Loading...
Loading...
Disclaimer: This document is provided for informational purposes only. Please consult a qualified legal professional for advice specific to your situation. EcomBrain recommends independent legal review before relying on any provisions herein.
Last updated: May 6, 2026 • Legal review required before production launch
Welcome to EcomBrain ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we look after your personal data when you visit our website or use our services and tell you about your privacy rights and how the law protects you.
This privacy policy applies to information we collect when you use our AI-powered e-commerce analytics platform ("Services") or otherwise interact with us. It has been prepared for Ecombrain Solution LLC as a US-based SaaS controller and processor, with GDPR and UK GDPR commitments where those laws apply.
EcomBrain is the data controller responsible for your personal data (collectively referred to as "EcomBrain," "we," "us" or "our" in this privacy policy).
Contact Details:
Company: Ecombrain Solution LLC
Address: 30 N Gould St Ste 5240, Sheridan, WY 82801, United States
Email: privacy@ecombrain.io
Jurisdiction: Wyoming, United States
Article 27 EU representative status is pending appointment and remains a launch blocker requiring legal review.
We use your personal data only when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Under the General Data Protection Regulation (GDPR), we rely on the following legal bases to process your personal data:
| Purpose | Legal Basis | GDPR Article |
|---|---|---|
| Providing our services | Contract performance | Art. 6(1)(b) |
| Processing payments | Contract performance | Art. 6(1)(b) |
| Marketing communications | Consent | Art. 6(1)(a) |
| Product improvement and analytics | Legitimate interests | Art. 6(1)(f) |
| Fraud prevention and security | Legitimate interests | Art. 6(1)(f) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
We do not sell your personal data. We engage the following sub-processors who may process your data on our behalf. Each sub-processor is bound by a Data Processing Agreement (DPA) and must comply with GDPR requirements:
If we are involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
We may disclose your information if required by applicable law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
EcomBrain is a US-based SaaS provider. When GDPR or UK GDPR applies and personal data is transferred from the EEA, Switzerland, or the United Kingdom, we rely on appropriate safeguards, including:
You can request a copy of the applicable transfer mechanism by contacting us at privacy@ecombrain.io.
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.
If you are in the European Economic Area (EEA) or the UK, you have the following data protection rights. We will respond to all verified requests within 30 days (extendable by a further two months for complex requests, with notification):
Request a copy of the personal data we hold about you, including information on how it is used and shared.
Request correction of inaccurate or incomplete personal data. You can also update most data directly in your account settings.
Request deletion of your personal data. Note that certain data may need to be retained for legal obligations (e.g., tax records).
Request that we limit how we process your data (e.g., while a dispute is pending).
Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and transfer it to another controller.
Object to processing based on legitimate interests or direct marketing. Where you object to direct marketing, we will stop immediately.
Request human review of any significant decision made about you solely by automated means, where such a decision produces legal or similarly significant effects.
Withdraw consent at any time for processing based on consent (e.g., marketing emails). Withdrawal does not affect the lawfulness of processing before withdrawal.
File a complaint with the competent data protection authority in your jurisdiction. EEA, Swiss, and UK residents may contact their local supervisory authority.
To exercise your rights: Email us at privacy@ecombrain.io or use the data management tools in your account settings.
We will respond to verified requests within 30 days. We may need to verify your identity before processing certain requests.
We implement appropriate technical and organizational measures (TOMs) to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access:
Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you suspect a security breach affecting your account, please contact us immediately at security@ecombrain.io.
We use cookies and similar tracking technologies to provide and improve our services. Under GDPR and the ePrivacy Directive, we obtain your consent for non-essential cookies before setting them.
Strictly necessary for authentication, session management, and platform security. These cookies cannot be disabled as the platform cannot function without them.
Examples: session tokens, CSRF protection tokens, authentication state
Help us understand how users interact with our platform to improve product quality (PostHog).
Can be declined via our cookie consent banner or browser settings.
Remember your preferences and settings (e.g., theme, dashboard layout, language).
Can be declined, but may affect platform experience.
Manage Cookies: You can control cookies through our cookie consent banner (shown on first visit), your browser settings, or by emailing us at privacy@ecombrain.io. Note that disabling essential cookies will prevent you from using the platform.
Our platform integrates with third-party e-commerce and advertising platforms (Shopify, WooCommerce, Meta Ads, Google Ads, TikTok Ads, etc.). When you connect these services:
Our website may also contain links to third-party websites. We are not responsible for the content or privacy practices of those external sites.
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@ecombrain.io.
If we become aware that we have collected personal data from a child without verifiable parental consent, we will take steps to delete that information promptly.
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:
Where required by law, we will obtain your fresh consent for material changes. For non-material changes, your continued use of our services after the updated policy is posted constitutes your acceptance.
If you have any questions, concerns, or wish to exercise your data subject rights, please contact us:
Privacy Enquiries
privacy@ecombrain.ioData Protection Officer (DPO)
dpo@ecombrain.ioSecurity Issues
security@ecombrain.ioJurisdiction
Wyoming, United States
Registered Address
Ecombrain Solution LLC
30 N Gould St Ste 5240, Sheridan, WY 82801, United States
Response Time: We aim to acknowledge all privacy-related inquiries within 5 business days and resolve them within 30 days (or notify you of an extension).