Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

We collect information that you provide directly to us, including:

• Account Information: When you create an account, we collect your name, email address, password, and company information.
• Payment Information: When you subscribe to a paid plan, our payment processor (Stripe) collects your payment card information, billing address, and related payment data. We do not store complete payment card numbers on our servers.
• Store URLs and Data: URLs of e-commerce stores you submit for analysis, along with publicly available performance metrics and analytics data.
• Communications: When you contact us for support, feedback, or feature requests, we collect the contents of your messages and any attachments.
• Profile Information: Optional information you choose to provide, such as profile photos or additional business details.

1.2 Information We Collect Automatically

When you access or use our services, we automatically collect certain information:

• Usage Information: Details about how you use our platform, including features accessed, pages viewed, time spent, and interaction patterns.
• Device Information: Information about your device, including IP address, browser type and version, operating system, device identifiers, and mobile network information.
• Log Data: Server logs that may include your IP address, access times, browser type, pages visited, and the page you visited before navigating to our platform.
• Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See our Cookie Policy section below for more details.
• Analytics Data: We use third-party analytics services (like Google Analytics) to understand user behavior and improve our services.

1.3 Information from Third-Party Services

We may receive information from third-party services when you choose to connect them with Upsidia AI:

• Authentication Services: If you sign up using Google OAuth or other third-party authentication, we receive your name, email address, and profile information from those services.
• Public Data Sources: We collect publicly available data about websites you analyze, including performance metrics from various third-party data providers and public web analytics services.

2. How We Use Your Information

We use the information we collect for various purposes, including to:

• Provide and Maintain Our Services: To operate, maintain, and improve the Upsidia AI platform, including analyzing e-commerce stores, generating performance reports, and delivering AI-powered insights.
• Process Transactions: To process your subscription payments, manage your account, and provide customer support.
• Communicate With You: To send you technical notices, updates, security alerts, support messages, and administrative communications.
• Personalize Your Experience: To tailor content, features, and recommendations based on your usage patterns and preferences.
• Improve Our AI Models: To train and improve our artificial intelligence and machine learning models that power our analysis and recommendations. We use aggregated and anonymized data for this purpose.
• Research and Development: To develop new features, products, and services, and to understand trends in e-commerce performance.
• Marketing and Promotions: With your consent, to send you newsletters, product updates, and promotional materials. You can opt out at any time.
• Security and Fraud Prevention: To detect, prevent, and respond to fraud, abuse, security risks, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Payment Processing: Stripe for payment processing and subscription management.
• Cloud Infrastructure: Amazon Web Services (AWS) and Supabase for hosting and data storage.
• Email Services: Resend for transactional emails and newsletters.
• Analytics: Google Analytics for usage analytics and insights.
• AI Services: Best-in-class mixed AI models for generating performance insights and recommendations.

3.2 Business Transfers

If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our platform of any such change in ownership or control of your personal information.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), including to meet national security or law enforcement requirements.

3.4 With Your Consent

We may share your information with third parties when you give us your explicit consent to do so.

3.5 Aggregated and Anonymized Data

We may share aggregated or anonymized information that cannot reasonably be used to identify you, such as industry benchmarks, performance trends, and statistical analyses.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use industry-standard encryption protocols (TLS/SSL) to protect data in transit and at rest.
• Access Controls: We restrict access to personal information to employees, contractors, and agents who need that information to operate, develop, or improve our services.
• Secure Infrastructure: Our platform is hosted on secure, SOC 2 compliant infrastructure.
• Regular Security Audits: We conduct regular security assessments and vulnerability testing.
• Incident Response: We have procedures in place to detect, respond to, and notify you of security incidents.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

5. Data Retention

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Account Information: Retained while your account is active and for a reasonable period thereafter, or as required by law.
• Usage Data: Typically retained for up to 90 days unless needed for security, legal compliance, or operational purposes.
• Financial Records: Retained for at least 7 years to comply with tax and accounting regulations.
• Communications: Support tickets and communications are retained for up to 3 years for quality assurance and dispute resolution.

When we no longer need your information, we will securely delete or anonymize it.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format.

6.2 Correction

You can update your account information at any time through your account settings. If you need assistance, please contact us.

6.3 Deletion

You can request deletion of your personal information, subject to certain legal obligations that may require us to retain certain data. To delete your account, please contact us.

6.4 Opt-Out of Marketing

You can opt out of receiving promotional emails by clicking the unsubscribe link in any marketing email or by updating your email preferences in your account settings.

6.5 Cookie Controls

Most web browsers are set to accept cookies by default. You can usually modify your browser settings to decline cookies or alert you when cookies are being sent. Note that some features of our platform may not function properly without cookies.

6.6 Do Not Track

Some browsers support a "Do Not Track" feature. Because there is no common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signals.

7. International Data Transfers

Upsidia AI is based in the United States, and we process and store information in the United States and other countries. By using our services, you acknowledge that your information may be transferred to and processed in countries other than your country of residence, which may have different data protection laws.

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we rely on appropriate legal mechanisms for international data transfers, including Standard Contractual Clauses approved by the European Commission.

8. Children's Privacy

Upsidia AI is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child without parental consent, we will delete that information as quickly as possible. If you believe a child has provided us with personal information, please contact us.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to distinguish you from other users. This helps us provide you with a better experience and improve our services.

9.1 Types of Cookies We Use

• Essential Cookies: Required for the operation of our platform, including authentication and security.
• Performance Cookies: Help us understand how visitors interact with our platform by collecting and reporting information anonymously.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences.
• Targeting Cookies: Used to deliver relevant advertisements and track campaign effectiveness.

9.2 Third-Party Cookies

We use the following third-party services that may set cookies on your browser:

• Google Analytics: To analyze platform usage and improve our services.
• Stripe: For secure payment processing.
• Google reCAPTCHA: To protect against spam and abuse.

10. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

• Right to Know: You have the right to request information about the personal information we collect, use, disclose, and sell.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt out of the sale of your personal information. We do not sell personal information.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your privacy rights.

To exercise these rights, please contact us.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR):

• Right of Access: You have the right to obtain confirmation of whether we process your personal data and to access that data.
• Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request deletion of your personal data in certain circumstances.
• Right to Restriction: You have the right to restrict processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format.
• Right to Object: You have the right to object to processing of your personal data in certain circumstances.
• Right to Withdraw Consent: Where we rely on consent, you have the right to withdraw it at any time.

To exercise these rights, please contact us. You also have the right to lodge a complaint with a supervisory authority.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this policy.

If we make material changes to this Privacy Policy, we will notify you by email (if you have provided one) or by posting a prominent notice on our platform prior to the changes becoming effective. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through our support form.