Privacy Policy
Last updated: March 1, 2026
ProfitBird is a Shopify application operated by LeakShield Technologies LLC ("we", "us", "our"). This Privacy Policy explains how ProfitBird collects, uses, and protects your data when you install and use our application.
By installing ProfitBird, you agree to the practices described in this policy. This policy supplements our company-wide Privacy Policy, Terms of Service, and Data Processing Agreement.
1. Data We Collect
When you install ProfitBird, we access the following Shopify data through the permissions you grant:
- Order data — order totals, line items, shipping costs, transaction fees, discounts, and refunds. Used to calculate your net profit.
- Product data — product titles, variants, and cost-per-unit (COGS) if set in Shopify. Used to calculate cost of goods sold.
- Shop information — your shop domain, email address, and currency. Used for account identification and email delivery.
We do not collect or store customer personal data. We only process aggregated financial figures (revenue, costs, profit). No customer names, emails, addresses, or payment details are stored in our systems.
2. How We Use Your Data
- Profit calculation — we compute your daily net profit using the formula: Revenue minus COGS, shipping, transaction fees, and discounts.
- Daily email reports — we send you a daily profit summary to the email address you configure. Paid plans include AI-generated insights.
- AI summaries — aggregated, anonymized profit data is sent to a third-party AI provider (via OpenRouter) to generate plain-language insights. No customer PII is included.
- Dashboard — we display your profit data within the embedded Shopify app so you can review trends and performance.
3. Data Storage & Security
- All data is stored on servers hosted by Amazon Web Services (AWS) in the United States.
- Data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
- Access to production systems is restricted to authorized personnel with role-based access controls.
4. Third-Party Services
We use the following sub-processors to operate ProfitBird:
- AWS — cloud hosting and database infrastructure
- OpenRouter — AI summary generation (receives only aggregated financial data, no PII)
- Resend — email delivery for daily profit reports
- Shopify — billing and subscription management
A complete list of sub-processors is available in our Data Processing Agreement.
5. Data Retention
- Your profit data and settings are retained for as long as the app is installed on your Shopify store.
- When you uninstall ProfitBird, all your data is permanently deleted within 30 days, in compliance with Shopify's GDPR requirements.
- Email logs are retained for 90 days for delivery troubleshooting, then automatically purged.
6. Your Rights
You have the right to:
- Access — request a copy of the data we hold about your shop
- Correction — update or correct your information
- Deletion — request deletion of all your data at any time by uninstalling the app or contacting us
- Portability — receive your data in a machine-readable format
- Opt-out — disable daily email reports at any time from the app settings
We respond to all data requests within 30 days. If you are located in the EU/EEA/UK, additional rights under GDPR apply as described in our company Privacy Policy.
7. GDPR Compliance
We process your data as a Data Processor on your behalf (you are the Data Controller). Our legal basis for processing is the performance of the contract (providing the ProfitBird service).
We comply with Shopify's mandatory GDPR webhooks:
- Customer data request — we report what data we hold (aggregated financial data only, no customer PII)
- Customer data erasure — acknowledged (no customer PII stored)
- Shop data erasure — all shop data is permanently deleted upon request
8. Breach Notification
In the event of a data breach affecting your information, we will notify you without undue delay and in any event within 72 hours of becoming aware of the breach, in accordance with GDPR requirements and our Data Processing Agreement.
9. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via the email address associated with your account at least 30 days before the changes take effect.