Privacy Policy

1. Introduction

BeeMetrics LLC ("BeeMetrics", "we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business intelligence platform for e-commerce merchants (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Company Information

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

• Email address (required for authentication)
• First name and last name
• Password (stored securely using industry-standard hashing)

Note: Store names are provided later when you create stores within the app, not during account registration.

3.2 Connected Platform Data

When you connect third-party platforms via OAuth or API tokens, we access and process:

3.3 User-Provided Business Data

You may voluntarily provide:

• Cost of goods sold (COGS) for profitability calculations
• Fixed costs, salaries, logistics costs, and other business expenses
• Ad creative attributes and tags
• Business goals and targets
• Bank account balances for cash flow projections (entered manually, not connected)

3.4 BeeMetrics Pixel Data

If you install the BeeMetrics first-party pixel on your Shopify store, we collect anonymous visitor behavior data:

• Anonymous visitor ID (randomly generated, not linked to personal identity)
• Session ID (for session tracking)
• Page views, product views, cart actions, checkout events
• Marketing attribution parameters (UTM, click IDs from ads)
• Referrer URLs and landing pages

The BeeMetrics Pixel does NOT collect personally identifiable information such as names, email addresses, or IP addresses.

3.5 Automatically Collected Data

• Log data (IP address, browser type, pages visited, timestamps)
• Device information (operating system, device type)
• Usage data (features used, dashboard interactions)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on the following legal grounds:

5. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our business intelligence dashboards
• Calculate profitability metrics, KPIs, and generate actionable insights
• Perform multi-touch attribution analysis for your marketing campaigns
• Generate automated recommendations to optimize your business
• Process payments and manage your subscription
• Send transactional emails (account confirmations, password resets, important updates)
• Provide customer support and respond to your inquiries
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

Purpose by Data Source

To make the purpose of processing explicit per integration, the data we obtain from each connected source is used as follows:

• Meta Ads data (obtained via the "ads_read" permission of the Meta Marketing API): used solely to compute and display the merchant's own advertising performance metrics (spend, ROAS, CTR, CPC, impressions, clicks, conversions), creative-level analytics, and A/B test insights inside the BeeMetrics dashboard.
• Shopify data: used to compute revenue, profit, customer KPIs and product-level profitability.
• Google Ads & TikTok Ads data: used to compute cross-channel advertising performance and attribution.
• Klaviyo data: used to compute email marketing attribution and campaign performance.
• BeeMetrics Pixel data: used to compute first-party visitor analytics and multi-touch attribution.

We do NOT use your data for advertising purposes, sell it to third parties, or share it for purposes unrelated to providing our Service. Data obtained from any connected platform is never used to build user profiles, train advertising models, or be repurposed beyond the scope described above.

6. Data Storage, Location, and Security

6.1 Data Location

Your data is stored in the European Union:

• User accounts and authentication: Supabase (AWS eu-west-3, Paris, France)
• Analytics and business data: Google BigQuery (EU multi-region, distributed across Google Cloud data centers within the European Union)
• Application hosting: Vercel (edge network with EU presence)

6.2 Security Measures

We implement industry-standard security measures:

• All data in transit is encrypted using TLS 1.2+
• All data at rest is encrypted using AES-256
• API tokens and credentials are encrypted before storage
• Access to production systems is restricted and logged
• Regular security assessments and updates
• Automatic backups with point-in-time recovery

6.3 International Data Transfers

While BeeMetrics LLC is a US company, we store and process data in the European Union to ensure GDPR compliance. Any necessary data transfers to the US (e.g., for support purposes) are conducted in compliance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) where required.

7. Data Sharing and Third-Party Services (Sub-processors)

We do not sell your personal data. We share data only with the following categories of service providers necessary to operate our platform:

We may also share your information:

• When required by law, legal process, or government request, subject to the safeguards described in Section 8 (Government and Law Enforcement Requests)
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets (with notice to you)

8. Government and Law Enforcement Requests

BeeMetrics LLC may receive requests from government agencies, courts, or law enforcement authorities for user data. We are committed to protecting your privacy and apply the following safeguards to every such request.

8.1 Mandatory Legality Review

Every request received is subject to a mandatory legal review before any response is provided. We assess whether the request:

• Originates from an authority with proper jurisdiction;
• Cites a valid legal basis under applicable law;
• Complies with GDPR Article 48, which requires requests from non-EU authorities to be channeled through international cooperation mechanisms (Mutual Legal Assistance Treaties, EU-US Data Privacy Framework, or equivalent legal instruments).

8.2 Challenging Unlawful Requests

We will refuse and, where appropriate, formally challenge any request we deem unlawful, overbroad, disproportionate, or in violation of applicable data protection laws (including GDPR and CCPA). Legal counsel is consulted before responding to any non-trivial request.

8.3 Data Minimization

In accordance with GDPR Article 5(1)(c), we limit any data disclosed to public authorities to the strict minimum necessary to comply with the legitimate scope of the request. We do not provide bulk data, data outside the request's specific scope, or data of users not identified in the request.

8.4 Documentation and Records

We maintain an internal Record of Processing Activities (ROPA) per GDPR Article 30, in which all government requests received are documented, including:

• Date received and requesting authority;
• Legal basis cited and scope of data requested;
• Internal review outcome and response provided (if any);
• Personnel involved in handling the request.

8.5 User Notification

Where legally permitted, we will notify affected users of any disclosure of their personal data to public authorities, before or after the disclosure, depending on the legal constraints applicable to the specific request.

8.6 Transparency

BeeMetrics LLC has not received any national security requests or similar government requests as of the date of this Privacy Policy. We commit to documenting and, where legally permitted, publicly reporting such requests in the future.

9. Data Retention

We retain your data according to the following schedule:

Upon account deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

10. Your Rights

10.1 Rights Under GDPR (EU/EEA Users)

If you are located in the European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

10.2 Rights Under CCPA (California Users)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Opt-out of the sale of personal information (note: we do not sell personal information)
• Non-discrimination for exercising your privacy rights

10.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@beemetrics.io. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

For data deletion requests, you can also visit our Data Deletion Instructions page.

11. Cookies and Tracking Technologies

We use the following types of cookies:

We do NOT use:

• Third-party advertising or tracking cookies
• Social media tracking pixels
• Cross-site tracking technologies

12. Third-Party Platform Integrations

When you connect third-party platforms (Shopify, Meta, Google, TikTok, Klaviyo) to BeeMetrics:

• We access only the data necessary to provide our Service
• We follow each platform's API terms of service and data use policies
• You can revoke our access at any time through the respective platform's settings or through BeeMetrics
• Upon disconnection, we stop collecting new data from that platform
• Historical data remains until you request deletion

Platform-Specific Notes

13. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@beemetrics.io.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification for significant changes
• Displaying a notice in our application

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

If you are in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.