Privacy Policy

2 · Privacy Policy

Last updated: May 23, 2026

Ecom for Dummies ("we," "us," "our") respects your privacy. This Privacy Policy explains what information we collect about you when you visit ecomfordummies.com (the "Site") or purchase our products, how we use it, with whom we share it, and the rights you have. By using the Site, you agree to this Privacy Policy.

If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to the collection, processing, and disclosure of your personal information.

1. Information We Collect

We collect three categories of information:

(a) Information you provide directly. When you create an account, place an order, sign up for our email list, fill out our audit form, or contact us, you may provide your name, email address, billing address, business name, business website URL, and any messages or feedback you submit.

(b) Information collected automatically. When you visit the Site, we automatically collect: IP address, device type and identifier, browser type and version, operating system, referring URL, pages viewed, time spent on pages, links clicked, geographic region (city/state level inferred from IP), and timestamps. We collect this through cookies, pixels, web beacons, log files, and similar technologies.

(c) Information from third parties. We may receive information about you from payment processors (transaction status, fraud risk scores), advertising platforms (audience demographics, ad performance), and email service providers (delivery and engagement data).

2. Cookies and Tracking Technologies

We use the following categories of cookies and trackers:

  • Strictly necessary — required for the Site to function (e.g., shopping cart, checkout, account login). These cannot be disabled.

  • Analytics — measure how visitors use the Site (e.g., Google Analytics 4, Shopify Analytics).

  • Marketing & advertising — power retargeting and conversion tracking on Meta (Facebook/Instagram), TikTok, Google Ads, and similar platforms.

  • Email engagement — track email opens, clicks, and other interactions (Klaviyo).

You can block or delete cookies through your browser settings. Blocking strictly-necessary cookies will break parts of the Site, including checkout. Blocking other categories will not affect functionality but may degrade your experience.

3. Third-Party Services We Use

We use the following third-party services to operate the business. Each has its own privacy policy that also governs your interactions with them:

  • Shopify, Inc. — e-commerce platform, payment processing, customer accounts.

  • Shopify Payments, Shop Pay, Apple Pay, Google Pay, PayPal — payment processing.

  • Klaviyo, Inc. — email marketing, audience segmentation, on-site forms.

  • Google LLC — Google Analytics 4, Google Ads, Google reCAPTCHA (anti-spam).

  • Meta Platforms, Inc. — Meta Pixel for advertising and conversion tracking.

  • TikTok Inc. — TikTok Pixel for advertising and conversion tracking.

We do not control how these services use your data. We recommend you review their respective privacy policies. Adding or removing services may occur without notice; the most current list is reflected by the cookies actually loaded on the Site.

4. Relationship with Shopify

The Site is hosted by Shopify, which collects and processes personal information about your access to and use of the Site in order to provide and improve the Site for us and for you. Information you submit to the Site will be transmitted to and shared with Shopify, as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you.

In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our store, along with other merchants and with Shopify. To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other merchants, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes.

To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy at https://www.shopify.com/legal/consumer-privacy-policy and the Shopify Privacy Portal at https://privacy.shopify.com/en.

5. How We Use Your Information

  • Process orders, deliver products, and provide customer support.

  • Send transactional emails (receipts, download links, refund confirmations).

  • Send marketing emails about our products and updates, where you have opted in.

  • Operate, maintain, debug, and improve the Site.

  • Run targeted advertising on third-party platforms (retargeting, lookalike audiences).

  • Detect and prevent fraud, abuse, and security incidents.

  • Enforce our Terms of Service and other policies.

  • Comply with legal obligations, respond to lawful requests from authorities, and protect our legal rights.

6. Legal Bases for Processing (EU/UK Customers)

If you are in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contractual necessity — to fulfill your purchase and provide the product.

  • Legitimate interests — to operate, secure, and improve our business; to prevent fraud; to engage in direct marketing of similar products to existing customers.

  • Consent — for marketing emails to new subscribers, non-essential cookies, and any other processing where consent is required by law. You may withdraw consent at any time.

  • Legal obligation — to comply with tax, accounting, anti-money-laundering, and other applicable laws.

7. Sharing of Information

We do not sell your personal information for money. We may "share" personal information for cross-context behavioral advertising as defined by certain US state privacy laws. We share data as follows:

  • With the third-party service providers listed in Section 3, for the purposes described.

  • With business and marketing partners to provide marketing services and advertise to you (see Section 9 for your opt-out rights).

  • With professional advisors (accountants, lawyers, insurers) under confidentiality.

  • In connection with a merger, acquisition, financing, or sale of business assets, in which case your data may transfer to the acquirer.

  • To comply with applicable law, regulation, legal process, or governmental request.

  • To protect our rights, property, safety, our customers, or the public.

  • With your explicit consent, in any other case.

8. Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected:

  • Customer and order records: minimum 7 years for tax, accounting, and legal compliance.

  • Marketing list data: until you unsubscribe or request deletion, plus a brief suppression-list retention to honor your opt-out preference.

  • Analytics data: per the retention settings of the third-party service (e.g., GA4 default is 14 months).

  • Audit form submissions and support emails: up to 3 years.

  • Information needed for ongoing or anticipated litigation, investigations, or legal claims: until the matter is resolved.

9. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.

  • Right to correction — request correction of inaccurate or incomplete data.

  • Right to deletion (right to be forgotten) — request deletion of your data, subject to legal retention requirements.

  • Right to data portability — receive your data in a portable format.

  • Right to object — object to processing based on legitimate interests, including direct marketing.

  • Right to restrict processing — limit how we use your data in certain circumstances.

  • Right to withdraw consent — for processing based on consent.

  • Right to opt out of "sale" or "sharing" for targeted advertising (see Section 10).

  • Right to lodge a complaint with a supervisory authority (EU/UK) or your state attorney general (US).

To exercise any of these rights, email hello@ecomfordummies.com with the subject line "Privacy Request" and a description of your request. We may need to verify your identity before fulfilling the request. We will respond within 30 days for most requests, or 45 days for complex requests, as required by applicable law. You may designate an authorized agent to make requests on your behalf, provided that the agent provides proof of authorization and we verify your identity directly with you.

10. Global Privacy Control (GPC) and Browser Signals

Some browsers and browser extensions transmit a Global Privacy Control ("GPC") signal that communicates an opt-out preference. We honor GPC signals for the device and browser that you use to visit the Site. If we are able to associate the device sending the GPC signal with a customer account, we will apply the opt-out to that account as well.

We do not currently respond to other "Do Not Track" signals because there is no industry consensus on how to interpret them. To learn more about GPC, visit https://globalprivacycontrol.org/.

11. California Residents (CCPA / CPRA)

If you are a California resident, you have the rights described in Section 9 plus the following:

  • Right to know — what categories of personal information we collect, the sources, purposes, and third parties we share it with.

  • Right to opt out of the "sale" or "sharing" of personal information. We do not sell personal information for money. We may "share" personal information for cross-context behavioral advertising; you can opt out by emailing us with the subject "Do Not Sell or Share My Personal Information" or by enabling Global Privacy Control in your browser.

  • Right to limit use of sensitive personal information.

  • Right to non-discrimination — we will not discriminate against you for exercising your rights.

Categories of personal information we collect, sources, purposes, and recipients are described throughout this Privacy Policy. We do not knowingly sell or share the personal information of minors under 16.

12. Other US State Privacy Laws

Residents of Virginia, Colorado, Connecticut, Utah, Texas, and other US states with comprehensive privacy laws have rights similar to those described in Sections 9 and 11. To exercise these rights, email us using the procedure described above.

13. Complaints

If you have complaints about how we process your personal information, please contact us using the details in Section 19. Depending on where you live, you may have the right to appeal our decision by contacting us, or lodge your complaint with your local data protection authority. EU residents can find their local authority at https://edpb.europa.eu/about-edpb/board/members_en.

14. International Data Transfers

The Site is operated from the United States. If you visit from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Site, you consent to this transfer.

For EU/UK customers, where we transfer your personal information out of the European Economic Area or the United Kingdom, we will rely on recognized transfer mechanisms such as the European Commission's Standard Contractual Clauses, or any equivalent contracts issued by the relevant competent authority of the UK, unless the data transfer is to a country that has been determined to provide an adequate level of protection.

15. Security

We use reasonable administrative, technical, and physical safeguards to protect your information, including SSL/TLS encryption for data in transit, secure password storage, and trusted third-party providers. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, and you provide your information at your own risk. We recommend that you do not use unsecure channels to communicate sensitive or confidential information to us. In the event of a data breach involving your personal information, we will notify you and applicable authorities as required by law.

16. Children's Privacy

The Site is not directed to children under the age of majority in their jurisdiction. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us immediately and we will delete it. As of the effective date of this Privacy Policy, we do not have actual knowledge that we "share" or "sell" (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

17. Third-Party Websites and Links

The Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced via email to active customers and prominently on the Site for 30 days following the change. Continued use of the Site after changes constitutes acceptance.

19. Contact

Privacy questions or rights requests: hello@ecomfordummies.com

For the purpose of applicable data protection laws, we are the data controller of your personal information. For EU/UK customers, you may also contact your local data protection supervisory authority directly.