Privacy Policy

1. Introduction

Ecomenia ("we," "us," or "our") operates a comprehensive B2B e-commerce SaaS platform that provides multi-tenant store management, product catalogs, order processing, team collaboration, and integrations with delivery and payment services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Personal Information

• Account Information: Name, email address, phone number, password, timezone, country
• Profile Information: Display name, avatar, company details, store information
• Billing Information: Payment details, subscription plans, billing addresses (processed by LemonSqueezy)
• Identity Verification: Passkey data, two-factor authentication credentials
• Communication Data: Support inquiries, chat messages, email correspondence

2.2 Technical Information

• Device Information: IP addresses (anonymized), browser types, device identifiers
• Usage Data: Platform interactions, feature usage, session duration, click patterns
• Log Data: Server logs, error logs, security logs, API usage logs
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies, localization cookies

2.3 Business Data

• Store Data: Store names, descriptions, subdomains, branding, settings
• Product Information: Product catalogs, variants, inventory levels, pricing
• Order Data: Customer orders, delivery tracking, confirmation workflows, COD transactions
• Team Information: Member roles, permissions, team structures, collaboration data
• Customer Data: Customer information you input into our platform
• Integration Data: Data from connected third-party services (Shopify, WooCommerce, delivery APIs)

3. How We Use Your Information

We use the collected information for:

3.1 Service Delivery

• Platform Operation: Providing core e-commerce management functionality
• Order Processing: Managing orders, tracking confirmation/shipments, and handling returns
• Product Management: Overseeing product catalogs, inventory, and pricing
• Team Collaboration: Enabling team management and role-based access
• Multi-Store Management: Supporting multiple store operations under one account
• Third-Party Integrations: Facilitate integrations with third-party services and APIs

3.2 Business Operations & Intelligence

• Billing & Subscriptions: Manage subscriptions, credit-based usage, and payment processing.
• Analytics & Insights: Provide sales metrics, inventory reports, and business intelligence.
• Optimization: Improve platform performance, usability, and customer experience.
• Fraud Prevention & Security: Detect and prevent unauthorized or fraudulent activities.
• Predictive Analytics: Offer forecasts for inventory, sales, and operational needs.

3.3 Communications & Support

• Customer Support: Provide technical assistance, onboarding, and account management.
• Transactional Messages: Send order confirmations, delivery updates, and receipts.
• System Notifications: Deliver real-time alerts, account notices, and service updates (via Novu).
• Training & Resources: Share guides, tutorials, and support materials.
• Important Notices: Inform you about policy changes, security issues, or critical service updates

4. Information Sharing and Disclosure

4.1 Third-Party Integrations

We share data with integrated services you choose to connect:

• E-commerce Platforms: Shopify, WooCommerce, YouCan for product and order synchronization
• Delivery Services: Yalidine, Guepex, ZR Express, DHL for shipping and tracking
• Payment Processors: Stripe, LemonSqueezy, Chargily for payment processing
• Analytics Services: For business intelligence and performance tracking

4.2 Service Providers

We work with trusted service providers who assist in:

• Cloud Infrastructure: AWS, Google Cloud for secure data hosting
• Email Services: For transactional emails and notifications
• Analytics: For platform performance and usage analytics
• Security: For fraud detection and security monitoring

4.3 Legal Requirements

We may disclose information when required by:

• Legal Processes: Court orders, subpoenas, legal investigations
• Regulatory Compliance: Industry regulations and compliance requirements
• Safety: Protecting user safety and preventing fraud
• Business Transfers: In case of merger, acquisition, or business sale

5. Data Security

5.1 Technical Safeguards

• Encryption: Data encryption in transit and at rest using industry standards
• Access Controls: Role-based access with multi-factor authentication
• Infrastructure: Secure cloud infrastructure with regular security updates
• Monitoring: 24/7 security monitoring and threat detection

5.2 Operational Security

• Employee Training: Regular security training for all team members
• Background Checks: Security screening for employees with data access
• Incident Response: Comprehensive security incident response procedures
• Regular Audits: Periodic security audits and vulnerability assessments

5.3 Data Backup and Recovery

• Automated Backups: Regular automated backups of all platform data
• Disaster Recovery: Comprehensive disaster recovery and business continuity plans
• Data Integrity: Regular data integrity checks and validation
• Redundancy: Multiple data centers for high availability

6. Your Rights and Choices

6.1 Access and Control

• Account Access: View and update your account information
• Data Export: Request export of your business data
• Data Portability: Transfer your data to other platforms
• Account Deletion: Delete your account and associated data

6.2 Privacy Controls

• Communication Preferences: Control email notifications and communications
• Analytics Opt-out: Opt out of non-essential analytics tracking
• Cookie Management: Manage cookie preferences and tracking
• Team Permissions: Control team member access and permissions

6.3 Data Subject Rights

Under applicable privacy laws, you have the right to:

• Access: Request information about data we collect and process
• Rectification: Correct inaccurate or incomplete information
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of data processing

7. International Data Transfers

7.1 Global Operations

• Data Centers: We operate globally with data centers in multiple regions
• Transfer Safeguards: Appropriate safeguards for international data transfers
• Legal Framework: Compliance with applicable international data transfer laws
• Regional Compliance: Adherence to regional privacy regulations (GDPR, CCPA, etc.)

7.2 Data Localization

• Regional Storage: Option to store data in specific geographic regions
• Compliance: Meeting local data residency requirements
• Cross-Border: Secure protocols for necessary cross-border data transfers

8. Data Retention

8.1 Retention Periods

• Account Data: Retained while your account is active
• Business Data: Retained according to business and legal requirements
• Log Data: Typically retained for 2 years for security and analytics
• Backup Data: Retained in secure backups for disaster recovery

8.2 Deletion Policies

• Account Closure: Data deletion within 90 days of account closure
• Legal Hold: Extended retention when required by legal obligations
• Business Records: Retention according to applicable business record laws
• Anonymization: Conversion of data to anonymous form where possible

9. Children's Privacy

Our platform is designed for business use and is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

10. Changes to This Privacy Policy

10.1 Policy Updates

• Notification: We will notify you of material changes to this policy
• Effective Date: Changes become effective on the date specified
• Continued Use: Continued use constitutes acceptance of updated terms
• Historical Versions: Previous versions available upon request

10.2 Review Schedule

We review and update this Privacy Policy periodically to reflect:

• Legal Changes: Updates to applicable privacy laws
• Business Changes: Modifications to our business practices
• Technology Changes: Updates to our technology and security practices
• User Feedback: Improvements based on user feedback and concerns

11. Contact Information

This Privacy Policy is part of our Terms of Service and should be read in conjunction with our complete terms and conditions.