Privacy Policy

Last updated: April 3, 2026

EU Commerce Tools ("we", "us", or "our"), a product of CDEM Solutions, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at eucommercetools.com, use our Shopify apps, PrestaShop modules, or interact with any of our services.

We process personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable national data protection laws of EU member states.

1. Information We Collect

1.1 Personal Data You Provide

We collect personal data that you voluntarily provide when you:

  • Create an account or install our apps: name, email address, store URL, business name, and billing information.
  • Contact us: name, email address, and the content of your message via our contact form or email at [email protected].
  • Subscribe to our newsletter: email address.
  • Purchase a product: name, email, billing address, and payment details (processed securely by our payment providers).

1.2 Data Collected Automatically

When you access our website or services, we may automatically collect:

  • Usage data: pages visited, time spent on pages, click patterns, referral sources, and navigation paths.
  • Device information: browser type, operating system, device type, screen resolution, and language preferences.
  • Network data: IP address (anonymized where possible), approximate geographic location (country/region level).
  • Cookies and similar technologies: as described in our Cookie Policy.

1.3 Data from Third Parties

We may receive information about you from third-party platforms you use in connection with our services:

  • Shopify: when you install one of our apps, Shopify shares your store information, merchant profile, and relevant order data as authorized by you during the app installation process.
  • Payment processors: LemonSqueezy and Stripe provide us with transaction confirmations and billing status (we never receive or store your full credit card number).

2. How We Use Your Data

We use the information we collect for the following purposes:

  • Service provision: to provide, maintain, and improve our Shopify apps, PrestaShop modules, and related services.
  • Communication: to respond to your inquiries, send transactional emails (order confirmations, app notifications), and provide customer support.
  • Marketing: to send you newsletters, product updates, and compliance tips (only with your explicit consent, and you can unsubscribe at any time).
  • Analytics: to understand how our website and services are used, identify trends, and improve user experience.
  • Legal compliance: to comply with applicable laws, regulations, and legal processes.
  • Security: to detect, prevent, and address technical issues, fraud, and security threats.

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on one or more of the following legal grounds:

  • Contract performance (Art. 6(1)(b)): processing necessary to fulfill our contractual obligations to you, such as providing our apps and services.
  • Consent (Art. 6(1)(a)): where you have given explicit consent, such as subscribing to our newsletter or accepting non-essential cookies.
  • Legitimate interests (Art. 6(1)(f)): for analytics, service improvement, and fraud prevention, where our interests do not override your fundamental rights.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and other legal requirements.

3. Third-Party Services

We use the following third-party services that may process your data:

  • Google Analytics 4 (GA4): for website analytics. Google may transfer data to servers in the United States. We use IP anonymization and have entered into a Data Processing Agreement with Google. Google's Privacy Policy.
  • Cloudflare: for content delivery, DNS, performance optimization, and security (including Turnstile CAPTCHA). Cloudflare processes minimal personal data and acts as a data processor. Cloudflare's Privacy Policy.
  • Shopify: our apps run on Shopify's platform. Data processing is governed by Shopify's terms and our app's permissions. Shopify's Privacy Policy.
  • LemonSqueezy: processes payments for our PrestaShop modules. LemonSqueezy's Privacy Policy.
  • Stripe: may be used as an underlying payment processor through LemonSqueezy. Stripe's Privacy Policy.

We ensure that all third-party processors provide adequate data protection guarantees and, where applicable, have entered into Standard Contractual Clauses (SCCs) for international data transfers.

4. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience. For a detailed breakdown of the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

You can manage your cookie preferences at any time through the cookie consent banner on our website or through your browser settings.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: retained for the duration of your account or active subscription, plus 30 days after account deletion.
  • Transaction records: retained for 7 years to comply with tax and accounting regulations applicable in the EU.
  • Contact form submissions: retained for up to 2 years after the last communication.
  • Newsletter subscribers: retained until you unsubscribe, after which your email is removed within 30 days.
  • Analytics data: aggregated and anonymized data may be retained indefinitely. Personal analytics data is retained for up to 14 months (GA4 default).

6. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15): you have the right to obtain confirmation as to whether your personal data is being processed and, if so, to request access to that data.
  • Right to rectification (Art. 16): you have the right to request correction of inaccurate personal data or completion of incomplete data.
  • Right to erasure (Art. 17): you have the right to request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction (Art. 18): you have the right to request restriction of processing in certain circumstances.
  • Right to data portability (Art. 20): you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21): you have the right to object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent (Art. 7(3)): where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7. International Data Transfers

Some of our third-party service providers may process data outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Adequacy decisions by the European Commission for the recipient country.
  • EU-US Data Privacy Framework certification (where applicable).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Regular security assessments and vulnerability testing.
  • Access controls and authentication measures.
  • Staff training on data protection and security best practices.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you by email if the changes significantly affect how we process your data.
  • Post a notice on our website.

We encourage you to review this policy periodically.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.

We use cookies to improve your experience and analyze site traffic. Learn more