Privacy Policy

1. Our Role and Applicable Law

1.1. This Privacy Policy is intended to align with the DIFC Data Protection Law (DIFC Law No. 5 of 2020).

1.2. Our role. For the personal data contained within the e-commerce data we process on your behalf to deliver the Service, you are the Controller and Sampo acts as a Processor, processing that data on your instructions. For your account, billing, and website-usage data, Sampo acts as the Controller.

1.3. Data Processing Agreement. Business customers may enter into a Data Processing Agreement (DPA) with Sampo governing our processing of personal data on your behalf. A DPA is available on request.

2. Information We Collect

We collect the following types of information:

• Account Information: Name, email address, and business details.
• Payment Information: We use Stripe to process payments. We do not store your credit card details; only a tokenized representation provided by Stripe.
• E-commerce Data: Data from your e-commerce store necessary for the Service to function, such as product information, pricing, sales data, and customer behavior data (as described in our Terms of Service). We implement hashing of personally identifiable information within this data for enhanced privacy.
• Competitor and Marketplace Data: To provide the Service, we collect publicly available information from third-party websites and marketplaces, such as product listings, prices, stock availability, and promotions. For MAP Monitoring, this includes timestamped screenshots of publicly accessible reseller product pages. This information is generally not personal data.
• Website Usage Data: We use analytical tools (e.g., PostHog) to collect information about how users interact with our website and the Service, such as pages visited, features used, and time spent. This data is typically aggregated and anonymized.

3. How We Collect Information

We collect information through the following methods:

• Directly from you: When you create an account, provide business details, or contact us for support.
• Automatically through the Service: When you use the Service, we automatically collect data necessary for its operation, such as pricing updates and sales performance.
• From third-party sources: We collect publicly available competitor and marketplace data as described above.
• Through analytical tools: We use cookies and similar tracking technologies to collect website usage data.

4. How We Use Your Information

We use your information for the following purposes:

• Providing the Service: To provide and operate the pricing intelligence and repricing functionality.
• Improving the Service and our models: We use aggregated and anonymized data — data that does not identify you, your business, or your customers — to analyze usage patterns and to improve the Service and the models that power it.
• Customer Support: To respond to your inquiries and provide technical assistance.

We do not use your personal data for third-party marketing, and we do not sell your data. (Any use of your company name and logo as a reference customer is addressed in our Terms and Conditions.)

5. Data Sharing

We do not share your personal information with third parties, except as follows:

• Subprocessors: We may share data with trusted subprocessors (e.g., payment processors, hosting providers, and data-collection infrastructure) who assist us in providing the Service. These subprocessors are contractually obligated to protect your data consistent with this Policy and our Terms.
• Legal Compliance: We may disclose your information if required by law, legal process, or government request.

6. International Data Transfers

As a global company using cloud services, we may store and process your data in various locations worldwide. We implement appropriate safeguards to protect your data regardless of its location.

7. Data Security

We take data security seriously and implement a variety of measures to protect your information, including:

• Data Hashing: Hashing personally identifiable information within the e-commerce data we process.
• Secure Storage: Storing data on secure servers with appropriate access controls.
• Data Encryption: Encrypting sensitive data in transit and at rest.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you request to delete your account, we will delete your data within a reasonable timeframe. We may retain anonymized and aggregated data for analytical and improvement purposes.

9. Your Rights

Subject to applicable law, you have the right to:

• Access your data: Request a copy of the personal information we hold about you.
• Correct your data: Request that we correct any inaccuracies in your data.
• Delete your data: Request that we delete your personal information.
• Data portability: Request a copy of your data in a portable format.
• Object to or restrict processing: Object to, or request that we restrict, certain processing of your data.
• Withdraw consent: Where processing is based on your consent, withdraw that consent at any time.
• Lodge a complaint: Lodge a complaint with the DIFC Commissioner of Data Protection or another competent authority.

10. Data Protection Officer

We have a designated Data Protection Officer who is responsible for overseeing our data privacy practices. You can contact our Data Protection Officer at privacy@getsampo.com

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and/or through other communication channels.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at privacy@getsampo.com