EcomIQX
Free Audit

Privacy Policy

Effective date: March 31, 2026

This Privacy Policy describes how Smoother Development AB (organisationsnummer 559526-3350, trading as "EcomIQX," and referred to herein as "EcomIQX," "we," "us," or "our") collects, uses, and protects information when you use the EcomIQX platform, website, and related services (collectively, the "Service"). By accessing or using the Service, you agree to the practices described in this policy.

For the purposes of the EU General Data Protection Regulation (GDPR) and the Swedish Data Protection Act (lag 2018:218), Smoother Development AB is the data controller for personal data collected through the Service. Our lead supervisory authority is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten — IMY, imy.se).

If you have questions or concerns, contact us at [email protected] or by post to our registered office (see the Legal Notice). This Privacy Policy is governed by Swedish law.

1. Information We Collect

1.1 Account and Registration Data

When you create an account we collect the information you provide directly, including:

  • Name and email address
  • Password (stored as a one-way hash — we never store plaintext passwords)
  • OAuth tokens if you sign in via Google or GitHub (we store only the minimum profile data returned)
  • Organization name and any billing contact details you provide
  • Profile preferences and account settings

1.2 Product Catalog and Business Data

To deliver the Service, you provide us with e-commerce product data, which may include:

  • Product titles, descriptions, images, and metadata
  • SKUs, pricing, inventory, and category information
  • Data imported from connected integrations (Shopify, WooCommerce, Google Merchant Center)
  • SEO and search performance data from Google Search Console and Google Analytics
  • Content you submit for AI rewriting, translation, or optimization

This data belongs to you. We process it solely to provide the Service as described below.

1.3 Usage and Interaction Data

We automatically collect certain data when you use the Service:

  • Log data: IP address, browser type, operating system, referring URLs, pages visited, and timestamps
  • Feature usage events (e.g., which features you use, AI operations performed, content generated)
  • Copilot chat messages and AI interaction logs (used for quality, observability, and support)
  • Error reports and crash diagnostics
  • Device identifiers and session tokens

1.4 Billing and Payment Data

Payment processing is handled by Stripe. We do not store raw card numbers or sensitive payment credentials on our servers. We receive and store billing metadata from Stripe, including subscription status, plan tier, invoice history, and the last four digits of a payment method for display purposes.

1.5 Communications Data

When you contact support or send us email, we retain the content of those communications to resolve your inquiry and improve the Service.

1.6 Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

  • Essential cookies — required for authentication, session management, and core functionality. The Service cannot operate without these.
  • Analytics cookies — help us understand how the Service is used in aggregate so we can improve it.
  • Preference cookies — remember your settings and UI preferences across sessions.

You can control non-essential cookies through your browser settings. Disabling essential cookies will impair or prevent your ability to use the Service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the EcomIQX platform and its features
  • Process AI operations on your product data (rewriting, translation, keyword extraction, health scoring)
  • Authenticate users and manage your organization's workspace and team members
  • Process subscription billing and manage your account
  • Send transactional emails (account confirmations, password resets, billing notifications)
  • Provide customer support and respond to your requests
  • Monitor platform health, diagnose bugs, and improve reliability
  • Analyze usage trends in aggregate to improve product features
  • Enforce our Terms of Service and acceptable use policies
  • Comply with applicable laws and legal obligations

We do not sell your personal data or product catalog data to third parties. We do not use your product catalog data to train AI models for purposes beyond operating the Service for your organization.

3. AI Data Processing

EcomIQX is an AI-first platform. When you use AI features — including content rewriting, translation, keyword extraction, and the Copilot chat — your product data and prompts are transmitted to third-party AI model providers to generate outputs. This is a fundamental part of how the Service works.

3.1 AI Providers We Use

  • Anthropic (Claude models) — used for content rewriting, copilot chat, and content optimization tasks. Anthropic's API terms govern their handling of API inputs. Anthropic does not use API inputs to train their models by default.
  • OpenAI — may be used for specific AI tasks including embeddings and content generation. OpenAI's API usage policies apply. OpenAI does not use API data to train models by default under their business terms.

Data sent to AI providers includes product content (titles, descriptions, and other catalog fields you submit for processing) and the system prompts we use to instruct the models. We do not send unnecessary personal information to AI providers.

3.2 AI Observability

We use Langfuse to log and monitor AI interactions for quality assurance, cost management, and debugging. Langfuse logs may include prompts and AI-generated outputs associated with your workspace. These logs are retained in accordance with our data retention policy and are not shared with third parties beyond Langfuse's service.

3.3 No Guarantee of AI Accuracy

AI-generated content is provided as a starting point to assist your editorial workflow. You are responsible for reviewing, editing, and approving any AI-generated content before publishing it. EcomIQX does not warrant the accuracy, completeness, or fitness of AI outputs for any particular purpose.

4. Information Sharing and Third-Party Services

We share your information only as necessary to provide the Service or as required by law:

4.1 Service Providers

We engage trusted third-party companies to help us operate the Service. These providers process data on our behalf under data processing agreements and are not permitted to use your data for their own purposes:

  • Stripe — payment processing and subscription billing
  • Anthropic — AI content processing (Claude models)
  • OpenAI — AI content processing
  • Resend — transactional email delivery
  • Langfuse — AI observability and usage monitoring
  • Amazon Web Services / S3-compatible storage — file and asset storage
  • Google APIs — data imported from Google Search Console, Google Merchant Center, and Google Analytics when you connect those integrations

4.2 Integrations You Authorize

When you connect a third-party integration (Shopify, WooCommerce, Google), you authorize EcomIQX to access data from those platforms on your behalf. Your use of those platforms is governed by their respective privacy policies and terms.

4.3 Legal Requirements

We may disclose information if we believe disclosure is required by applicable law, regulation, legal process, or government request, or to protect the rights, property, and safety of EcomIQX, our customers, or others.

4.4 Business Transfers

If EcomIQX is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account and profile data — retained while your account is active and for up to 30 days after account deletion, to allow recovery from accidental deletion.
  • Product catalog data — retained while your account is active. Upon account deletion, catalog data is deleted within 60 days.
  • AI interaction logs (Langfuse) — retained for up to 90 days for debugging and quality purposes, then purged.
  • Billing records — retained for 7 years as required for financial and tax compliance.
  • Server and access logs — retained for up to 90 days for security and operational purposes.

You may request deletion of your account and associated data at any time by contacting [email protected]. We will fulfill verified deletion requests within 30 days, subject to any legal retention obligations.

6. Data Security

We implement technical and organizational measures designed to protect your data against unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest in our database and storage systems
  • Hashed storage of passwords using industry-standard algorithms
  • Role-based access controls limiting employee access to customer data
  • Regular security reviews and dependency updates
  • Isolated workspaces ensuring one organization cannot access another's data

No method of electronic transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify affected users as required by applicable law.

7. International Data Transfers

EcomIQX is operated from the United States. If you are accessing the Service from outside the United States — including from the European Economic Area (EEA), United Kingdom, or Switzerland — your data will be transferred to and processed in the United States.

For transfers from the EEA, UK, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses (SCCs) adopted by the European Commission, to ensure your data receives an adequate level of protection. Where our sub-processors are involved in international transfers, we ensure they maintain equivalent safeguards.

8. Your Rights Under GDPR

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or equivalent local law:

  • Right of access — You may request a copy of the personal data we hold about you.
  • Right to rectification — You may request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten") — You may request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability — You may request your personal data in a structured, machine-readable format.
  • Right to restriction of processing — You may request that we restrict processing of your data in certain circumstances.
  • Right to object — You may object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond to verified requests within 30 days. You also have the right to lodge a complaint with the supervisory authority in your country of residence.

Our lawful bases for processing personal data include: performance of a contract (providing the Service you subscribed to), legitimate interests (platform security, fraud prevention, product improvement), and compliance with legal obligations.

9. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

  • Right to know — You may request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.
  • Right to delete — You may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to correct — You may request correction of inaccurate personal information.
  • Right to opt out of sale or sharing — We do not sell or share your personal information for cross-context behavioral advertising.
  • Right to non-discrimination — We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at [email protected]. We will respond within 45 days. We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

10. Children's Privacy

The Service is intended for business use by individuals who are at least 18 years of age. EcomIQX does not knowingly collect personal information from anyone under 18. If we learn that we have inadvertently collected personal information from a minor, we will delete it promptly. If you believe we have collected information from a minor, contact us at [email protected].

11. Enterprise and Self-Hosted Deployments

Enterprise customers who deploy EcomIQX in a self-hosted environment operate their own instance of the platform on their own infrastructure. In self-hosted deployments, the customer organization acts as the data controller for all data processed within that instance. The terms of any applicable data processing agreement (DPA) between EcomIQX and the enterprise customer govern that arrangement.

Enterprise customers may request a Data Processing Agreement (DPA) by contacting [email protected].

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the effective date at the top of this page and notify you via email or a prominent notice in the platform at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact:

  • Email: [email protected]
  • Legal entity: Smoother Development AB (Swedish aktiebolag, org.nr 559526-3350)
  • VAT: SE559526335001
  • Registered office: Stockholm, Sweden — full postal address on our Legal Notice
  • Data protection authority: Integritetsskyddsmyndigheten (IMY), Sweden — imy.se