Privacy Policy
Last updated: January 2025
Legal Basis & Summary
We process personal data only with your consent and strictly for the purposes described in this policy. The legal basis for non-essential analytics is consent (GDPR Art. 6(1)(a)).
You can manage your preferences in the and withdraw consent at any time.
Our Commitment to Privacy
At Ecomwiz, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our AI shopping assistant service.
As a solo founder, I personally ensure that your data is handled with the utmost care and transparency. You deserve to know exactly what happens with your information.
Information We Collect
Personal Information
- Email address (for waitlist and communications)
- Name (when you contact us directly)
- Store information (when you integrate Ecomwiz)
Usage Data
- Customer interactions with the AI assistant
- Product recommendations and search queries
- Performance metrics and analytics
Automatically Collected Information (with your consent)
- IP address and approximate location (city/country level)
- Browser type and device information
- Page views and site navigation patterns
- Performance metrics (page load times, web vitals)
How We Use Your Information
- Provide and improve our AI shopping assistant service
- Send important updates about Ecomwiz (no spam, ever)
- Respond to your support requests and questions
- Analyze usage patterns to enhance the AI's performance
- Ensure the security and integrity of our service
Data Protection
We implement industry-standard security measures to protect your data:
- Encrypted data transmission and storage
- Regular security audits and updates
- Limited access to personal information
- Secure cloud infrastructure with reputable providers
Cookies & Tracking
We use cookies and similar technologies to improve your experience on our site. You can manage your preferences in the .
Essential Cookies (always active)
| Cookie Name | Purpose | Duration |
|---|---|---|
| cookie_consent_v1 | Stores your cookie preferences | 6 months |
Analytics Cookies (require consent)
When you consent to analytics, we use Vercel Analytics and Speed Insights. These tools are privacy-focused and designed for GDPR compliance:
- No tracking cookies: Vercel Analytics does not use third-party cookies
- Anonymous data: Users are identified by a hash from the incoming request, automatically discarded after 24 hours
- No cross-site tracking: Cannot reconstruct browsing sessions across different websites
- Aggregated only: All data is aggregated and cannot identify individual users
Data collected (when you consent):
- Page URLs and dynamic paths
- Referrer information
- Browser type and version
- Device type (mobile/desktop/tablet)
- Operating system
- Country (ISO code)
- Network speed (4g, 3g, etc.)
- Web performance metrics (Core Web Vitals)
Marketing Cookies
We currently do not use any marketing cookies or third-party advertising trackers. If we introduce marketing tools in the future, we will update this policy and request your consent before activation.
Third-Party Data Processors
When you consent to analytics, your data is processed by the following third-party service:
Vercel Inc.
Services: Analytics and Speed Insights (website performance monitoring)
Location: United States (440 N Barranca Avenue #4133, Covina, CA 91723)
Data transferred: Page views, device type, browser info, approximate location (city/country), performance metrics
Legal basis: Your consent (GDPR Art. 6(1)(a))
Data protection:
- EU-U.S. Data Privacy Framework certified
- Data Processing Agreement (DPA) in place
- ISO 27001:2013 certified
- Uses Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform with global replication
Data retention: Analytics session data discarded after 24 hours; aggregated statistics retained for service improvement
Privacy Policy: https://vercel.com/legal/privacy-policy
Vercel processes data as our data processor and complies with GDPR requirements. They are certified under the EU-U.S. Data Privacy Framework for lawful data transfers from the EU to the United States.
International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our analytics provider (Vercel) operates.
We ensure appropriate safeguards are in place for international transfers:
- Vercel is certified under the EU-U.S. Data Privacy Framework
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with appropriate security measures
These mechanisms ensure your data receives an adequate level of protection consistent with EU data protection standards.
Your Rights Under GDPR
You have the right to:
- Access your personal data
- Correct inaccurate information
- Delete your data (right to be forgotten)
- Export your data in a portable format
- Object to processing based on legitimate interests
- Restrict processing in certain circumstances
- Withdraw consent at any time (via )
- Opt out of communications at any time
- Lodge a complaint with your local supervisory authority
To exercise any of these rights, simply contact me directly through the contact page. As a solo founder, I personally handle all privacy requests within 24 hours.
Third-Party Services
Ecomwiz integrates with WooCommerce and uses trusted third-party services for:
- Cloud hosting and infrastructure (Vercel)
- AI processing and machine learning
- Payment processing (when applicable)
- Analytics and performance monitoring (Vercel Analytics - with consent only)
All third-party services are carefully vetted and comply with privacy regulations including GDPR.