Select some of this text to see the custom selection colors.

Privacy

Privacy policy

Last updated: January 1st, 2026

Profit AI ("we", "our", or "us") is committed to protecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application ("App" or "Service").

By installing and using Profit AI, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not install or use our services.

Our services are designed for businesses and are not intended for personal or household use.

Information We Collect

1. Information You Provide Directly

When you install and use Profit AI, we collect the following types of information:

Store Information

  • Your Shopify store domain and basic store details necessary to provide our services

  • Shopify session information (access tokens, user IDs, account owner status)

  • Store settings and preferences (currency, transaction fees, timezone)

Financial Data you input

  • Fixed costs (rent, salary, software subscriptions, etc.)

  • Manual costs (shipping, COGS, other expenses)

  • Marketing cost data you manually enter

  • Financial targets and goals you set within the app

Integration Credentials

  • OAuth access tokens and refresh tokens for connected platforms (Facebook Ads, Google Ads)

  • Account IDs and connection status for integrated advertising platforms

2. Information We Collect Automatically

Order and Sales Data (from Shopify)

  • Aggregated order information (order totals, dates, order counts)

  • Revenue data (gross sales, net sales, discounts, refunds)

  • Cost of goods sold (COGS) and shipping costs

  • Customer segmentation data (new vs. returning customer revenue)

  • Important: We do not store individual customer personal information (names, email addresses, shipping addresses, or payment information). We only store aggregated financial metrics.

Advertising Data (from Connected Platforms)

Facebook Ads Integration (if connected):

  • Ad account IDs and connection status

  • Ad spend data (daily, weekly, monthly)

  • Campaign performance metrics (spend, actions, action values)

  • Attribution data (28-day click attribution windows)

  • User segment data (new vs. engaged audience performance)

  • Data Source: Facebook Graph API (v18.0) with ads_read and business_management permissions

Google Ads Integration (if connected):

  • Google Ads customer IDs and account information

  • Ad spend data (daily, weekly, monthly)

  • Campaign performance metrics

  • Data Source: Google Ads API (v17+) with read-only access to campaign data

3. Technical Information

  • App usage data (features accessed, pages viewed)

  • Error logs and debugging information

  • Cache data for performance optimization (profit calculations, analytics, etc.)

How We Use Your Information

We use the collected information for the following purposes:

Primary Uses

  • Profit Analytics: Calculate and display profit metrics (Gross Profit, Contribution Profit, Net Profit)

  • Cost Tracking: Track and aggregate marketing costs, fixed costs, and variable costs

  • Financial Planning: Generate profit projections, planning tools, and scenario analysis

  • Performance Analysis: Provide unit economics analysis, cohort retention analysis, and trend comparisons

  • Integration Management: Maintain connections to advertising platforms and sync ad spend data

Service Improvement

  • Improve and optimize our services

  • Debug technical issues

  • Enhance app performance and user experience

Legal Compliance

  • Comply with legal obligations

  • Respond to legal requests and prevent fraud

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide the services you have requested

  • Legitimate Interests: To improve our services, ensure security, and prevent fraud

  • Consent: Where you have provided explicit consent (e.g., for optional integrations)

  • Legal Obligation: To comply with applicable laws and regulations

Data Storage and Security

Storage Location

Your data is stored securely using industry-standard encryption and security practices. We use PostgreSQL databases hosted on secure cloud infrastructure. Data is stored in secure data centers with appropriate physical and technical safeguards.

Security Measures

  • Industry-standard encryption for data in transit (TLS/SSL)

  • Encrypted storage for sensitive credentials (OAuth tokens)

  • Access controls restricted to authorized personnel only

  • Regular security assessments and monitoring

  • Secure authentication and session management

Data Retention

Active Use: We retain your data for as long as your app installation is active and you continue to use our services.

After Uninstallation:

  • Immediate Deletion: Session data and cached analytics are deleted immediately upon uninstallation

  • 48-Hour Deletion: All remaining shop data (costs, settings, integrations, etc.) is automatically deleted within 48 hours after uninstallation, in compliance with Shopify's GDPR requirements

Backup Retention: Deleted data may remain in encrypted backups for up to 30 days before permanent deletion, in accordance with our backup retention policies.

Data Sharing and Disclosure

We do not sell, rent, or trade your information to third parties for marketing purposes.

We may share data only in the following circumstances:

Service Providers

We may share data with trusted third-party service providers that help us operate our app:

  • Cloud Hosting: Railway (database hosting and infrastructure)

  • Email Services: Resend or SendGrid (for sending optimization emails, if enabled)

  • AI Services: OpenAI or Anthropic (for AI-powered recommendations, if enabled)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Advertising Platform Integrations

When you connect Facebook Ads or Google Ads:

  • Facebook/Meta: We access your Facebook Ads data through the Facebook Graph API. We do not share your Shopify data with Facebook. Facebook's use of data is governed by Facebook's Privacy Policy and Facebook's Data Policy.

  • Google: We access your Google Ads data through the Google Ads API. We do not share your Shopify data with Google. Google's use of data is governed by Google's Privacy Policy.

Legal Requirements

We may disclose data if required by law, court order, or government regulation, or to:

  • Protect our rights, property, or safety

  • Prevent fraud or abuse

  • Respond to legal requests

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

Third-Party Services and Integrations

Facebook Ads Integration

  • Data Collected: Ad spend, campaign performance, attribution data

  • Permissions Used: ads_read, business_management

  • Data Sharing: We do not share your Shopify data with Facebook. We only retrieve your Facebook Ads data to display in our app.

  • Facebook Policies: Your use of Facebook Ads is also subject to Facebook's Terms of Service and Facebook's Data Policy.

Google Ads Integration

  • Data Collected: Ad spend, campaign performance metrics

  • API Access: Read-only access to your Google Ads account data

  • Data Sharing: We do not share your Shopify data with Google. We only retrieve your Google Ads data to display in our app.

  • Google Policies: Your use of Google Ads is also subject to Google's Terms of Service and Google's Privacy Policy.

Shopify Integration

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure that appropriate safeguards are in place to protect your data, including:

  • Standard Contractual Clauses approved by the European Commission

  • Adequate security measures and encryption

  • Compliance with applicable data protection laws

Your Privacy Rights

For EEA Residents (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Right of Access: Request copies of your personal data

  • Right to Rectification: Request correction of inaccurate or incomplete data

  • Right to Erasure: Request deletion of your data ("right to be forgotten")

  • Right to Restrict Processing: Request limitation of how we process your data

  • Right to Data Portability: Request transfer of your data to another service

  • Right to Object: Object to processing based on legitimate interests

  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at jack@zeroexperts.co. We will respond to your request within 30 days.

For California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Know what personal information is collected, used, and disclosed

  • Right to Delete: Request deletion of your personal information

  • Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)

  • Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

  • Right to Correct: Request correction of inaccurate personal information

To exercise these rights, please contact us at jack@zeroexperts.co.

For All Users

You can also:

  • Disconnect Integrations: Disconnect Facebook Ads or Google Ads integrations at any time through the app settings

  • Uninstall the App: Uninstall the app from your Shopify admin, which will trigger automatic data deletion

  • Request Data Export: Request a copy of your data in a machine-readable format

Cookies and Tracking Technologies

Our app uses essential cookies and similar technologies required for:

  • Authentication: Maintaining your login session within the Shopify admin

  • Session Management: Preserving your preferences and app state

  • Security: Protecting against unauthorized access

We do not use:

  • Tracking cookies for advertising purposes

  • Third-party analytics cookies within the app

  • Cross-site tracking technologies

Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately so we can delete it.

Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify affected users within 72 hours of becoming aware of the breach (where required by law)

  • Provide clear information about what data was affected

  • Explain the steps we are taking to address the breach

  • Offer guidance on steps you can take to protect yourself

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page

  • Updating the "Last updated" date

  • Sending an email notification (for significant changes)

  • Displaying a notice in the app (for material changes)

Your continued use of the app after changes are posted constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: jack@tryprofit.ai

Response Time: We aim to respond to all privacy-related inquiries within 3 business days.

Additional Information

Data Controller

Profit AI is the data controller for the personal data collected through this app.

Supervisory Authority (EEA)

If you are located in the EEA and have concerns about our data practices, you have the right to lodge a complaint with your local data protection authority.

© 2025 Profit AI. All rights reserved.