Privacy Policy

1. Introduction

Welcome to DemandLoop, a back-in-stock notification service provided by Metigro ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Shopify application and related services (collectively, the "Service").

We are committed to protecting your privacy and maintaining the security of your personal information. By using DemandLoop, you agree to the collection and use of information in accordance with this policy.

2. What Data We Collect

2.1 Customer Information

When customers subscribe to back-in-stock notifications through your store, we collect:

• Email addresses: To send restock notifications
• Web push subscription tokens: For browser-based notifications (if enabled)
• Product subscription data: Which products customers want to be notified about
• Shopify customer IDs: To link subscriptions to customer accounts
• Subscription timestamps: When customers subscribed to notifications

2.2 Merchant Information

When you install DemandLoop on your Shopify store, we collect:

• Store information: Store name, domain, timezone, currency
• Product data: Product titles, variants, inventory levels, prices
• Order information: For attribution tracking and revenue analytics
• Account details: Email address, billing information
• Usage data: App settings, feature usage, notification history

2.3 Analytics and Technical Data

We automatically collect certain technical information:

• Log data: IP addresses, browser type, device information
• Performance data: App performance metrics, error logs
• Usage analytics: Feature usage, notification delivery rates
• Attribution data: Click tracking tokens (encrypted, 7-day expiration)

3. How We Use Your Data

We use the collected information for the following purposes:

3.1 Service Delivery

• Send back-in-stock email notifications to subscribed customers
• Deliver web push notifications (if enabled)
• Track notification delivery and engagement
• Manage subscription preferences and unsubscribe requests

3.2 Attribution and Analytics

• Track which notifications lead to purchases (attribution tracking)
• Calculate attributed revenue for billing purposes
• Provide analytics dashboards to merchants
• Generate usage reports and insights

3.3 Service Improvement

• Monitor app performance and reliability
• Identify and fix technical issues
• Develop new features and improvements
• Conduct usage analysis and research

3.4 Communication

• Send service-related notifications (downtime, updates)
• Provide customer support
• Send billing and subscription information
• Share product updates (with your consent)

4. Data Sharing and Third Parties

4.1 Third-Party Services

We share your information with the following third-party service providers:

• Resend: Email delivery service for sending restock notifications. View Resend's Privacy Policy
• Shopify: E-commerce platform for accessing store and product data. View Shopify's Privacy Policy
• Hetzner Cloud: Infrastructure provider for secure data storage. View Hetzner's Privacy Policy

4.2 No Data Selling

We never sell your personal information to third parties. Your data is only shared with service providers necessary to deliver our services, and they are contractually obligated to protect your information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal process (court orders, subpoenas)
• Requests from law enforcement or government authorities
• Protection of our legal rights or safety of users

5. Data Storage and Security

5.1 Data Storage

Your data is stored on secure servers provided by Hetzner Cloud, located in Germany (EU region). We implement:

• Encrypted data transmission (SSL/TLS)
• Encrypted data storage for sensitive information
• Regular automated backups
• Access controls and authentication

5.2 Security Measures

We implement industry-standard security practices:

• Encryption of data in transit and at rest
• Regular security audits and monitoring
• Restricted access to personal data
• Secure authentication mechanisms

5.3 Data Retention

We retain your data as follows:

• Active subscriptions: Retained while subscription is active
• Unsubscribed customers: Deleted within 30 days of unsubscribe request
• Attribution data: Encrypted tokens expire after 7 days
• Analytics data: Aggregated data retained for service improvement
• Merchant data: Retained while account is active, deleted within 90 days after account closure

6. Your Rights and Choices

6.1 Customer Rights

If you're a customer who subscribed to notifications, you have the right to:

• Unsubscribe: Click the unsubscribe link in any notification email
• Access your data: Request a copy of your subscription data
• Delete your data: Request deletion of your subscription information
• Opt-out of tracking: Disable attribution tracking in your browser

6.2 Merchant Rights

As a merchant using DemandLoop, you can:

• Access your data: View all stored data through your dashboard
• Export your data: Download subscription lists and analytics
• Delete your data: Uninstall the app to remove all data
• Manage subscriptions: Control customer subscription settings

6.3 Exercising Your Rights

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

7. Cookies and Tracking

7.1 Attribution Tracking

We use encrypted attribution tokens to track which notification emails lead to purchases. These tokens are:

• Stored in URL parameters (not cookies)
• Encrypted and cannot be used to identify individuals
• Expire automatically after 7 days
• Used solely for attribution and billing purposes

7.2 Session Cookies

We use essential session cookies to maintain your login state and app functionality. These cookies are:

• Required for the service to function
• Deleted when you close your browser
• Not used for tracking or advertising

7.3 Analytics

We collect anonymized usage analytics to improve our service. This data cannot be used to identify individual users and is used solely for service optimization.

8. Children's Privacy

DemandLoop is not intended for use by individuals under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

If you believe we have collected information from a child, please contact us at [email protected].

9. International Data Transfers

Your data is primarily stored in the European Union (Germany). If you access our service from outside the EU, your information may be transferred to, stored, and processed in the EU.

We ensure that all international data transfers comply with applicable data protection laws, including GDPR, through:

• Standard Contractual Clauses (SCCs)
• EU-US Data Privacy Framework (where applicable)
• Appropriate safeguards and security measures

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify merchants via email or in-app notification
• Post the updated policy on our website

Your continued use of DemandLoop after changes become effective constitutes acceptance of the updated policy.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR Requests

If you're an EU resident exercising your rights under GDPR, please clearly state "GDPR Request" in your email subject line. We will prioritize and respond to GDPR requests within the required 30-day timeframe.

For California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA). Please include "CCPA Request" in your email subject line when exercising these rights.