Privacy Policy
Last Updated: November 27, 2025
This Privacy Policy describes how ecomVance ("ecomVance," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our services, website, and applications (collectively, the "Service"). ecomVance is a product of BEY AGENCY LTD (Company number 16435596), a Private Limited Company registered in the United Kingdom at Suite 90415 Brayford Square, London, E1 0SG. This Privacy Policy should be read in conjunction with our Terms of Service and End User License Agreement.
1. Information We Collect
1.1 Information You Provide:
- Account Information: Name, email address, username, password, profile information
- Payment Information: Billing address, payment method details (processed securely through third-party payment processors - we do not store full credit card numbers)
- Content Data: Prompts, inputs, uploaded images, generated content, and any other data you submit to the Service
- Communications: Support tickets, feedback, survey responses, and correspondence with our team
1.2 Automatically Collected Information:
- Usage Data: Pages visited, features used, time spent, interaction patterns, button clicks, navigation paths
- Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution, language preferences
- Technical Data: API request logs, response times, error rates, request parameters, timestamps
- Cookie and Tracking Data: Cookies, web beacons, pixels, local storage data, session tokens
1.3 Third-Party Information:
- Information from Third-Party Provider APIs regarding processing status and results
- Payment processor data regarding transaction status and billing information
- Analytics service data regarding site usage and performance
2. How We Use Your Information
2.1 Service Provision:
- Processing your requests through Third-Party Provider APIs
- Managing your account, authentication, and access control
- Processing payments and managing your credit balance
- Providing customer support and responding to inquiries
2.2 Safety and Security:
- Detecting, preventing, and investigating fraud, abuse, and security threats
- Enforcing our Terms of Service and content policies
- Monitoring for prohibited content and policy violations
- Protecting the rights, property, and safety of ecomVance, our users, and the public
2.3 Service Improvement:
- Analyzing usage patterns to improve features and user experience
- Developing new products and services
- Conducting research and analytics
- Testing and optimizing service performance
2.4 Communications:
- Sending transactional emails (account notifications, receipts, service updates)
- Providing customer support and responding to inquiries
- Sending marketing communications (with your consent, where required)
- Notifying you of policy changes or important service announcements
2.5 Legal Compliance:
- Complying with applicable laws, regulations, and legal processes
- Responding to lawful requests from law enforcement and government authorities
- Enforcing our legal rights and defending against legal claims
- Investigating and reporting illegal activity
3. Information Sharing and Disclosure
3.1 Third-Party Service Providers:
- AI Processing Providers: Your content and prompts are transmitted to Third-Party Providers (e.g., Fal AI) for processing. These providers operate under their own privacy policies.
- Payment Processors: Payment and billing information is shared with payment processing services (e.g., Stripe) to complete transactions.
- Infrastructure Providers: Hosting, database, and cloud service providers that store and process data on our behalf.
- Analytics Services: Analytics and monitoring tools that help us understand service usage and performance.
3.2 Legal and Safety Disclosures:
We may disclose your information without your consent when we believe in good faith that disclosure is:
- Required by law, regulation, legal process, or governmental request
- Necessary to enforce our Terms of Service or other policies
- Necessary to detect, prevent, or address fraud, security, or technical issues
- Necessary to protect the rights, property, or safety of ecomVance, our users, or the public
- Necessary to investigate potential violations of law, particularly regarding child sexual abuse material (CSAM) or content involving imminent harm
3.3 Business Transfers:
In the event of a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction, your information may be transferred to a successor or affiliate entity.
3.4 Aggregated and De-Identified Data:
We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, marketing, analytics, or other purposes.
4. Shopify App Store Data Collection
When you install and use ecomVance through the Shopify App Store, we collect and process additional information specific to your Shopify store. This section describes the data we collect from Shopify and how we use it.
4.1 Shopify Store Information:
- Store Domain: Your myshopify.com domain (e.g., your-store.myshopify.com)
- Store Name: The name of your Shopify store as configured in Shopify admin
- Store Owner Email: The email address associated with the store owner account
- Shop ID: Your unique Shopify store identifier
- Store Currency and Timezone: Your store's configured currency and timezone settings
4.2 Product Data Access:
- Product titles, descriptions, and metadata
- Product images for AI processing (background removal, enhancement, etc.)
- Product categories and tags
- This data is accessed only when you explicitly request AI processing for specific products
4.3 Shopify Authentication:
- We use Shopify's OAuth 2.0 authentication system to securely access your store data
- We generate store-specific API credentials (api_key and api_secret) for secure communication between the Shopify plugin and our services
- API secrets are hashed using SHA-256 before storage; we never store plaintext API secrets
4.4 Shopify Billing Data:
- Subscription Information: Plan type, billing interval, subscription status
- Charge IDs: Shopify Billing API charge identifiers for subscriptions and one-time purchases
- Billing Periods: Current period start and end dates
- Payment processing is handled entirely by Shopify Billing; we do not receive or store your payment card details
4.5 How We Use Shopify Data:
- To provide AI-powered image processing and content generation for your products
- To authenticate API requests from the Shopify plugin
- To manage your subscription and credit balance
- To send service notifications and trial expiration reminders
- To provide customer support specific to your store
4.6 Shopify Data Retention:
- Store connection data is retained while the app is installed and for 30 days after uninstallation
- Generation history and usage logs are retained for 90 days after app uninstallation
- Upon receiving a GDPR shop/redact webhook from Shopify, all store data is permanently deleted within 48 hours
4.7 GDPR Compliance for Shopify Users:
We support Shopify's mandatory GDPR webhooks including shop/redact for complete data deletion. When Shopify requests data deletion for your store, we delete all associated data including: store connection records, generation history, credit usage logs, and any stored product images.
5. Data Retention and Storage
5.1 Retention Periods:
- Account Data: Retained for the duration of your account plus 12 months after account closure
- Usage Logs and API Requests: Retained for 12 to 84 months depending on legal and compliance requirements
- Generated Content: Retained for 90 days after generation, unless flagged for policy violations
- Flagged Content: Retained indefinitely for safety, compliance, and legal purposes
- Payment Records: Retained for 7 years in compliance with tax and financial regulations
5.2 Data Storage Location:
Your data is primarily stored in the United States on servers operated by us or our service providers. Some data may be processed or stored in other countries where we, our affiliates, or our service providers maintain facilities. By using the Service, you consent to the transfer and processing of your data in these locations.
5.3 Data Security:
We implement commercially reasonable technical and organizational measures to protect your information, including encryption in transit and at rest, access controls, security monitoring, and regular security assessments. However, no system is completely secure, and we cannot guarantee absolute security of your data.
6. Your Privacy Rights
6.1 General Rights:
- Access: Request access to the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Data Portability: Request a copy of your data in a structured, machine-readable format
- Objection: Object to certain processing activities, including marketing communications
6.2 Regional-Specific Rights:
- EU/UK Users (GDPR): Right to restriction of processing, right to object to automated decision-making, right to lodge a complaint with your local data protection authority
- California Users (CCPA/CPRA): Right to know what personal information is collected, sold, or shared; right to opt-out of sale/sharing; right to limit use of sensitive personal information; right to non-discrimination for exercising privacy rights
- Turkish Users (KVKK): Right to learn whether personal data is processed, request information about processing, learn the purpose of processing and whether it is used for that purpose, know third parties to whom data is transferred, request correction or deletion, request notification of correction/deletion to third parties, object to unfavorable results arising from automated analysis
6.3 Exercising Your Rights:
To exercise any of these rights, contact us at hello@ecomvance.ai. We will respond to your request within 30 days (or as required by applicable law). We may request additional information to verify your identity before processing your request. Note that some rights may be limited by legal obligations or legitimate business interests (e.g., we cannot delete data required for legal compliance or fraud prevention).
6.4 Limitations on Rights:
Your privacy rights may be limited in cases where:
- Disclosure would adversely affect the rights and freedoms of others
- Data retention is required by law or legal process
- Data is necessary for the establishment, exercise, or defense of legal claims
- Data is required for detecting, preventing, or investigating fraud or abuse
- Your account has been terminated for policy violations
8. Children's Privacy
8.1 Age Requirement: The Service is intended for users who are at least 13 years of age. Users are responsible for their own use of the Service in compliance with applicable laws.
8.2 COPPA Compliance: We do not knowingly collect personal information from children under 13. If we discover that we have collected personal information from a child under 13 without verified parental consent, we will delete that information as quickly as possible.
8.3 Parental Notice: If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at hello@ecomvance.ai. We will take steps to delete such information.
9. International Data Transfers
9.1 Cross-Border Transfers: Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where data protection laws may differ from those in your country.
9.2 Safeguards: When transferring data internationally, we implement appropriate safeguards such as standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms to ensure your data is protected in accordance with this Privacy Policy and applicable law.
9.3 Consent to Transfer: By using the Service, you consent to the transfer of your information to the United States and other countries for processing and storage as described in this Privacy Policy.
10. Changes to This Privacy Policy
10.1 Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy.
10.2 Notification of Material Changes: For material changes that significantly affect your rights or how we process your information, we will provide prominent notice on our website and send email notification to registered users at least 30 days before the changes take effect.
10.3 Continued Use: Your continued use of the Service after changes to this Privacy Policy become effective constitutes your acceptance of the updated policy. If you do not agree to the changes, you must stop using the Service and may request deletion of your account.
11. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact:
ecomVance Support:
Email: hello@ecomvance.ai
BEY AGENCY LTD (Parent Company):
Email: hi@bey.agency
Website: https://bey.agency/
Address: Suite 90415 Brayford Square, London, United Kingdom, E1 0SG
Company Number: 16435596
12. Data Protection Officer
If you have questions about how we process your personal data or wish to exercise your privacy rights, you may contact our Data Protection Officer at:
Email: hello@ecomvance.ai
Address: BEY AGENCY LTD, Data Protection Officer, Suite 90415 Brayford Square, London, United Kingdom, E1 0SG
By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with this Privacy Policy, you must not use the Service.