Privacy Policy

Last updated: April 9, 2026

1. Who We Are

EcomScout ("we", "us", "our") operates the website ecomscout.com, the EcomScout Chrome browser extension, and related APIs (collectively, the "Services"). This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and your rights regarding that data.

For questions, contact us at [email protected].

2. Data We Collect

2.1 Information You Provide

  • Account & payment data — when you purchase a plan through Stripe, we receive your name, email address, and payment confirmation details. We do not store full credit card numbers; Stripe processes and stores payment credentials on our behalf as a PCI-DSS compliant payment processor.
  • Contact information — if you email us or submit a contact form, we store the email address and contents of your message.

2.2 Information Collected Automatically

  • Usage analytics — we use PostHog and Google Analytics to collect aggregated usage data such as pages visited, referral sources, device type, browser type, country, and session duration. These tools may set cookies (see our Cookie Policy).
  • Server logs — standard web server logs including IP address, request URL, timestamps, and HTTP headers.

2.3 Chrome Extension

The EcomScout Chrome extension analyses publicly available data on Shopify-powered stores you visit. It does not:

  • Track your general browsing history.
  • Collect personal data from visited websites.
  • Read or store passwords, form inputs, or cookies from other sites.
  • Sell data to third parties or use it for advertising.

The extension transmits the domain of a Shopify store you are viewing to our API to retrieve analytics for that store. No other browsing data is sent.

3. How We Use Your Data

  • To provide, maintain, and improve the Services.
  • To process payments and deliver purchased plans.
  • To send transactional emails (receipts, plan delivery) via Klaviyo. You can unsubscribe from marketing emails at any time.
  • To analyse aggregated usage trends and improve user experience.
  • To detect and prevent abuse, fraud, and security threats.

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your data under the following legal bases:

  • Contract — to fulfil purchases and deliver plans.
  • Legitimate interest — for analytics, fraud prevention, and improving the Services.
  • Consent — for optional marketing emails and non-essential cookies.

5. Third-Party Services & Data Sharing

We share data only with the service providers required to operate the Services:

ProviderPurposeData Shared
StripePayment processingName, email, payment token
PostHogProduct analyticsAnonymous usage events, device info
Google AnalyticsWeb analyticsPage views, sessions, device info
Google Tag ManagerTag managementScript orchestration (no direct data)
KlaviyoEmail deliveryEmail address, purchase info
CloudflareCDN, security, bot protectionIP address, request metadata
VercelWeb hostingServer logs, request metadata
MongoDB AtlasDatabase hostingAll stored application data

We do not sell, rent, or trade your personal data to third parties for advertising or marketing purposes.

6. Data Retention

  • Purchase records — retained for the duration required by tax and accounting obligations (typically 7 years).
  • Analytics data — aggregated analytics are retained indefinitely. Identifiable session data is retained for up to 24 months, then anonymised or deleted.
  • Server logs — retained for up to 90 days.
  • Email lists — until you unsubscribe, after which your email is removed within 30 days.

7. Your Rights

Depending on your jurisdiction (GDPR, CCPA, etc.), you may have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Portability — receive your data in a machine-readable format.
  • Restriction — limit how we process your data.
  • Object — object to processing based on legitimate interest.
  • Withdraw consent — for any consent-based processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

8. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption in transit, encrypted databases at rest, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure.

9. International Transfers

Our servers are hosted in the United States (AWS, Vercel) and the European Union (PostHog EU). If you are outside the US, your data may be transferred to and processed in the US. We rely on standard contractual clauses and our providers' compliance frameworks to ensure adequate protection.

10. Children's Privacy

The Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top. Continued use of the Services after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Legal Name
Ecomscout, MB
Company Code
307547929
VAT Number
LT100019793112
Registered Address
Girulių g. 20, LT-12123 Vilnius, Lithuania