Commerce Kitty is operated by Apex Squid LLC, a Georgia limited liability company. This privacy policy explains how we collect, use, store, and protect your information when you use our website and services.
By using Commerce Kitty, you agree to the collection and use of information as described in this policy.
Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (stored in hashed form, never in plain text)
You may optionally provide additional profile information including your first name, last name, phone number, company name, and timezone preferences.
Connected Platform Data
When you connect sales channels (such as Shopify, Amazon, Etsy, eBay, WooCommerce, or BigCommerce), we access and store data from those platforms including:
- Product listings (titles, descriptions, images, prices, SKUs)
- Inventory levels
- Order information (order details, customer names, shipping addresses)
- Account identifiers for those platforms
We only request the permissions necessary to sync your inventory and manage orders. We do not access data beyond what is required for the services you use.
Payment Information
Payment processing is handled entirely by Stripe. We do not store your credit card number, CVC, or full card details on our servers. Stripe provides us with a token and basic card metadata (last four digits, expiration date, card brand) for display purposes only.
Usage Data
We collect standard usage data including:
- Pages visited and features used within Commerce Kitty
- Browser type, device type, and operating system
- IP address
- Referring URLs and campaign parameters (UTM tags)
Analytics
We use self-hosted Matomo analytics to understand how visitors interact with our website. Matomo is hosted on our own infrastructure, which means your analytics data is not shared with any third-party analytics company. We also use Google Analytics (GA4) for marketing attribution.
How We Use Your Information
We use the information we collect to:
- Provide and maintain the Commerce Kitty service
- Sync your inventory, orders, and product data across connected platforms
- Process payments and manage your subscription
- Send transactional emails (account verification, password resets, billing notifications)
- Send marketing communications (only with your consent, and you can unsubscribe at any time)
- Improve our product and fix bugs
- Prevent fraud and abuse
Third-Party Services
We share data with the following third-party services as needed to operate Commerce Kitty:
- Stripe - Payment processing. Stripe handles all credit card transactions and is PCI DSS compliant. Stripe Privacy Policy
- Heroku (Salesforce) - Application hosting. Our servers run on Heroku's infrastructure in the United States. Salesforce Privacy Policy
- Cloudflare - CDN and security. Cloudflare provides DNS, SSL, and DDoS protection for our website. Cloudflare Privacy Policy
- Amazon Web Services (AWS) - File storage. Uploaded files may be stored on AWS S3. AWS Privacy Policy
- Mailgun - Transactional email delivery. Used to send account-related emails. Mailgun Privacy Policy
- Connected Platforms - When you connect Shopify, Amazon, Etsy, eBay, or other sales channels, data flows between Commerce Kitty and those platforms via their official APIs. Each platform has its own privacy policy governing how they handle your data.
We do not sell your personal information to third parties.
Cookies
Commerce Kitty uses the following cookies:
- Session cookie - Required for the application to function. Expires when you close your browser or after a period of inactivity.
- Remember me cookie - Optional. If you check "Remember me" during login, a cookie is stored for up to 7 days to keep you logged in.
- CSRF token - Security cookie that prevents cross-site request forgery attacks.
- Analytics cookies - Used by Matomo and Google Analytics to understand website usage patterns.
Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Some data may be retained longer if required by law (such as billing records for tax purposes).
Connected platform data (products, orders, inventory) is deleted when you disconnect a channel or delete your account.
Data Security
We take the security of your data seriously:
- All data in transit is encrypted using TLS (HTTPS)
- Passwords are hashed using industry-standard algorithms and are never stored in plain text
- Connected platform credentials use OAuth tokens. We never store your marketplace passwords.
- Payment data is handled by Stripe and never touches our servers
- Access to production systems is restricted to authorized personnel
Your Rights
You have the right to:
- Access your personal data by logging into your account
- Update your personal information through your account settings
- Delete your account and associated data by contacting us
- Disconnect any connected platform at any time, which stops data sync
- Unsubscribe from marketing emails at any time using the unsubscribe link
- Request a copy of your data by contacting us
Children's Privacy
Commerce Kitty is a business tool designed for adults. You must be at least 18 years old to create an account and use our services. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected data from someone under 18, we will delete it promptly.
Changes to This Policy
We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or by posting a notice on our website. Your continued use of Commerce Kitty after changes are posted constitutes acceptance of the updated policy.
Contact Us
If you have questions about this privacy policy or want to exercise your data rights, contact us at:
- Email: [email protected]
- Company: Apex Squid LLC, Georgia, United States