[ PRIVACY POLICY ]

01. OVERVIEW

Ctrl Pit ("we", "our", "us") is a revenue analytics dashboard operated by Robin Stokkel. This policy explains what data we collect when you use Ctrl Pit at ctrlpit.com, how we use it, and your rights. By using Ctrl Pit you agree to this policy.

02. DATA WE COLLECT

Account data: your email address and password (stored securely via Supabase Auth).

Connector credentials: API keys, OAuth tokens, and store identifiers you provide to connect third-party platforms (Shopify, Amazon, Meta Ads, WooCommerce, Bol.com, SendCloud, PostNL, Intime.delivery, Google Analytics 4). These are encrypted at rest.

Order and revenue data: order IDs, amounts, dates, and currency synced from your connected sales channels. We do not collect personally identifiable information about your customers (no names, email addresses, or payment details).

Ad spend data: aggregated daily spend figures synced from your Meta Ads account.

Shipping cost data: shipment IDs, carrier, cost, and tracking numbers synced from your connected shipping providers.

Usage data: standard server logs (IP address, browser, pages visited) retained for up to 30 days.

03. HOW WE USE YOUR DATA

We use your data solely to operate the Ctrl Pit service: to display your revenue, margin, and ad spend analytics within your dashboard. We do not sell, rent, or share your data with third parties for marketing purposes. We do not use your order or customer data to train machine learning models.

04. THIRD-PARTY SERVICES

Ctrl Pit integrates with the following third-party platforms at your direction:

· Shopify — shopify.com/legal/privacy · Amazon Seller Central — amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ · Meta (Facebook) Ads — facebook.com/privacy/policy · Google Analytics 4 — policies.google.com/privacy

Data fetched from these platforms is stored in our database (Supabase, hosted on AWS) to power your dashboard. You can revoke access at any time by disconnecting a connector in your settings.

We also use Stripe for billing. Stripe's privacy policy is available at stripe.com/privacy. We do not store full card details.

05. DATA RETENTION

We retain your synced order and revenue data for as long as your account is active. If you delete your account, all data associated with your organisation is permanently deleted within 30 days. You can request deletion at any time by emailing rstokk@icloud.com.

06. SECURITY

All data is transmitted over HTTPS. Connector credentials are stored encrypted. We use Supabase Row-Level Security to ensure each organisation can only access its own data. We do not log or store the values of API keys in application logs.

07. YOUR RIGHTS (GDPR)

If you are located in the European Economic Area you have the right to access, correct, export, or delete your personal data at any time. To exercise these rights, email rstokk@icloud.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

08. SHOPIFY-SPECIFIC

When you install Ctrl Pit via the Shopify App Store, we access your store's orders and products via the Shopify Admin API (scopes: read_orders, read_products). We use this data exclusively to display revenue analytics inside your Ctrl Pit dashboard. We do not access or store personally identifiable information about your customers. Your store data is never shared with other merchants.

09. CHANGES TO THIS POLICY

We may update this policy from time to time. We will notify you of material changes by email or by displaying a notice in the dashboard. Continued use of Ctrl Pit after changes take effect constitutes acceptance of the updated policy.

10. CONTACT

For privacy questions or data requests, contact us at:

Robin Stokkel rstokk@icloud.com https://www.ctrlpit.com

© 2025 Robin Stokkel · ctrlpit.com