Privacy Policy

Effective May 14, 2026

Zeekend builds private customer intelligence for Shopify brands. This policy explains what data we collect, how we use it, and the rights you and your customers have over it. Written in plain English. No tricks.

1. Who we are

("Zeekend," "we," "us," or "our"), located at 2613 Atlantic Ave, Virginia Beach, VA. We provide a customer intelligence application available to Shopify merchants ("the App").

This Privacy Policy describes how we handle personal data when you install and use the App, and when your customers' data flows through Shopify's APIs into our system. We act as a data processor for merchant customer data (the merchant remains the data controller), and as a data controller for data we collect directly from the merchant operator (such as your email and login activity).

2. What we collect

2.1 Data from Shopify's APIs

When you install Zeekend, you authorize us to read the following data from your Shopify store through Shopify's Admin API:

• Customer records. Including customer ID, name, email address, default address (city, state/province, country, postal code), order count, total spent, marketing consent state, and account creation date. We do not collect customer phone numbers or street addresses unless you explicitly enable that integration in a future version.
• Order records. Including order ID, order date, total price, currency, discount codes applied, financial and fulfillment status, line items (product IDs, variant IDs, quantities, prices), and customer association.
• Product records. Product titles, types, vendors, tags, variant IDs, pricing, and inventory quantity. We use these to understand your catalog structure; we do not display product images or descriptions outside of your own dashboard.
• Shop metadata. Shop name, primary domain, currency, timezone, and installed app scopes.

We do not currently access: customer payment methods, gift card balances, checkout sessions, draft orders, fulfillment service details, or storefront browsing behavior. If we add scopes in future versions of the App, you will be prompted to grant them at reinstall.

2.2 Data the operator provides directly

When you apply to join Zeekend or create an account, we collect:

• Your name, email address, and Shopify store URL.
• Information you submit through our application form (such as monthly order volume, Shopify plan, current tech stack), which we use to evaluate fit.
• Communications you send to us (support requests, feedback, replies to onboarding emails).

2.3 Data generated automatically

When you use the App, our servers automatically log:

• IP address, browser type, and operating system.
• Pages accessed within the App and timestamps of each visit.
• Authentication events (logins, sessions, OAuth grants).
• Application errors and crash reports.

We use these logs to keep the App secure, debug issues, and prevent abuse. We do not use them for advertising or sell them to third parties.

2.4 Cookies

We use a small number of strictly necessary cookies to keep you signed in. Specifically:

• zeekend_shop — identifies which Shopify store your session is bound to.
• Authentication session cookies set by Shopify during OAuth.

We do not use advertising, analytics, or tracking cookies in the App.

3. How we use this data

We use the data described above only for the following purposes:

1. To provide the App's core functionality. Including building customer segments from your order history, calculating lifetime value, and drafting email and SMS campaigns suited to each segment.
2. To generate AI-drafted campaign copy. We send relevant context (segment description, sample customer attributes — without personally identifying details — and your brand's tone) to Anthropic's Claude API to generate draft text. See Section 4 for details on our use of Anthropic.
3. To communicate with you. Service messages (such as onboarding emails, install confirmations, and updates about your account) and, where permitted, occasional product updates. You may opt out of product updates at any time.
4. To keep the App secure and operational. Detecting abuse, debugging errors, and maintaining service reliability.
5. To comply with legal obligations. Including responding to lawful requests from authorities.

4. Third parties and subprocessors

To run the App, we use the following subprocessors. Each handles a specific function and is bound by contract to handle data only for that function.

• Shopify Inc. — provides the underlying e-commerce platform and the APIs from which we read your store data. Shopify Privacy Policy
• Vercel Inc. — hosts the App's web application and runs our serverless functions in the United States. Vercel Privacy Policy
• Neon (Databricks Inc.) — provides our managed PostgreSQL database where your store's data is stored. Data is encrypted at rest and located in the United States. Neon Privacy Policy
• Anthropic PBC — provides the Claude AI service that generates campaign drafts. We use Anthropic's API under terms that prohibit Anthropic from using your data to train their models, and that ensure data is not retained beyond the duration of each request. Anthropic Privacy Policy
• Cloudflare Inc. — provides our DNS, edge caching, and security layer for the marketing site at zeekend.com. Cloudflare Privacy Policy

We will update this list whenever we add or change a subprocessor. If you'd like to be notified of subprocessor changes in advance, email us at hello@zeekend.com.

5. How long we keep data

• While the App is installed: we retain your store's customer, order, and product data so that the App continues to function. This data is refreshed as new orders and customers arrive in your Shopify store.
• After you uninstall: we permanently delete all your store's Shopify-derived data (customers, orders, products, segments, drafts) within 48 hours of receiving Shopify's app/uninstalled webhook.
• GDPR data requests: when Shopify sends us a customers/redact or shop/redact webhook, we delete the relevant data within 30 days, in accordance with Shopify's mandatory webhook timelines.
• Application logs: we retain server logs for up to 90 days for security and debugging purposes, after which they are automatically deleted.
• Operator account data: if you stop using Zeekend, we delete your operator account and associated communications within 90 days of your request, except where we are legally required to retain certain records (for example, tax invoices).

6. Your rights and customer rights

Depending on where you and your customers are located, you may have rights under the GDPR (EU/UK), CCPA/CPRA (California), and similar laws elsewhere. These include:

• Right to access — request a copy of the personal data we hold about you.
• Right to rectification — correct any inaccurate data.
• Right to erasure — request deletion of your personal data.
• Right to restrict processing — ask us to pause processing of your data.
• Right to data portability — receive your data in a machine-readable format.
• Right to object — object to specific uses of your data.
• Right to opt out of automated decision-making — request that segment membership and other automated outputs about you be reviewed manually.

6.1 How customers exercise their rights

Zeekend processes customer data on behalf of merchants. If you are a customer of a Shopify store using Zeekend, your first point of contact is the merchant whose store you shopped at. They control what data is sent to Zeekend.

However, if a customer submits a data request directly to us, or if we receive a customers/data_request webhook from Shopify on behalf of a customer, we will forward the request to the merchant and assist with fulfillment within 30 days.

6.2 How merchants exercise their rights

Merchants can:

• Uninstall the App from your Shopify admin to trigger deletion of all your store's data.
• Email hello@zeekend.com to request a data export, correction, or deletion outside of an uninstall.
• Request a list of all personal data we hold about your account.

We respond to all requests within 30 days.

7. Security

We take security seriously and apply the following measures:

• All data is transmitted over HTTPS with TLS 1.2 or higher.
• Data is encrypted at rest in our PostgreSQL database.
• Shopify access tokens are stored encrypted and never logged.
• Access to production data is limited to authorized personnel and protected by multi-factor authentication.
• We separate test and production environments completely.
• We maintain access logs to detect unauthorized access.
• We have an incident response process for handling security events. If a breach affecting your data occurs, we will notify you without undue delay and, where required, within 72 hours.

No system is perfectly secure. If you discover a security issue with the App, please report it to hello@zeekend.com with the subject line "Security."

8. International data transfers

Our servers and databases are located in the United States. If you or your customers are located outside the US, your data will be transferred to and processed in the US.

For transfers from the European Economic Area, United Kingdom, or Switzerland to the US, we rely on the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK and Swiss addenda as our legal mechanism. We will provide a copy of these clauses on written request.

9. Children's privacy

Zeekend is a business-to-business application and is not directed at children. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child's data has been collected, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and, for material changes, notify you by email at the address associated with your account. Continued use of the App after a change constitutes acceptance of the revised policy.

11. Contact us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: hello@zeekend.com
• Postal: 2613 Atlantic Ave, Virginia Beach, VA 23451
• For data protection inquiries specifically: hello@zeekend.com (subject line: "Data Protection")

If you are located in the EEA, UK, or Switzerland and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.