Privacy Policy

1. Scope

This Policy applies to:

• visitors to our public websites;
• individuals who request information, demos, or support;
• representatives, employees, and authorized users of merchants who use the Service;
• end customers, staff, and other individuals whose personal information flows through merchant integrations into the Service (“Merchant Data Subjects”).

For Merchant Data Subjects, the merchant generally controls the relationship and the purposes of processing. LNC acts as a service provider / processor with respect to that personal information. The merchant remains primarily responsible for providing notice to, and obtaining any required consents from, its own customers and staff.

2. Who we are

• Controller / business contact: LinkNestCommerce, Winnipeg, MB, Canada.
• Privacy contact: [Privacy Email]
• Security contact: [Security Email]

3. Personal information we collect

3.1 Merchant account data

Name, business name, role/title, email, phone (optional), login credentials (passwords stored as salted hashes — we never store plaintext passwords), multi-factor authentication factors, billing contact information.

3.2 Store, customer, order, product, fulfillment, and webhook data from integrations

When you connect a commerce platform such as Shopify to LNC, we ingest and store the data the integration is configured to share: store identifiers and configuration; orders, line items, refunds, returns, discounts; customer information including name, email, phone, billing/shipping address, order history; product, variant, inventory, and pricing data; fulfillment and tracking data; webhook events and delivery metadata; staff/user metadata exposed by the platform where required to operate the Service. We minimize what we ingest to what is necessary for the configured features.

3.3 Payment and billing data

Subscription payments are processed by Stripe and other payment processors. LNC does not store full payment card numbers. We receive limited billing metadata such as last-four digits, card brand, billing address, invoice identifiers, and payment status.

3.4 Device, log, usage, and cookie data

IP address, user agent, device type, OS, language, pages viewed, features used, timestamps, referrers, session identifiers, authentication state, security signals, and cookies and similar technologies (see Cookie Policy).

3.5 Support and other communications

If you contact us, we collect the contents of those communications and contact details.

4. How we collect personal information

• Directly from you, when you sign up, configure the Service, or contact us.
• From your authorized integrations, when you connect a commerce platform or similar Third-Party Provider.
• Automatically, through cookies, log files, and similar technologies.
• From third parties, where you have authorized them to share information with us.

5. Purposes of use

1. provide, operate, secure, and improve the Service;
2. authenticate users and protect against fraud, abuse, and unauthorized access;
3. provide customer support;
4. process subscriptions, invoices, taxes, refunds, and chargebacks;
5. send service announcements, security notices, and transactional messages;
6. send marketing communications where you have provided consent (or where implied consent is permitted under CASL or CAN-SPAM);
7. comply with law and enforce our agreements;
8. produce aggregated and de-identified analytics that do not identify any individual;
9. support the limited automation features described in Section 13.

We do not sell personal information for money. We do not “share” personal information for cross-context behavioural advertising as those terms are defined under California law.

6. Legal basis and consent

In Canada, we rely on your express or implied consent in accordance with PIPEDA and applicable provincial privacy law. You may withdraw consent at any time by contacting [Privacy Email], subject to legal or contractual restrictions and reasonable notice. In the United States, we process personal information as necessary to provide the Service, to comply with law, and based on legitimate business interests consistent with applicable state privacy law.

7. Cookies and analytics

We use cookies and similar technologies to operate the Service, remember your preferences, secure sessions, and understand usage. We use [Analytics Provider] for analytics. See the Cookie Policy.

8. Email marketing and CASL compliance

Where we send commercial electronic messages to recipients in Canada, we comply with Canada's Anti-Spam Legislation (CASL): express consent (typically a separate checkbox at signup) or implied consent permitted under CASL; sender identification; a working unsubscribe mechanism honoured within ten (10) business days; and records of consent. For U.S. recipients we comply with the CAN-SPAM Act and applicable state law. Transactional and service messages may be sent regardless of marketing preferences.

9. Sharing personal information

• Service providers and sub-processors — for example, [Hosting Provider], managed database providers, logging and monitoring, [Email Provider], [Analytics Provider], Stripe and other payment processors.
• Third-Party Providers that you authorize through integrations (e.g., Shopify), to the extent needed to enable the connection.
• Professional advisors (lawyers, accountants, auditors, insurers) under confidentiality.
• Authorities, when required by law, valid legal process, or to protect rights, safety, or property.
• Successors, in connection with a merger, acquisition, financing, or reorganization, subject to confidentiality and continuity of this Policy.

A current list of material sub-processors is available on request from [Privacy Email] and summarized on the Compliance & Security page.

10. Shopify and third-party integration disclosures

When a merchant connects Shopify to LNC, Shopify shares store, customer, order, product, fulfillment, and event data with LNC under the scopes the merchant authorizes. LNC's use of Shopify data is also subject to Shopify's Protected Customer Data requirements and the Shopify Partner Program Agreement. LNC processes this data only to provide the Service to the connected merchant, and not for any independent purpose. Merchants can disconnect Shopify at any time, which will trigger our deletion processes described in the Data Deletion Request Policy.

11. Cross-border data transfers

LNC is operated from Canada and uses service providers that may store or process personal information in Canada and the United States. By using the Service, you acknowledge that personal information may be transferred to, processed, and stored in jurisdictions other than your own, and may be subject to lawful access requests by courts, law enforcement, or national security authorities in those jurisdictions. We use contractual safeguards with our service providers to protect personal information consistent with applicable Canadian privacy law.

12. Data retention and deletion

We retain personal information for as long as needed to provide the Service, comply with legal/accounting/tax/audit/security obligations, resolve disputes, enforce our agreements, and maintain backups for disaster recovery (rotated on a defined schedule). When personal information is no longer required, we delete or de-identify it. See the Data Deletion Request Policy.

13. Cautious AI / automation disclosure

LNC may use automated systems and machine learning models to detect anomalies, fraud, or abuse; prioritize alerts; and assist with operational forecasts and reports. These features are decision-support tools, not automated decision-making in the sense of a binding determination about an individual. Where any output materially affects an individual, human review is available. We do not currently use customer personal information to train third-party foundation models.

14. Security safeguards

We maintain administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, and destruction. See the Compliance & Security page. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

15. Breach notification

If we determine that a breach of security safeguards has created a real risk of significant harm, we will notify affected individuals and applicable regulators (including the Office of the Privacy Commissioner of Canada and, where applicable, U.S. state regulators) in accordance with PIPEDA and applicable state laws, and will notify the merchant where LNC acts as a processor.

16. Your privacy rights

Subject to applicable law and reasonable verification, you may request to access, correct, delete, port, restrict, or object to processing of personal information we hold about you; to withdraw consent; not to be subject to discriminatory treatment for exercising your rights (California residents); and to file a complaint with a regulator. To exercise any of these rights, contact [Privacy Email]. We respond within the time frame required by applicable law (typically thirty (30) days in Canada; forty-five (45) days under CCPA, extendable by another forty-five (45) days).

17. End-customer requests routed through merchants

If you are an end customer of a merchant that uses LNC, your relationship is generally with the merchant, who is responsible for handling your privacy requests. Please contact the merchant first. If the merchant directs us to act, or if we are required to act directly under applicable law, we will cooperate. We can also help merchants fulfill requests through Shopify's customers/data_request and customers/redact flows.

18. Children's privacy

The Service is intended for businesses and is not directed to children under the age of majority. We do not knowingly collect personal information directly from children. If you believe a child has provided personal information to us, contact [Privacy Email] and we will take reasonable steps to delete it.

19. Changes to this Policy

We may update this Policy from time to time. The “Last Updated” date at the top reflects the latest version. Material changes will be communicated through the Service or by email.

20. How to contact us

• Email: [Privacy Email]
• Mail: LinkNestCommerce, Winnipeg, MB, Canada
• General contact: [Contact Email] — see Legal Notices.