Privacy Policy

1. Information We Collect

We may collect the following types of information:

• Contact information you provide directly, such as your name and email address when you reach out via this website.
• Usage data collected automatically when you visit this site, including IP address, browser type, pages viewed, and referring URLs.
• Advertising and analytics data accessed via authorized third-party platforms (Meta, Google) on behalf of clients who have granted us access to their accounts.

2. How We Use Information

We use the information we collect to:

• Respond to inquiries and communicate with prospective and current clients.
• Deliver marketing and growth consulting services to clients.
• Access and manage advertising accounts, campaign data, and performance reporting through authorized API integrations (Meta Marketing API, Google Ads API).
• Improve the performance and usability of this website.

3. Third-Party API Access

We access data from third-party platforms including Meta (Facebook/Instagram) and Google on behalf of our clients. This access is granted explicitly by each client and is used solely to manage and report on their advertising activities. We do not sell, share, or use client advertising data for any purpose beyond the services contracted.

Our use of data obtained through the Meta Marketing API and Google Ads API is subject to the respective platform policies:

• Meta Platform Policy
• Google APIs Terms of Service

4. Data Sharing

We do not sell your personal information. We do not share personal information with third parties except:

• With service providers who assist in operating our business (e.g., email, analytics tools), under confidentiality obligations.
• When required by law or to protect our legal rights.
• With your explicit consent.

5. Cookies and Tracking

This website may use basic analytics tools to understand site traffic and usage patterns. These tools may use cookies or similar technologies. You can disable cookies in your browser settings, though this may affect site functionality.

6. Data Retention

We retain personal information only as long as necessary to fulfill the purposes described in this policy, or as required by law. Client advertising data accessed via API is not stored beyond the active engagement period.

7. Your Rights

Depending on your location, you may have rights to access, correct, or delete personal information we hold about you. To exercise these rights, contact us at the email below.

8. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us at douglass@entonces.co

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected by updating the date at the top of this page.

Shopify App (Agency Data Connect)

Entonces operates a Shopify app called Agency Data Connect that connects to client Shopify stores for the sole purpose of feeding data into agency-managed reporting dashboards. This section describes how that app handles Shopify data and supplements the policy above.

What data we access from your Shopify store

With the store owner's consent during app installation, the app reads the following data from Shopify's Admin API:

• Orders — order number, date, totals, taxes, discounts, currency, financial and fulfillment status
• Order line items — products, variants, SKUs, quantities, and prices
• Products — titles, vendors, types, tags, prices, and inventory levels
• Customers — names, email addresses, phone numbers, shipping/billing city and country, marketing consent status, and lifetime spend
• Shop information — store name, owner email, plan, currency, and timezone

We do not access payment methods, credit card numbers, or raw checkout data.

How we use this data

We use this data exclusively to populate dashboards and reports for the merchant whose store generated it. Data from one client's store is never shown to, shared with, or used for the benefit of any other client.

How we store it

• Access tokens issued by Shopify are encrypted at rest with AES-256 before being written to our database.
• All API traffic — between Shopify and our servers, and between our servers and agency dashboards — runs over HTTPS.
• The database is hosted on a dedicated volume on Fly.io (United States region), accessible only from our application servers.
• Our agency-facing API requires a secret key on every request.

How long we keep it

We retain synced data for as long as the merchant has the app installed. When the merchant uninstalls the app, our servers receive Shopify's standard uninstall notification and we stop collecting new data. We delete the merchant's historical data within 48 hours of receiving Shopify's shop/redact webhook (which Shopify fires 48 hours after uninstall).

Shopify's data request and deletion webhooks

The app implements Shopify's mandatory compliance webhooks:

• customers/data_request — when a customer asks a merchant "what data does this app have about me?", our system produces the record and the merchant delivers it.
• customers/redact — when a customer asks a merchant to delete their personal data, we irreversibly redact the customer's name, email, and addresses from our database and remove it from the order and customer raw records within 30 days.
• shop/redact — when a merchant uninstalls and the 48-hour grace period elapses, we delete all of that merchant's data from our database.

Third-party processors

We use the following sub-processors to operate the Shopify app. All are bound by their own privacy and security commitments:

• Shopify, Inc. — source of the data
• Fly.io — application and database hosting
• Vercel — hosting for client-facing dashboards
• GitHub — source code hosting (code only, no customer data)

We do not share Shopify data with advertisers, marketers, or analytics providers.

Contact for Shopify data questions

For requests related to data accessed via the Shopify app — including access, correction, or deletion — contact douglass@entonces.co. We will respond within 30 days.