Privacy Policy

Last updated: 2026-06-18

⚠️ Draft — have legal counsel review before public launch. The practices below accurately describe how the EcomIQ apps work today.

1. Who we are

EcomIQ ("EcomIQ", "we", "us") provides a suite of tools for Shopify merchants, including CollectionsIQ. This policy explains what data our apps access, how we use it, how we store and share it, and how you can delete it. It applies to all EcomIQ apps and to this website (ecomiq.tools).

2. Data we access

We only access data needed to provide the features you enable, and only for accounts you explicitly connect:

• Shopify store data — shop domain, products, collections, publications, and order data. Orders are immediately aggregated into per-product sales metrics (units sold, net sales, order counts). We request the scopes read_products, write_products, read_publications, write_publications, and read_orders.
• Google Ads data — via the Google Ads API (scope adwords), we read aggregate per-product advertising metrics (impressions, clicks, cost, conversions) for ad accounts you connect.
• Meta (Facebook/Instagram) data — via the Marketing API (ads_read) and catalog access (catalog_management), we read aggregate per-product advertising metrics and product-catalog identifiers for ad accounts you connect.
• Access tokens — credentials to call Shopify and connected platforms on your behalf, stored encrypted at rest.

We do not collect or store any customer personal information. We do not access customer names, emails, addresses, or payment details; order data is reduced to aggregate per-product totals before storage.

3. How we use data

We use the data solely to provide and improve the features you enable — for example, evaluating your collection rules and keeping your Shopify collections in sync. We do not sell data, use it for advertising, or use it to build profiles. We do not allow humans to read your data except (a) with your consent, (b) for security or to comply with law, or (c) where data is aggregated/anonymized for service operations.

4. Google API Services — Limited Use

EcomIQ's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Specifically, data obtained via the Google Ads API is used only to provide and improve the in-app features you enable, is never sold, is never used for advertising, and is never transferred to third parties except as necessary to provide the service, for security, or to comply with applicable law.

5. Meta Platform data

Our use of data obtained through Meta APIs complies with the Meta Platform Terms and Developer Policies. It is used only to provide the connected features and is never sold or used for unrelated purposes. You can disconnect Meta at any time and request deletion (see below).

6. Storage & security

Data is hosted on Cloudflare's developer platform. Access tokens are encrypted at rest (AES-GCM); all access is over HTTPS. We retain only aggregate, non-personal metrics needed to operate the features.

7. Retention

Performance and sales metrics are kept on a rolling window (up to 90 days) and refreshed automatically; older data is discarded. Access tokens are kept until you uninstall or disconnect.

8. Data deletion & your rights

You can delete your data at any time — see Data Deletion for instructions. Uninstalling an EcomIQ app stops processing and deletes stored access tokens; we also honor Shopify's shop/redact and customers/redact erasure requests. You may also request access or deletion via support.

9. Sub-processors

We rely on: Shopify (the platform you install from), Cloudflare (hosting and storage), and the ad platforms you connect (Google, Meta). We share data with these providers only to operate the service.

10. Changes

We may update this policy; we will revise the "last updated" date and, for material changes, notify you in-app or by email.

11. Contact

Questions or requests: Contact us (support@ecomiq.tools).