Discount 2025
Get a fantastic 20% discount, Avail Discount

Login     Create Account

Request 30 min Demo

PRIVACY POLICY AND DATA PROTECTION FRAMEWORK

Issuing Entity: ShopGPTPro Inc. Effective Date: December 17th, 2025 Version: 1.0

Table of Contents

1. PREAMBLE AND SCOPE OF APPLICABILITY

ShopGPTPro Inc. or www.shopgptpro.com (“Company,” “we,” “us,” or “our“) provides the ShopGPTPro platform, APIs, and associated digital services (collectively, the “Services“). This Privacy Policy (“Policy“) constitutes a legal statement regarding the collection, processing, usage, and security of Personal Data belonging to users of our Services (“User” or “You“).

This Policy is drafted in compliance with global data protection standards, including but not limited to:

  • United States: The California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and applicable federal standards.

  • United Kingdom & European Union: The UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (EU) 2016/679.

  • Pakistan: The Prevention of Electronic Crimes Act (PECA) 2016 and adherence to the principles outlined in the draft Personal Data Protection Bill.

By accessing or utilizing the Services, You acknowledge the practices described herein. If You do not agree with the terms of this Policy, You must discontinue use of the Services immediately.

2. DEFINITIONS AND INTERPRETATION

For the purposes of this Policy, the following definitions apply:

  • “Personal Data” (or Personal Information): Any information relating to an identified or identifiable natural person.

  • “Data Controller”: The entity that determines the purposes and means of the processing of Personal Data (typically ShopGPTPro regarding User account data).

  • “Data Processor”: An entity that processes Personal Data on behalf of the Controller (typically ShopGPTPro regarding User’s customer data).

  • “Processing”: Any operation performed on Personal Data, whether or not by automated means, such as collection, recording, storage, adaptation, or destruction.

3. DATA COLLECTION AND AGGREGATION

We collect data through direct interaction, automated technologies, and third-party integrations.

3.1. Information Provided Directly by User

  • Identity Data: Full name, corporate entity name, and title.

  • Contact Data: Business email address, physical billing address, and telephone number.

  • Authentication Data: Encrypted credentials, API keys, and login tokens necessary for account access.

  • Financial Data: Partial credit card numbers (last 4 digits) and billing history. Note: Full payment card details are processed directly by our PCI-DSS compliant payment gateways (e.g., Stripe, Shopify Payments) and are not stored on our servers.

3.2. Automated Usage Data When You interact with our Services, we automatically collect Technical Data, including internet protocol (IP) addresses, browser type/version, time zone settings, operating system, and platform usage metrics (clickstreams, session duration).

3.3. Platform and Business Data (Merchant Data) As a service integrated with e-commerce platforms, we process data regarding your store configurations, product catalogs, images, and descriptions to facilitate the functionality of the ShopGPTPro tools.

4. LEGAL BASIS FOR PROCESSING

We rely on the following lawful grounds to process Personal Data:

  • Contractual Necessity: Processing is required to fulfill our Service Agreement with You (e.g., account management, service delivery).

  • Legitimate Interests: Processing is necessary for fraud prevention, network security, and the improvement of our algorithms and services, provided these interests do not override Your fundamental rights.

  • Legal Obligation: Processing is required to comply with statutory requirements (e.g., tax filings, law enforcement requests).

  • Consent: Where required by law (e.g., for direct marketing or specific tracking technologies), we obtain Your explicit, opt-in consent.

5. USE AND DISCLOSURE OF INFORMATION

5.1. Operational Usage We utilize Personal Data to:

  • Provision, maintain, and optimize the Services.

  • Process subscription payments and generate invoices.

  • Authenticate Users and prevent unauthorized access.

  • Train and refine our AI models (using anonymized, non-personally identifiable data only).

5.2. Third-Party Sharing and Sub-Processors We do not sell Personal Data. We disclose data only to trusted third-party service providers (“Sub-Processors“) binding them by written confidentiality and data processing agreements (DPAs). These include:

  • Cloud Infrastructure: (e.g., AWS, Azure) for hosting and database management.

  • Payment Processors: For secure transaction handling.

  • Analytics Providers: (e.g., Google Analytics, Microsoft Clarity) for service performance monitoring.

6. INTERNATIONAL DATA TRANSFERS

ShopGPTPro Inc. operates globally. Consequently, Personal Data may be transferred to, and processed in, countries other than the country in which You are resident.

6.1. Transfers from EEA/UK Transfers of Personal Data outside the European Economic Area (EEA) or the United Kingdom to jurisdictions without an “adequacy decision” are governed by Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) to ensure a level of protection equivalent to that of the GDPR.

6.2. Transfers from Pakistan Data processed within Pakistan or transferred internationally is handled in accordance with best practices regarding data localization and security as outlined in the PECA 2016 and relevant frameworks issued by the Ministry of Information Technology & Telecom (MoITT).

7. DATA RETENTION AND MINIMIZATION

We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Policy, or as required by law (e.g., for tax and accounting purposes).

  • Active Accounts: Data is retained for the life of the account.

  • Deleted Accounts: Account data is archived for [Insert Days, e.g., 30 days] before permanent deletion, unless retention is legally mandated.

  • Anonymization: We reserve the right to retain anonymized, aggregated data indefinitely for research and analytical purposes.

8. RIGHTS OF THE DATA SUBJECT

Depending on Your jurisdiction, You possess specific rights regarding Your Personal Data.

8.1. Europe (GDPR) and UK

  • Right to Access: Request copies of Your Personal Data.

  • Right to Rectification: Correct inaccurate data.

  • Right to Erasure (“Right to be Forgotten”): Request deletion of data, subject to legal limitations.

  • Right to Portability: Receive data in a structured, machine-readable format.

8.2. United States (CCPA/CPRA)

  • Right to Know: Request details on the categories of data collected and shared.

  • Right to Delete: Request deletion of Personal Information.

  • Right to Opt-Out: Opt-out of the “sale” or “sharing” of personal data (as defined by CCPA).

  • Non-Discrimination: We will not deny services or charge different rates for exercising these rights.

8.3. Pakistan Users retain the right to access their data and request the correction of inaccuracies, consistent with constitutional privacy protections and the PECA framework.

Exercise of Rights: To exercise any of these rights, submit a formal request to our Data Protection Officer at info@shopgptpro.com. We will respond within the statutory timeframe (typically 30-45 days).

9. SECURITY MEASURES

We employ enterprise-grade technical and organizational measures to protect Personal Data, including:

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

  • Access Control: Strict role-based access control (RBAC) and Multi-Factor Authentication (MFA) for internal staff.

  • Audits: Regular vulnerability scanning and penetration testing.

While we strive for maximum security, no digital transmission is strictly impenetrable. User acknowledges the inherent risks of providing information online.

10. COOKIES AND TRACKING TECHNOLOGIES

We utilize cookies to distinguish You from other users of our Services.

  • Essential Cookies: Strictly necessary for platform operation (e.g., session management).

  • Analytical Cookies: For tracking usage patterns (e.g., Google Analytics).

  • Preference Cookies: To store User settings. Users may control cookie acceptance via browser settings; however, disabling cookies may limit Service functionality.

11. CHILDREN’S PRIVACY

The Services are strictly B2B (Business to Business) and not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children under 13 (or 16 in applicable jurisdictions). If we become aware of such collection, we will take immediate steps to delete such information.

12. AMENDMENTS TO THIS POLICY

ShopGPTPro Inc. reserves the right to modify this Policy at its sole discretion. Material changes will be communicated via email or a prominent notice on the Service dashboard. The “Last Updated” date at the top of this Policy indicates when the latest revisions became effective.

13. CONTACT AND DISPUTE RESOLUTION

For inquiries regarding this Policy or data privacy practices:

ShopGPTPro Inc. Attn: Privacy Officer / Data Protection Officer Email: info@shopgptpro.com

Governing Law: This Policy shall be governed by the laws of [the State of California, United States / London, England and Wales / Islaamabad, Pakistan], without regard to conflict of law principles.

14. INCORPORATION AND RELATIONSHIP TO TERMS OF SERVICE

This Policy is incorporated by reference into, and is subject to, the ShopGPTPro Terms of Service (“Terms“). Accordingly, Your access to and use of the Services is strictly conditioned upon Your acceptance of the Terms, which contain overarching provisions governing the legal relationship between the parties, including but not limited to Limitations of Liability, Disclaimer of Warranties, Indemnification, and Dispute Resolution (including mandatory arbitration and class action waivers, where enforceable). In the event of a direct conflict between a provision in this Policy and the Terms regarding the specific processing of Personal Data, the provisions of this Policy shall prevail; for all other legal matters, the Terms shall control.