Back to home Legal · Privacy

Privacy & Data Processing Notice

How we collect, host, secure, and use the data you and your customers entrust to DigieSales. Written in plain English first, then in the precise language regulators expect.

Effective May 22, 2026 Bahamas-governed Version 2026-05.1
Plain-English summary. Your store and customer data is processed on DigieSales-controlled servers — we are a 'processor' acting on your instructions. We never sell, rent, or share your data with third parties for their own purposes. We do use AI models to analyze your data so the platform can generate insights, recover carts, and write copy — and we disclose every AI provider that touches your data. All legal disputes are resolved exclusively in the courts of The Bahamas.

This Privacy & Data Processing Notice (the "Notice") explains how DigieSales Ltd. ("DigieSales", "we", "us") collects, hosts, secures, and uses personal data in connection with the DigieSales AI plugin, dashboard, mobile apps, and related services (the "Service"). It applies to (i) data about you — the merchant subscriber — and (ii) data about your end-customers that you transmit to DigieSales in order to run the Service on your behalf. It forms part of, and is incorporated by reference into, our Terms of Service.

Who we are

DigieSales Ltd. is a company incorporated under the laws of The Commonwealth of The Bahamas with its registered office in Nassau, New Providence. For data-protection purposes our Data Protection Officer can be reached at dpo@digiesales.ai.

Controller vs. processor roles

We act in two distinct capacities:

  • Controller — for the information you give us directly to set up and manage your DigieSales account (your name, business name, email, billing details, support correspondence). We decide the purposes and means of that processing.
  • Processor — for the data about your end-customers and your store that the Service ingests in order to deliver features (orders, carts, customer profiles, browsing events, etc.). You are the controller; we process this data only on your documented instructions, which are embodied in your configuration of the Service and these Terms.

Where the GDPR, UK GDPR, or analogous laws apply, this Notice together with our Terms constitutes the written Data Processing Agreement ("DPA") between you and DigieSales. A standalone DPA with the Standard Contractual Clauses is available on request from dpo@digiesales.ai.

What data we collect

We collect only what we need to run the Service. Below is the canonical inventory; if a feature is disabled in your dashboard, the corresponding data is not collected.

CategoryExamplesSourceSold?
Account & billing Your name, email, password hash (bcrypt), business name, billing address, payment-method token (held by Stripe, not us) You — directly Never
Store metadata Store URL, WooCommerce/Shopify version, plugin version, license key, time zone, currency Plugin handshake Never
Order & revenue data Order IDs, line items, totals, discount codes, refunds, fulfilment status Your store, via API Never
Customer profiles Customer ID, email, name, billing/shipping country & postcode, opt-in flags, purchase history Your store, via API Never
Cart & browsing events Cart-add, cart-abandon, product-view events (with truncated IP and user-agent), session ID Plugin telemetry on your store Never
Email-engagement signals Opens, clicks, bounces, unsubscribes on emails we send on your behalf Transactional email sub-processor Never
AI prompt & output logs Inputs sent to AI sub-processors and the responses returned (redacted of full payment / health data) Generated during inference AI-only · See §5
Operational logs HTTP access logs, error stack traces, audit trail of admin actions (IP truncated after 24h) Service infrastructure Never
Support correspondence Tickets, chat transcripts, screenshots you attach You — when you contact us Never

We do not knowingly collect special-category personal data (health, biometric, racial, religious, sexual-orientation, trade-union) and you must not transmit such data through the Service without a signed addendum.

How we use that data

We use the data described above for the following purposes only:

  • To provide the Service — running plugin features (cart recovery, segmentation, price alerts, etc.), displaying analytics in your dashboard, generating AI-drafted emails and copy when you enable those features.
  • To bill you — managing subscriptions, processing payments via Stripe, issuing invoices.
  • To support you — responding to tickets, diagnosing issues, communicating about service outages and material changes.
  • To secure the Service — fraud and abuse detection, rate-limiting, intrusion detection, license-key validation.
  • To improve the Service — aggregated, de-identified usage analytics (e.g., "how many stores use feature X"). Aggregated data cannot be re-associated with any individual or store.
  • To comply with the law — meeting tax, accounting, and regulator obligations applicable to DigieSales.

We will not use your data for any other purpose without first obtaining your additional consent.

AI & automated analysis

We use AI to analyze your data. We do not use your data to train shared AI models.

This distinction matters. "Analyzing" means feeding your data into a model at inference time so the model can produce an output for you (a segment, a forecast, an email draft, a chat reply). "Training" means using your data to permanently change the weights of a model that other customers — or the public — can use. We do the first; we do not do the second.

Specifically:

  • AI sub-processors (OpenAI, Anthropic, Google Cloud Vertex AI) operate under their enterprise/API terms which explicitly prohibit the use of API inputs and outputs to train their general-purpose models. We have selected these vendors for this reason and we audit the terms annually.
  • Where DigieSales fine-tunes a model on your tenant's data to improve quality for your store (for example, learning your brand voice), that fine-tuned model is isolated to your tenant. It is not shared with any other customer and is destroyed when your account is deleted.
  • Aggregate usage statistics derived from AI features (e.g., "the segmentation feature was called 1.2M times this month") may be retained in a non-identifiable form for capacity planning.
  • You can disable AI-powered features at any time from Dashboard → AI Usage. The Service remains functional without them at reduced capability.
  • No DigieSales feature makes a "solely automated decision producing legal or similarly significant effects" on an individual within the meaning of GDPR Article 22. All customer-facing outputs (emails, prices, recommendations) require human approval by you, the store operator, before being sent or applied.

No sale, no sharing, no brokering

DigieSales does not sell, rent, broker, license, or share your data — or your customers' data — with any third party for that third party's independent marketing, advertising, profiling, or commercial purposes. Ever.

This applies under every regime: "sale" as defined under California's CCPA/CPRA; "share for cross-context behavioural advertising" as defined under CPRA; "selling" or "renting" under Virginia, Colorado, and Connecticut state laws; and equivalent concepts under the GDPR, UK GDPR, PIPEDA, Brazil's LGPD, and the Bahamas Data Protection Act 2003 (as amended).

The only situations in which we disclose data to a third party are listed in Section 7 (Sub-processors) and Section 14 (Government requests).

Sub-processor register

We rely on the following sub-processors to operate the Service. Each is bound by a written agreement requiring data-protection obligations no less stringent than those in this Notice, and each is restricted to processing data only on our documented instructions.

Sub-processorPurposeData location
Amazon Web Services, Inc.Primary application hosting, database, object storageOhio (us-east-2) & Frankfurt (eu-central-1)
Cloudflare, Inc.DNS, CDN, WAF, DDoS protection, rate-limitingGlobal edge (data in transit only)
Stripe, Inc.Subscription billing, payment processing, taxUnited States & Ireland
Postmark (ActiveCampaign LLC)Transactional email delivery (account & recovery emails)United States
OpenAI LLCLLM inference for chat, copy generation, summarization (Enterprise API)United States
Anthropic PBCLLM inference for analytic reasoning & long-context features (Enterprise API)United States
Google LLC (Vertex AI)Embeddings, classical ML scoring, multilingual translationIowa (us-central1) & Belgium (europe-west1)
Datadog, Inc.Application performance monitoring, error tracking (PII scrubbed in transit)United States
Help Scout, Inc.Support-ticket system for customer correspondenceUnited States

We will give you at least thirty (30) days' notice — by email and via your dashboard — before adding or replacing a sub-processor. You may object to a new sub-processor within fifteen (15) days; if we cannot accommodate your objection, your sole remedy is to terminate your subscription and receive a pro-rata refund for the unused portion of a prepaid term.

Hosting & international transfers

Your data is hosted in the AWS region most appropriate to your account's billing region: by default in us-east-2 (Ohio) for customers billed in USD/CAD, and eu-central-1 (Frankfurt) for customers billed in EUR/GBP. Enterprise customers may request an alternate region in writing.

Where personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country not deemed adequate by the relevant authority, we rely on the European Commission's Standard Contractual Clauses (2021/914) and the UK Addendum (B.1.0), together with supplementary technical measures (encryption in transit and at rest, key-management isolation, sub-processor flow-down).

Security measures

We implement organisational and technical safeguards appropriate to the sensitivity of the data, including:

  • TLS 1.2+ for all data in transit; HSTS preload; modern cipher suites only.
  • AES-256 encryption at rest for databases, backups, and object storage; envelope encryption with AWS KMS.
  • Role-based access control with least-privilege; mandatory hardware-key two-factor authentication for all staff with production access; quarterly access reviews.
  • Network segmentation between application, database, and AI-inference tiers; private VPC with no public ingress to the database tier.
  • Audit logging of all administrative actions (90-day hot retention, 1-year cold retention).
  • Annual third-party penetration test; continuous vulnerability scanning; bug-bounty program (security@digiesales.ai).
  • SOC 2 Type II audit (in progress for 2026); ISO/IEC 27001 alignment.
  • Background checks on all engineering staff; written confidentiality and acceptable-use policies; offboarding within 24 hours of separation.

Retention & deletion

Data categoryRetention period
Account & billingActive for the life of the subscription; financial records retained for 7 years after termination to satisfy accounting and tax laws.
Store, order & customer dataSoft-deleted within 30 days of subscription termination; permanently erased no later than 60 days. Restorable on customer request within the 30-day window.
Cart & browsing eventsRolling 365 days; older events automatically pruned by a daily cron job.
AI prompt & output logsRolling 30 days, then permanently deleted (used only for abuse detection and the customer's own audit trail).
Operational logs90 days hot, 13 months cold (security and incident-response only).
Support correspondence3 years after last contact, then anonymised.

You can request earlier deletion of personal data at any time under Section 11.

Your rights

Depending on where you live, you and your end-customers have the right to:

  • Access — receive a copy of personal data we hold about you.
  • Rectify — correct inaccurate or incomplete data.
  • Erase — request deletion ("right to be forgotten"), subject to lawful retention obligations.
  • Restrict or object — to certain processing, including direct marketing.
  • Portability — receive your data in a structured, machine-readable format.
  • Opt out of sale or sharing (CCPA/CPRA) — DigieSales does not sell or share data, so this is satisfied by default. You may still submit a "Do Not Sell or Share" request to confirm.
  • Lodge a complaint with your local data-protection authority (in the EU/UK), the California Attorney General, or the Bahamas Data Protection Commissioner.

To exercise any right, email dpo@digiesales.ai. We will respond within thirty (30) days. If you are an end-customer of a DigieSales merchant, please contact the merchant first — they are the controller of your data; we will redirect requests to them where appropriate.

Cookies & tracking

The DigieSales marketing website (digiesales.ai) uses only strictly-necessary first-party cookies for session management and CSRF protection, plus self-hosted, IP-anonymised analytics (Plausible). We do not use Google Analytics, Facebook Pixel, or any cross-site advertising trackers on our own properties.

Cart-recovery and analytics features installed on your store may set a first-party cookie on the customer's browser to identify carts across sessions. The cookie contains an opaque session token only — no email, no PII, no third-party identifiers. You are responsible for disclosing this in your own store privacy policy and obtaining consent where required.

Children's data

The Service is not directed to children under sixteen (16) years of age, and we do not knowingly collect personal data from children. If we become aware that we have processed such data without verified parental consent, we will delete it without undue delay. Merchants who knowingly target children must not use the Service.

Government & law-enforcement requests

We respect lawful, narrowly-scoped legal process directed at DigieSales. Our policy is to:

  • Require valid legal process (subpoena, court order, MLAT request) — informal requests are refused.
  • Notify the affected customer before disclosure, unless doing so is legally prohibited (in which case we will notify as soon as the prohibition lifts).
  • Challenge requests that are overbroad, unlawful, or made by an agency without jurisdiction over DigieSales in The Bahamas.
  • Publish an annual transparency report counting the number of requests received, granted, and refused.

Data-breach notification

If we become aware of a personal-data breach that is likely to result in a risk to the rights and freedoms of natural persons, we will notify affected customers without undue delay and in any case within seventy-two (72) hours of becoming aware. The notification will describe the nature of the breach, the categories and approximate number of records affected, the likely consequences, and the measures taken or proposed to mitigate harm.

Governing law

Disputes about this Notice are resolved exclusively in the courts of The Bahamas.

This Notice is governed by the laws of The Commonwealth of The Bahamas, without regard to its conflict-of-laws principles. The parties irrevocably submit to the exclusive jurisdiction of the courts of The Bahamas sitting in Nassau, New Providence. Nothing in this clause limits your statutory right to lodge a complaint with your local data-protection authority.

Changes to this notice

We may update this Notice from time to time. Material changes will be notified to you by email and posted in your dashboard at least thirty (30) days before they take effect. The "Effective" date at the top of this page indicates when the current version became effective. Previous versions are available on request from dpo@digiesales.ai.

Contact & Data Protection Officer

To exercise any right under this Notice, to file a complaint, or to ask any question about how we handle data, please use the contact details below.

DigieSales Ltd. — Data Protection Office

Registered office: Nassau, New Providence, The Commonwealth of The Bahamas
Data Protection Officer: dpo@digiesales.ai
Security incidents: security@digiesales.ai
General legal: legal@digiesales.ai

Last reviewed by counsel: pending · Document version 2026-05.1 · Effective May 22, 2026