Privacy Policy
Convexa Technologies Ltd ("Convexa", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and website. Please read this policy carefully.
Overview
Your data belongs to you. We use your customer data solely to power your Convexa dashboard โ we never sell it, share it with other brands, or use it to train models for third parties. Our promise is simple: your data works for you, not for us.
This policy covers information we collect when you: visit our website (convexa.io); register for an account; connect your Shopify store; use any Convexa product or feature; or communicate with us.
Information We Collect
Information you provide directly
- Account information: name, email address, company name, password
- Billing information: payment card details (processed by Stripe โ we do not store card numbers)
- Communications: messages you send via our support channels or contact forms
- Profile data: preferences, settings, and configurations within the platform
Information collected automatically
- Usage data: pages visited, features used, time spent, click events
- Device data: browser type, operating system, IP address, referring URL
- Cookies and similar technologies: see the Cookies section below
Information from your connected Shopify store
When you connect your Shopify store, we access data via the Shopify API, including: order history, customer records (names, emails, purchase behaviour), product catalogue, and store analytics. This data is used exclusively to power your Convexa signals, segments, and automations.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Convexa platform
- Process your transactions and manage your subscription
- Generate customer intelligence signals, segments, and recommendations for your store
- Send transactional communications (account updates, product alerts, receipts)
- Send marketing communications (only where you have opted in)
- Improve and develop our products and services
- Detect, prevent, and address technical issues and security threats
- Comply with legal obligations
We will never use your customer data (i.e., your shoppers' information) to build models or train systems that benefit other Convexa customers or third parties.
Data Sharing
We do not sell your personal data. We share data only in the following limited circumstances:
Service providers
We share data with vetted third-party service providers who help us operate the platform โ for example, cloud hosting (AWS), payment processing (Stripe), email delivery (Postmark), and analytics (Plausible). These providers are contractually bound to handle data only on our instructions and in accordance with this policy.
Legal requirements
We may disclose your information if required by law, regulation, or legal process โ or to protect the rights, property, or safety of Convexa, our users, or the public.
Business transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified of any such change and your rights will be maintained.
Data Retention
We retain your account and platform data for as long as your account is active or as needed to provide you services. If you close your account, we will delete or anonymise your data within 90 days, unless we are required to retain it for legal or compliance reasons.
Your Shopify customer data (synced via the API) is retained for the duration of your subscription. Upon cancellation or disconnection, it is purged from our systems within 90 days.
Your Rights
Depending on your location, you may have the following rights under applicable data protection law (including GDPR and UK GDPR):
- Access: request a copy of the personal data we hold about you
- Rectification: request correction of inaccurate or incomplete data
- Erasure: request deletion of your personal data ("right to be forgotten")
- Portability: receive your data in a structured, machine-readable format
- Restriction: request that we limit processing of your data
- Objection: object to processing based on legitimate interests or direct marketing
- Withdraw consent: withdraw consent at any time where processing is consent-based
To exercise any of these rights, contact us at privacy@convexa.io. We will respond within 30 days.
Cookies & Tracking
We use the following types of cookies and similar technologies:
- Essential cookies: required for the platform to function. You cannot opt out of these.
- Analytics cookies: help us understand how visitors use our website (we use privacy-focused Plausible Analytics โ no cross-site tracking).
- Preference cookies: remember your settings and preferences.
- Marketing cookies: used only with your explicit consent.
You can manage cookie preferences via the cookie banner or your browser settings. Disabling essential cookies may affect platform functionality.
Security
We implement industry-standard security measures to protect your data, including:
- TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Role-based access controls and least-privilege principles
- Regular security audits and penetration testing
- SOC 2 Type II certification (in progress)
Despite our best efforts, no method of transmission or storage is 100% secure. If you become aware of any security vulnerability, please contact security@convexa.io.
International Data Transfers
Convexa is headquartered in the United Kingdom. If you access our services from outside the UK or EU, your data may be transferred to and processed in countries with different data protection laws.
Where we transfer personal data outside the UK/EEA, we ensure appropriate safeguards are in place โ including Standard Contractual Clauses (SCCs) approved by the relevant data protection authority.
Children's Privacy
Convexa is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@convexa.io.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by prominently posting a notice on our website at least 14 days before the changes take effect. Continued use of the platform after changes become effective constitutes acceptance of the updated policy.
Contact Us
Convexa Technologies Ltd is the data controller for purposes of this policy.
Data Protection Officer: dpo@convexa.io
General privacy enquiries: privacy@convexa.io
Registered address: Convexa Technologies Ltd, 20 Farringdon Road, London, EC1M 3HE, United Kingdom
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK at ico.org.uk, or with your local supervisory authority if you are in the EU.