Last updated: February 10, 2026 | GDPR & CCPA Compliant
ecomm2026 ("The Scaler") acts as the data controller for personal information collected through our platform. For EU/EEA users, processing is conducted in accordance with GDPR (Regulation EU 2016/679). For California residents, we comply with the CCPA.
Account Data: Email address, name (if provided), subscription tier, payment metadata (processed by Stripe — we never see full card numbers).
Usage Data: Pages visited, features used, session duration, device type (collected via privacy-respecting analytics).
Advertising Data: Meta Ads campaign metrics (spend, revenue, ROAS, CTR, etc.) provided via CSV upload or Meta API connection. This data is used exclusively for analysis within your account.
Free Tier: CSV uploads on the free tier are processed entirely client-side (in your browser). No advertising data is transmitted to or stored on our servers.
Contract Performance: Processing necessary to provide the Service you subscribed to.
Legitimate Interest: Analytics to improve the Service, fraud prevention, security.
Consent: Marketing communications (opt-in only, withdrawable at any time).
Data is stored on servers within the EU (Vercel EU) and encrypted using AES-256 at rest and TLS 1.3 in transit. Database hosting is provided by Neon (PostgreSQL) with automated backups. We implement role-based access control and regular security audits.
EU/EEA Users (GDPR): Right to access, rectification, erasure ("right to be forgotten"), data portability, restriction of processing, and objection to processing. Contact: privacy@ecomm2026.com
California Residents (CCPA): Right to know what personal information is collected, right to delete, right to opt-out of sale (we do not sell personal data), and right to non-discrimination.
Spanish Users (LOPDGDD): Additional rights under Ley Orgánica 3/2018. You may contact the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.
Stripe: Payment processing (PCI-DSS Level 1). See stripe.com/privacy
Meta (Facebook): API connection for ad data (read-only access). See facebook.com/privacy
Vercel: Hosting and CDN. See vercel.com/legal/privacy-policy
Neon: Database hosting. See neon.tech/privacy
We use essential cookies for authentication and session management. Analytics cookies are optional and require consent (EU). You may manage cookie preferences at any time through your browser settings or our cookie banner.
Account data is retained while your account is active. Campaign history is retained for 90 days (paid tiers). Upon account deletion or 30 days after subscription cancellation, all personal and advertising data is permanently deleted from our systems and backups within 30 days.
Data Protection Officer: privacy@ecomm2026.com
General inquiries: support@ecomm2026.com