← Back to EcomViz

Privacy Policy

Last updated: April 23, 2026

1. What we collect

EcomViz collects only what is necessary to provide its analytics service:

  • Shopify store data — orders, revenue, and cart amounts fetched via the Shopify Admin API.
  • Account information — your email address and name, managed by Clerk for authentication.
  • Store credentials — OAuth access tokens used to read your Shopify data on your behalf.

We do not collect personal data about your customers beyond what is necessary to compute aggregated metrics (order counts, revenue totals). Individual customer records are never stored.

2. How we use your data

All data collected is used exclusively to display analytics inside your EcomViz dashboard. Specifically:

  • Shopify order data is fetched and aggregated in real time to compute KPIs (revenue, orders, average cart).
  • Your email is used to identify your account and send transactional communications (e.g. subscription confirmations).
  • OAuth tokens are stored to maintain your store connection without requiring you to re-authenticate each session.

3. We never sell your data

EcomViz does not sell, rent, trade, or share your data with any third party for advertising or commercial purposes. Your store data is yours. We have no interest in monetising it beyond providing you with the service.

4. Data storage and security

Your data is stored in Supabase, a managed PostgreSQL database hosted on secure cloud infrastructure. We apply the following protections:

  • All Shopify OAuth access tokens are encrypted at rest using AES-256-GCM before being written to the database.
  • Database access is restricted by row-level security — each user can only access their own records.
  • All data in transit is protected by TLS.

5. Third-party services

EcomViz uses the following third-party services to operate:

Clerk:Authentication and user account management.
Supabase:Database storage for store connections, goals, and subscription records.
Shopify:Source of store orders and revenue data via OAuth API.
Vercel:Application hosting and serverless function execution.
Resend:Transactional email delivery for Pro plan alert notifications.

Each of these services operates under their own privacy policy and data processing agreements.

6. Data retention and deletion

Your data is retained for as long as your account is active. If you disconnect a store, its access token is deleted immediately. If you close your account, all associated data — stores, goals, and subscription records — is permanently deleted upon request.

7. Your rights

You have the right to access, correct, or delete any personal data we hold about you. You may also request a machine-readable export of your personal data by contacting privacy@ecomviz.app. You may withdraw consent at any time. We will respond within 30 days.

8. Contact

For any privacy-related questions or requests, please contact us at: privacy@ecomviz.app