Privacy Policy

This Privacy Policy applies to the following data categories:

• User Data: Information collected directly from you when you create an account, subscribe, or interact with us.
• Order Data: Data imported from third-party platforms you connect, such as Etsy, Amazon, or Shopify, for order management.
• Payment Data: Payment and billing information processed through our merchant-of-record provider, Paddle.
• This Privacy Policy does not govern the privacy practices of third parties such as Etsy, Amazon, Shopify, or Paddle. Those providers maintain their own privacy policies and data practices.

For the purposes of the General Data Protection Regulation (GDPR) and similar privacy laws, CircleHalo and our customers may have different responsibilities depending on the data involved.

• You (our customer or seller) are the Data Controller for the personal data of your end customers that is imported into the Services. You determine the purposes and means of processing that data.
• CircleHalo acts as the Data Processor for that Order Data and processes it only on your instructions in order to provide the Services, including importing, unpacking, and displaying data for fulfillment.

When you connect your Shopify store to CircleHalo:

• You (the merchant) are the Data Controller for all customer order data imported from your Shopify store.
• CircleHalo acts as a Data Processor for Shopify order data and processes it solely to provide order management and fulfillment services.
• Shopify Inc. maintains its own privacy policy and data practices for data stored on Shopify's platform.

When you connect your Etsy shop to CircleHalo:

• You (the Etsy seller) are the Data Controller for all Etsy Member personal information accessed through the Etsy API.
• CircleHalo acts as a service provider to you and processes Etsy Member personal information only to fulfill the services provided under our application terms with you.
• Etsy, Inc. maintains its own privacy policy and data practices for data stored on Etsy's platform.

• Account Data: Name, email address, password, phone number, company details, and business identification information.
• Billing Data: Payment details and billing address processed securely by Paddle as our Merchant of Record.
• Communications: Support requests, survey responses, platform feedback, and other correspondence.

When you connect CircleHalo to your eCommerce accounts such as Etsy, Amazon, or Shopify, we collect personal data related to your sales and fulfillment workflows.

• Authentication Data: API tokens or credentials required for secure, ongoing synchronization.
• Order Details: Order IDs, customer names, shipping addresses, personalization requests, and files, including ZIP files, containing design or order information.
• Product Data: Listing details and inventory information required for effective order management.

• Etsy API credentials, including API keys and access tokens, required for secure API access to your Etsy shop through Etsy's official API.
• Order data such as buyer names, email addresses, shipping addresses, order items, transaction details, and order metadata.
• Listing data such as product listings, inventory information, and shop details.
• Etsy Member personal information accessed solely through the Etsy API for order management and fulfillment.

• OAuth access tokens and API credentials required for secure API access to your Shopify store through Shopify's GraphQL Admin API (version 2026-01).
• Order data including customer names, email addresses, shipping addresses, billing addresses, order items, fulfillment status, and order metadata.
• Product data including product listings, variants, and inventory information.
• Customer data from orders, including personalization requests and custom attributes.
• Webhook data including order events such as create, update, cancel, and fulfill, along with app lifecycle events such as install and uninstall.
• GDPR compliance webhook data, including customer data requests, customer deletion requests, and shop deletion requests, as required by Shopify App Store requirements.

• Device and Connection Data: IP address, operating system, device identifiers, browser type, and time zone.
• Usage Data: Login timestamps, activity logs, performance metrics, pages viewed, and feature interactions.
• Tracking Technologies: Data collected via cookies, pixels, and similar technologies used to authenticate sessions, analyze platform usage, and improve security.

• Synchronize order data from your Etsy shop to support order management and fulfillment workflows.
• Display Etsy listing content that is no more than six (6) hours older than the corresponding information on the Etsy site.
• Display other Etsy content that is no more than twenty-four (24) hours older than the content displayed on the Etsy site.
• Maintain secure API connections using credentials required for ongoing synchronization.
• Cache and store Etsy content only as long as reasonably necessary to provide service to your account.

• Synchronize order data from your Shopify store to support order management and fulfillment workflows.
• Process GDPR compliance requests, including data export, customer deletion, and shop deletion, within required timeframes.
• Maintain secure API connections using OAuth tokens for ongoing synchronization.
• Process webhook events to keep order data current and accurate.
• Comply with Shopify App Store requirements, including mandatory GDPR webhook handling.

• We exchange data with Etsy only through Etsy's official API and only to synchronize and display order information you choose to import for order management and fulfillment.
• We do not use Etsy order data for advertising, third-party marketing, resale, profiling, licensing, or for training artificial intelligence or machine learning models.
• Etsy API credentials are stored securely and used only to provide the Services.
• When you disconnect your Etsy shop, we delete associated API credentials and stop data synchronization.
• Etsy maintains its own privacy policy and data practices, which we recommend you review directly.

• We exchange data with Shopify Inc. through their GraphQL Admin API (version 2026-01) and webhook system to synchronize orders and manage your store connection.
• OAuth tokens and API credentials are stored securely and used only to provide the Services.
• When you disconnect your Shopify store, we delete associated API credentials and stop data synchronization.
• We comply with Shopify's mandatory GDPR webhooks and process those requests within required timeframes.
• Shopify maintains its own privacy policy and data practices, which we recommend you review directly.

• Order data imported from Etsy is retained as long as your account remains active and the Etsy connection is maintained.
• Etsy listing content is displayed no more than six (6) hours older than the corresponding information on the Etsy site.
• Other Etsy content is displayed no more than twenty-four (24) hours older than the content displayed on the Etsy site.
• Etsy content is cached and stored only as long as reasonably necessary to provide service to your account.
• Upon disconnection of your Etsy shop, we delete API credentials immediately. Order data remains subject to our standard retention practices unless you request deletion.

• Order data imported from Shopify is retained as long as your account remains active and the Shopify connection is maintained.
• Upon disconnection of your Shopify store, we delete API credentials immediately. Order data remains subject to our standard retention practices unless you request deletion.
• When we receive a Shopify GDPR webhook for shop/redact, all Shopify-related data will be deleted within 48 hours as required by Shopify App Store requirements.
• Customer deletion requests received through customers/redact will be processed within 30 days, with personal information anonymized while preserving order records required for accounting purposes.

If any Etsy Member data accessed via the Etsy API is compromised or reasonably suspected to be compromised, we will promptly notify Etsy at [email protected] and the affected Etsy seller, and in no event later than 24 hours after discovery of the incident.

• Right to Access: To obtain confirmation about processing and receive a copy of your data.
• Right to Rectification: To correct inaccurate or incomplete data.
• Right to Erasure: To request deletion where data is no longer necessary for the purposes collected.
• Right to Restriction of Processing: To limit the way we use your data.
• Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format.
• Right to Object: To object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: To withdraw consent at any time where processing is based on consent.

• You may request access to the data we have collected from your Etsy shop.
• You may request deletion of your Etsy connection and associated data at any time.
• You may export Etsy order data stored in your account.
• You retain control over the use, sharing, and access of Etsy Member information collected by our application.

• You may request access to the data we have collected from your Shopify store.
• You may request deletion of your Shopify connection and associated data at any time.
• If Shopify sends a GDPR deletion request on your behalf through a webhook, we will process it according to Shopify's requirements and notify you where appropriate.
• You may export Shopify order data stored in your account.

• Right to Know: To request the categories and specific pieces of personal data collected, used, and disclosed.
• Right to Delete: To request deletion of personal data we have collected, subject to legal exceptions.
• Right to Opt Out of Sale or Sharing: CircleHalo does not sell or share personal data for cross-context behavioral advertising.
• Right to Non-Discrimination: To exercise your rights without discriminatory treatment.

• Right to Learn: Whether your personal data is being processed.
• Right to Request Information: About the purpose of processing and related details.
• Right to Correction or Deletion: To request correction or deletion where the grounds for processing no longer apply.
• Right to Object: To challenge outcomes produced by automated analysis that adversely affect you.

To exercise any of these rights, please contact us at [email protected].

• You may disconnect your Etsy shop at any time through the CircleHalo interface.
• Upon disconnection, we immediately revoke API access and stop data synchronization.
• You may request complete deletion of Etsy-related data, which will be processed within 30 days.

• You may disconnect your Shopify store at any time through the CircleHalo interface.
• Upon disconnection, we immediately revoke API access and stop data synchronization.
• You may request complete deletion of Shopify-related data, which will be processed within 30 days.
• If Shopify sends a shop deletion webhook (shop/redact), we will delete all associated data within 48 hours in line with Shopify App Store compliance requirements.

For questions about our Etsy integration, data handling, or Etsy API compliance, please contact [email protected]. We process Etsy data solely through Etsy's official API and in compliance with Etsy's API Terms of Use.

For questions about our Shopify integration, data handling, or GDPR compliance related to Shopify data, please contact [email protected]. We process Shopify GDPR webhook requests automatically and respond to merchant inquiries within 30 days for customer requests and 48 hours for shop deletion requests.