can also request: export, deletion, or correction from your account settings or by contacting support.

Regional Disclosures

For GDPR/CCPA/UK GDPR details (controller, lawful bases, appeals), see our Data Processing Addendum.

7. Cookies & Tracking

We use:

Essential

  • Authentication/session
  • Security and fraud prevention
  • Core functionality

Analytics

  • Usage metrics and performance
  • Error tracking

Preferences

  • Language, region, dashboard layout

Manage your choices in the Cookie Policy or via our in‑app Cookie Preferences.

8. International Data Transfers

We may process and store information in countries outside your own (including the United States). We use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions where applicable, and DPAs with processors.

9. Children’s Privacy

DropifyXL is not intended for individuals under 18. We do not knowingly collect personal data from children. If we learn of such collection, we will promptly delete it.

10. Third‑Party Integrations

Shopify

Our Shopify integration is governed by Shopify’s terms and privacy policies. We only request scopes required to provide insights and recommendations. You can revoke access from your Shopify admin at any time.

Other Platforms

Optional connections (e.g., ad platforms, analytics tools) are subject to those providers’ policies. Review their privacy notices for details.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified at least 30 days before taking effect. We will update the date at the top and may notify you by email or in‑app.

Version history: v1.1 () – clarified security, rights, and cookies; v1.0 (July 2025) – initial release.

12. Contact

Privacy Officer: privacy@dropifyxl.com

Support: support@dropifyxl.com

DPO: dpo@dropifyxl.com

Address: DropifyXL Privacy Team, 6744 Kampala, Uganda

We aim to respond within 30 days and will work to resolve any privacy concerns.