Privacy Policy
Effective Date: 2/11/2024
Company: Shop Engine LLC
Website: https://myshopengine.com
1. Introduction
Shop Engine LLC (“Shop Engine,” “we,” “our,” or “us”) is a full-service marketing and growth agency. We process data in connection with paid advertising, email/SMS marketing, analytics, CRO, and growth consulting services.
This Privacy Policy explains how we collect, use, disclose, process, and safeguard personal information.
By accessing our website or engaging our services, you agree to this policy.
2. Scope
This policy applies to:
Visitors to our website
Prospective clients
Clients
Client customer data processed on behalf of clients
When processing client customer data, Shop Engine acts as a Data Processor. The client acts as the Data Controller.
3. Categories of Information Collected
3.1 Information You Provide Directly
We may collect:
Full name
Email address
Phone number
Company name
Job title
Billing details
Business performance metrics
Ad account credentials (authorized access only)
Platform access (Shopify, Klaviyo, Meta, Google, etc.)
3.2 Automatically Collected Data
Through cookies and tracking technologies:
IP address
Browser and device information
Operating system
Pages viewed
Clickstream behavior
Referring URLs
Conversion activity
3.3 Client Customer Data
While providing services, we may process:
Customer names
Email addresses
Phone numbers
Purchase history
Engagement behavior
Device identifiers
Advertising identifiers
We process this data strictly under client instruction.
4. Purpose of Processing
We process personal data to:
Deliver marketing and growth services
Manage paid advertising campaigns
Execute email and SMS programs
Analyze performance and conversion data
Improve campaign efficiency
Detect fraud or abuse
Comply with legal obligations
We do not sell personal data.
5. Legal Bases for Processing (GDPR)
Where applicable, processing is based on:
Contractual necessity
Legitimate business interest
Consent
Legal compliance
Clients are responsible for obtaining valid consent from their customers where required.
6. Data Processing Addendum (DPA)
When Shop Engine processes personal data on behalf of a client:
Processing is performed solely according to documented client instructions.
Personnel are bound by confidentiality obligations.
Appropriate technical and organizational security measures are implemented.
Subprocessors are only engaged under written agreements imposing equivalent data protection obligations.
We assist clients in responding to data subject requests where required.
Upon termination, client data will be deleted or returned upon written request unless legally required to retain it.
A formal Data Processing Addendum may be executed upon request.
7. Subprocessors
Shop Engine may engage third-party service providers (“Subprocessors”) to assist in service delivery, including but not limited to:
Cloud hosting providers
Advertising platforms (Meta, Google, TikTok)
Email and SMS platforms (e.g., Klaviyo)
Analytics providers
Payment processors
CRM platforms
All Subprocessors are contractually required to maintain appropriate security and confidentiality standards.
Clients may request a current list of Subprocessors.
8. Data Security and SOC-2 Aligned Controls
Shop Engine maintains commercially reasonable safeguards, including:
Administrative Controls
Role-based access controls
Confidentiality agreements
Internal security policies
Limited employee access to client data
Technical Controls
Encrypted data transmission (HTTPS/TLS)
Multi-factor authentication where available
Secure cloud hosting environments
Regular software updates
Access logging
Organizational Controls
Vendor due diligence
Principle of least privilege
Data minimization practices
While we align security practices with SOC-2 principles (security, availability, confidentiality), we do not represent formal SOC-2 certification unless explicitly stated.
No system can guarantee absolute security.
9. Data Breach Notification
In the event of a confirmed data breach affecting client personal data:
We will notify the affected client without undue delay and no later than 72 hours after confirmation.
Notification will include the nature of the breach, categories of data affected, and remediation steps.
We will cooperate in reasonable investigations and mitigation efforts.
Clients remain responsible for regulatory notification obligations unless otherwise agreed.
10. Cross-Border Data Transfers
Where personal data is transferred outside its jurisdiction of origin:
We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), contractual protections, or equivalent legal mechanisms.
Clients acknowledge that use of global advertising and cloud platforms may involve international data transfers.
11. Data Retention
We retain personal data:
As long as necessary to provide services
As required by contract
As required by law
For legitimate business purposes such as dispute resolution
Client customer data is retained only for the duration necessary to fulfill service obligations unless otherwise instructed.
12. Your Rights
Depending on jurisdiction, individuals may have rights to:
Access their personal data
Correct inaccurate data
Request deletion
Restrict processing
Object to processing
Data portability
Requests may be submitted to: [Insert Email]
We may require identity verification before responding.
13. California Privacy Rights (CCPA/CPRA)
California residents may:
Request disclosure of collected personal information
Request deletion
Request correction
Opt out of sale or sharing (we do not sell personal data)
To exercise rights, contact: [Insert Email]
We will not discriminate for exercising privacy rights.
14. Marketing Communications
You may receive communications if you:
Book a call
Download resources
Engage services
Opt into marketing
You may unsubscribe at any time.
SMS consent is not shared with third parties or affiliates for marketing purposes. (except SMS providers)
15. Children’s Privacy
Our services are not directed to individuals under 18.
We do not knowingly collect data from minors.
16. Confidentiality
All client business information, financial data, and marketing performance metrics are treated as confidential unless explicitly authorized for case studies or marketing.
17. Changes to This Policy
We may update this Privacy Policy periodically.
The updated version will include a revised effective date.
Continued use of services constitutes acceptance of changes.
18. Contact Information
Shop Engine LLC
2356 NW 49th Lane, Boca Raton FL 33431
Email: Accounts@myshopengine.com
Website: https://myshopengine.com
Privacy Policy
Effective Date: 2/11/2024
Company: Shop Engine LLC
Website: https://myshopengine.com
1. Introduction
Shop Engine LLC (“Shop Engine,” “we,” “our,” or “us”) is a full-service marketing and growth agency. We process data in connection with paid advertising, email/SMS marketing, analytics, CRO, and growth consulting services.
This Privacy Policy explains how we collect, use, disclose, process, and safeguard personal information.
By accessing our website or engaging our services, you agree to this policy.
2. Scope
This policy applies to:
Visitors to our website
Prospective clients
Clients
Client customer data processed on behalf of clients
When processing client customer data, Shop Engine acts as a Data Processor. The client acts as the Data Controller.
3. Categories of Information Collected
3.1 Information You Provide Directly
We may collect:
Full name
Email address
Phone number
Company name
Job title
Billing details
Business performance metrics
Ad account credentials (authorized access only)
Platform access (Shopify, Klaviyo, Meta, Google, etc.)
3.2 Automatically Collected Data
Through cookies and tracking technologies:
IP address
Browser and device information
Operating system
Pages viewed
Clickstream behavior
Referring URLs
Conversion activity
3.3 Client Customer Data
While providing services, we may process:
Customer names
Email addresses
Phone numbers
Purchase history
Engagement behavior
Device identifiers
Advertising identifiers
We process this data strictly under client instruction.
4. Purpose of Processing
We process personal data to:
Deliver marketing and growth services
Manage paid advertising campaigns
Execute email and SMS programs
Analyze performance and conversion data
Improve campaign efficiency
Detect fraud or abuse
Comply with legal obligations
We do not sell personal data.
5. Legal Bases for Processing (GDPR)
Where applicable, processing is based on:
Contractual necessity
Legitimate business interest
Consent
Legal compliance
Clients are responsible for obtaining valid consent from their customers where required.
6. Data Processing Addendum (DPA)
When Shop Engine processes personal data on behalf of a client:
Processing is performed solely according to documented client instructions.
Personnel are bound by confidentiality obligations.
Appropriate technical and organizational security measures are implemented.
Subprocessors are only engaged under written agreements imposing equivalent data protection obligations.
We assist clients in responding to data subject requests where required.
Upon termination, client data will be deleted or returned upon written request unless legally required to retain it.
A formal Data Processing Addendum may be executed upon request.
7. Subprocessors
Shop Engine may engage third-party service providers (“Subprocessors”) to assist in service delivery, including but not limited to:
Cloud hosting providers
Advertising platforms (Meta, Google, TikTok)
Email and SMS platforms (e.g., Klaviyo)
Analytics providers
Payment processors
CRM platforms
All Subprocessors are contractually required to maintain appropriate security and confidentiality standards.
Clients may request a current list of Subprocessors.
8. Data Security and SOC-2 Aligned Controls
Shop Engine maintains commercially reasonable safeguards, including:
Administrative Controls
Role-based access controls
Confidentiality agreements
Internal security policies
Limited employee access to client data
Technical Controls
Encrypted data transmission (HTTPS/TLS)
Multi-factor authentication where available
Secure cloud hosting environments
Regular software updates
Access logging
Organizational Controls
Vendor due diligence
Principle of least privilege
Data minimization practices
While we align security practices with SOC-2 principles (security, availability, confidentiality), we do not represent formal SOC-2 certification unless explicitly stated.
No system can guarantee absolute security.
9. Data Breach Notification
In the event of a confirmed data breach affecting client personal data:
We will notify the affected client without undue delay and no later than 72 hours after confirmation.
Notification will include the nature of the breach, categories of data affected, and remediation steps.
We will cooperate in reasonable investigations and mitigation efforts.
Clients remain responsible for regulatory notification obligations unless otherwise agreed.
10. Cross-Border Data Transfers
Where personal data is transferred outside its jurisdiction of origin:
We rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), contractual protections, or equivalent legal mechanisms.
Clients acknowledge that use of global advertising and cloud platforms may involve international data transfers.
11. Data Retention
We retain personal data:
As long as necessary to provide services
As required by contract
As required by law
For legitimate business purposes such as dispute resolution
Client customer data is retained only for the duration necessary to fulfill service obligations unless otherwise instructed.
12. Your Rights
Depending on jurisdiction, individuals may have rights to:
Access their personal data
Correct inaccurate data
Request deletion
Restrict processing
Object to processing
Data portability
Requests may be submitted to: [Insert Email]
We may require identity verification before responding.
13. California Privacy Rights (CCPA/CPRA)
California residents may:
Request disclosure of collected personal information
Request deletion
Request correction
Opt out of sale or sharing (we do not sell personal data)
To exercise rights, contact: [Insert Email]
We will not discriminate for exercising privacy rights.
14. Marketing Communications
You may receive communications if you:
Book a call
Download resources
Engage services
Opt into marketing
You may unsubscribe at any time.
SMS consent is not shared with third parties or affiliates for marketing purposes. (except SMS providers)
15. Children’s Privacy
Our services are not directed to individuals under 18.
We do not knowingly collect data from minors.
16. Confidentiality
All client business information, financial data, and marketing performance metrics are treated as confidential unless explicitly authorized for case studies or marketing.
17. Changes to This Policy
We may update this Privacy Policy periodically.
The updated version will include a revised effective date.
Continued use of services constitutes acceptance of changes.
18. Contact Information
Shop Engine LLC
2356 NW 49th Lane, Boca Raton FL 33431
Email: Accounts@myshopengine.com
Website: https://myshopengine.com
