MerchantFlowMerchantFlow Docs
Legal

Privacy Policy - MerchantFlow

MerchantFlow Privacy Policy explains how we collect, use, store, and protect your personal data, integration information, and business analytics data.

Privacy Policy

Effective Date: December 27, 2025

This Privacy Policy explains how MerchantFlow Pty Ltd ("MerchantFlow", "we", "us", "our"), a company registered in Australia, collects, uses, shares, and protects your information when you use the MerchantFlow platform at merchantflow.ai.

By using MerchantFlow, you agree to the collection and use of information as described in this policy.

What Information We Collect

Account Information

When you create a MerchantFlow account, we collect:

  • Email address - for login, communication, and notifications
  • Name - for personalization and team identification
  • Company name - for account organization
  • Password - encrypted and securely stored (we never store plaintext passwords)
  • Billing information - processed and stored securely by Stripe; MerchantFlow does not store payment card details

Integration Data

When you connect third-party platforms, we access and store data including:

  • Google Ads - campaign details, advertising spend, performance metrics, ROAS calculations
  • Google Analytics 4 - website traffic data, conversion events, session and engagement data
  • Google Search Console - search queries, impressions, click-through rates, keyword positions
  • Google Merchant Center - product feed data, listings, pricing, availability
  • Shopify - order data, product catalog, revenue and sales metrics
  • WooCommerce - order data, product catalog, revenue and sales metrics
  • Meta Ads - campaign performance, ad spend, conversion metrics

Usage Data

We automatically collect server logs, device information, analytics data (pages visited, features used), and error logs for debugging.

OAuth Tokens

OAuth tokens for connected integrations are stored securely and encrypted, used solely to access your authorized data, and revocable at any time by disconnecting the integration.

How We Use Your Data

To Provide the Service

  • Display analytics dashboards and reports
  • Sync data from connected integrations
  • Calculate product profitability, ROAS, and margins
  • Generate business insights and recommendations
  • Process billing and manage subscriptions

To Improve the Service

  • Analyze feature usage patterns (aggregated and anonymized)
  • Identify and fix bugs and performance issues
  • Develop new features based on usage trends

To Communicate With You

  • Service updates and maintenance notifications
  • Billing confirmations and receipts
  • Support responses
  • Product announcements (opt-out available)

Data Sharing

Third-Party Service Providers

We share data only with service providers necessary to operate MerchantFlow:

  • Stripe - for payment processing (PCI-compliant)
  • Hosting providers - for infrastructure and data storage
  • Email services - for transactional communications

We Do Not Sell Your Data

MerchantFlow does not sell, rent, or trade your personal information or business data to any third party.

Legal Requirements

We may disclose data when required by court orders, government investigations, protection of rights and safety, or enforcement of our Terms of Service.

Data Security

We implement multiple layers of protection:

  • Encrypted tokens - all OAuth integration tokens encrypted at rest
  • Data isolation - your data is isolated from other accounts through tenant isolation
  • Session management - secure session handling with automatic expiry
  • Password encryption - all passwords hashed and salted
  • HTTPS - all data transmitted over encrypted connections (TLS 1.2+)
  • Access controls - role-based access within your team

For full details, see our Data Security page.

Your Rights

Access Your Data

Request a copy of all personal data we hold. Contact [email protected].

Delete Your Data

Request deletion of your account and associated data. Integration data is removed when integrations are disconnected. Backups are purged according to our retention schedule.

Export Your Data

Export your data at any time using built-in dashboard export features (CSV, JSON) or request a full data export via [email protected].

Correct Your Data

Update account information through Settings > Profile. For other corrections, contact us.

Object to Processing

Object to certain types of data processing by contacting us.

GDPR Compliance

If you are located in the European Union or European Economic Area, additional rights apply under GDPR including right to rectification, erasure, data portability, restriction of processing, objection, and withdrawal of consent.

Legal basis for processing: Contract performance, legitimate interests, consent, and legal obligation.

For full GDPR details, see our GDPR Compliance page.

Cookies

Cookies We Use

  • Essential cookies - authentication, session management, security (CSRF protection)
  • Analytics cookies - aggregated usage statistics, feature adoption, performance monitoring
  • Preference cookies - dashboard settings, timezone, currency preferences

No Advertising Cookies

MerchantFlow does not use advertising or tracking cookies.

Data Retention

Active accounts: Data retained for the duration of your subscription.

Closed accounts: 30-day grace period for reactivation, then permanently deleted. Backups removed within 90 days.

Automatic purge: Certain data types are subject to automatic retention policies. See GDPR Compliance for details.

Children's Privacy

MerchantFlow is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

Changes to This Policy

Material changes are communicated via email and in-app notification with 30 days' notice. Continued use after changes constitutes acceptance. Previous versions available upon request.

Contact

Frequently Asked Questions

What personal data does MerchantFlow collect?

MerchantFlow collects your email address, name, and company name for account purposes. We also collect integration data (analytics, orders, products) through read-only OAuth connections. We do not collect personal customer data from your store.

Does MerchantFlow use my data for advertising?

No. We do not use advertising cookies and do not use your data for any advertising purpose. Your data is used solely to provide and improve the MerchantFlow service.

How can I delete my MerchantFlow data?

Cancel your subscription and email [email protected] requesting data deletion. After a 30-day grace period, all data is permanently deleted.

Does MerchantFlow access my customers' personal information?

No. MerchantFlow accesses order data (amounts, dates, product details) but does not store personal customer information such as names, email addresses, or shipping addresses.

Related Resources

Last updated: March 14, 2026

Legal & Privacy - MerchantFlow Policies

MerchantFlow legal documents including terms of service, privacy policy, GDPR compliance, data security practices, and cookie policies.

Terms of Service - MerchantFlow

MerchantFlow Terms of Service covering service usage, subscription billing, acceptable use, intellectual property, liability limitations, and termination.