Privacy Policy for PrettyMerch

Last Updated

This Privacy Policy was last updated on 25/02/2025.

1. Introduction

This Privacy Policy explains how MerchCoders Ltd ("we," "our," "us"), a company registered in Cyprus, collects, uses, stores, and protects your personal information when you use PrettyMerch, including our Chrome extension, mobile apps for iOS and Android, and web-based platform (collectively, the "Service"). Our servers are located in the European Union (EU), and we comply with the General Data Protection Regulation (GDPR). By using the Service, you consent to the practices described in this policy.

2. Information We Collect

We collect the following types of information:

• User-Provided Information: When you create an account on our web application, you provide us with personal details such as your name, surname, username, and password.
• Locally Stored Data: Our Chrome extension and mobile apps store certain data locally on your device, including your username and optionally your password (if you enable Auto Re-Login or Remember my Password), sales information, and product data. This data is only stored on your device and not transmitted to our servers.

3. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain the Service.
• To manage your account and subscription.
• To improve the Service based on usage patterns.
• To communicate with you about updates, offers, or support.
• To comply with legal obligations.

4. Data Storage and Security

• Web Application: User details (e.g., name, surname, username, encrypted password) and AI-generated content are stored on our secure servers located in the EU. Passwords are hashed using SHA256 for security, and access to the database is restricted to authorised personell only.
• Chrome Extension and Mobile Apps: Data (e.g., username, password, sales information, product data) is stored locally on your device using base64 encoding. You are responsible for securing your device from unauthorised access.
• We implement reasonable security measures compliant with GDPR to protect your data, such as encryption for server-stored data and restricted access controls. However, no system is completely secure, and users should take steps to protect their devices.

5. Data Sharing and Disclosure

We do not sell your data - personal or not - with any third parties.

We do not share your data with third parties, except as follows:

• Service Providers: We use Paddle.com to process payments and manage subscriptions. Paddle.com handles your payment information according to their privacy policy.
• Analytics: We use Google Analytics to track anonymous usage data to improve the Service. This data is anonymized to comply with GDPR, though it may be transferred outside the EU under strict safeguards.
• Legal Compliance: We may disclose your information if required by EU law or to protect our rights, in accordance with GDPR obligations.

6. User Rights

As our servers are in the EU and we operate under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Access: Request a copy of your data we hold.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion of your data ("right to be forgotten").
• Restriction: Limit how we process your data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to certain uses of your data, such as marketing.

To exercise these rights, please contact us at support@prettymerch.com. We usually respond to your requests within 48 hours but please allow up to one month.

7. Cookies and Tracking Technologies

Our web application may use cookies to enhance your experience. Cookies are small text files stored on your device that help us remember your preferences and understand how you use the Service. You can manage your cookie preferences through your browser settings.

8. Third-Party Services

We use the following third-party services that may collect and process your data according to their own privacy policies:

• Paddle.com: For payment processing and subscription management.
• Google Analytics: For anonymous usage analytics to help us improve the Service.

9. International Data Transfers

Your data is stored on servers located in the EU, ensuring compliance with GDPR’s high privacy standards. However, certain third-party services (e.g., Paddle.com, Google Analytics) may transfer data outside the EU. We ensure these transfers comply with GDPR through safeguards such as Standard Contractual Clauses or reliance on EU adequacy decisions where applicable.

10. Changes to the Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or in-app notifications. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.

11. Children's Privacy

Our Service is not intended for users under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly.

12. Data Retention

For the web application, we retain your personal data for as long as your account is active. If you cancel your subscription, we retain your data for 30 days to allow you to resubscribe without losing your information. After 30 days, your data is permanently deleted.

For the Chrome extension and mobile apps, data is stored locally on your device and is deleted when you remove the extension or uninstall the app. We do not retain this data on our servers.

13. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at support@prettymerch.com.

Our Data Protection Officer is Haris Petrasitis, who can be reached at support@prettymerch.com.

14. Legal Basis for Processing

Under GDPR, we process your personal data on the following legal bases:

• Contract: To provide the Service, such as managing your account and subscription on our EU servers.
• Consent: For optional features, like storing your password locally if you enable Auto Re-Login or "Remember My Password."
• Legitimate Interests: To improve the Service (e.g., via anonymous analytics) and ensure security, balanced against your rights.
• Legal Obligation: To comply with EU laws, such as GDPR requirements.

You may withdraw consent at any time by contacting support@prettymerch.com.

15. Data Breach Notification

In the event of a data breach affecting your personal data on our EU servers, we will notify you and the relevant EU supervisory authority within 72 hours, as required by GDPR, unless the breach poses no risk to your rights and freedoms.