Privacy Policy

Last updated: April 30, 2026

Overview
What We Collect
Chrome Extension Data Practices
How We Use Your Data
What We Do Not Do
Data Storage & Security
Sub-Processors
Data Retention
Your Privacy Rights
California Privacy Rights (CCPA/CPRA)
Healthcare Data (HIPAA)
SMS / Text Messaging
Children's Privacy
International Data Transfers
Changes to This Policy
Contact Us

This Privacy Policy describes how ShopConnect Pro LLC ("Company," "we," "us," or "our") collects, uses, stores, and protects information when you use ShopConnect, including the Chrome browser extension, web console, and all related services (collectively, the "Service"). This policy applies to all users: merchants, ISOs, agents, sub-agents, and their employees.

Limited Use disclosure. ShopConnect's use of information received from Google APIs, and data obtained through the ShopConnect Chrome extension, will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. We do not sell this data, do not use it for advertising, do not transfer it to third parties except as necessary to provide the Service (your configured payment processor), and do not allow humans to read it except with your explicit consent, for security/debugging, or as required by law.

Disclaimer. This Privacy Policy is provided for informational purposes and reflects current data practices as of the "Last updated" date at the top of this page. ShopConnect Pro LLC is a payment middleware company - we are not a payment processor, bank, lender, or provider of financial advice. All card transactions are routed to and settled by the third-party payment processor you configure (Stripe, NMI, Valor, Dejavoo, Maverick, Authorize.Net, North, Windcave, EPX, or North). ShopConnect Pro LLC is not responsible for the terms, fees, approvals, chargeback outcomes, or merchant account decisions of any processor. For your own legal rights, consult qualified counsel - this document does not constitute legal advice.

1. Overview

ShopConnect is a payment connector that enables merchants to process payments through their chosen payment processor while using their existing business software. To provide this service, we need to access certain data from your browser when you are on supported business software platforms.

The short version: We read invoice data from your business software to facilitate payments. We do not read, store, or transmit full credit card numbers. We do not sell your data. We do not use your data for advertising.

2. What We Collect

2.1 Account Information

When you create an account, we collect:

Full name
Email address (verified)
Phone number
Business name and address
User role (merchant owner, manager, technician, ISO, agent, sub-agent)
Referral/attribution code (if applicable)

2.2 Payment Processor Credentials

When you or your ISO/agent configure a payment processor, we collect:

Processor API keys or authentication tokens
Terminal identifiers (for card-present processors)
Processor-specific configuration parameters

These credentials are encrypted at rest and are never exposed to the client-side application after initial entry. They are used solely to route payment requests to your configured processor.

2.3 Invoice Data (Read by the Extension)

When the extension is active on a supported business software platform, it reads:

Invoice amounts and totals
Invoice and estimate numbers
Customer names associated with invoices
Line item descriptions (where available)
Due dates and payment status

2.4 Transaction Records

When a payment is processed through ShopConnect, we record:

Transaction amount
Timestamp
Processor approval/authorization code
Masked card identifier (last 4 digits only)
Card brand (Visa, Mastercard, etc.)
Entry method (chip, tap, keyed, etc.)
Transaction status (approved, declined, voided, refunded)

2.5 Usage Data & Operational Telemetry

We collect standard usage data including:

Pages visited within the console
Extension activation events (which platforms are enabled)
Crash reports via Sentry (PCI-scrubbed before transmission - see section 7)
Browser type and version

The extension also sends operational writeback telemetry to our Supabase backend each time it attempts to record a payment back into your business software. This telemetry contains only: event name, platform, processor, amount, success/failure status, error code, elapsed time, merchant ID, and organization ID. Customer names, invoice numbers, customer emails, and transaction identifiers are stripped from this telemetry before it leaves your browser.

We do not collect browsing history, keystrokes, or data from websites other than supported business software platforms.

3. Chrome Extension Data Practices

This section specifically addresses data practices of the ShopConnect Chrome extension, as required by Google's Chrome Web Store Developer Program Policies.

3.1 When the Extension Activates

The extension only activates on domains listed in its configuration - these are the websites of supported business software platforms. The extension does not activate on, read data from, or interact with any other websites, including search engines, social media, email, banking sites, or personal browsing.

3.2 What the Extension Reads

On supported platforms, the extension reads only financial document data (invoice amounts, numbers, and associated customer names) necessary to facilitate payment processing. It does not read:

Passwords or login credentials for your business software
Personal browsing history or cookies
Data from browser tabs other than the active supported platform
Clinical, medical, or health records (for healthcare software platforms)
Full payment card numbers, CVVs, or card expiration dates

3.3 Where Extension Data Goes

Data Type	Destination	Purpose
Invoice data	ShopConnect servers	Display in payment interface, transaction records
Payment amount	Your payment processor's API	Process the transaction
Payment confirmation	Your business software (via extension)	Record payment status

3.4 Google Limited Use Compliance

ShopConnect's use of data obtained through the Chrome extension complies with Google's Chrome Web Store Developer Program Policies, including the Limited Use requirements.

Specifically:

Data read from business software platforms is used solely to facilitate payment processing as described in this Privacy Policy.
Data is not used for serving advertisements or personalized marketing.
Data is not sold to third parties, data brokers, or information resellers.
Data is not transferred to any third party except as necessary to provide the Service (i.e., your configured payment processor) or as required by law.

3.5 Per-Platform Consent

Before the extension reads any data from a supported business software platform, the side panel displays an "Enable ShopConnect for [Platform]" consent banner for that specific platform. You must click Enable - an explicit user gesture - before Chrome grants access and the extension begins reading financial data. Each platform is authorized separately using Chrome's optional host permissions API; no broad browsing permission is granted at install time. You can revoke any platform's access at any time from chrome://extensions → ShopConnect → Site access, which immediately unregisters the corresponding content script and stops all data reads for that platform.

4. How We Use Your Data

We use collected data for the following purposes:

Purpose	Data Used	Legal Basis
Process payments	Invoice data, processor credentials	Contract performance
Transaction history & reporting	Transaction records	Contract performance
Account management	Account information	Contract performance
Service communications	Email, phone	Legitimate interest
Error detection & service improvement	Usage data, error logs	Legitimate interest
Security & fraud prevention	Account activity, transaction patterns	Legitimate interest / legal obligation
Legal compliance	Transaction records, account data	Legal obligation

5. What We Do Not Do

We make the following commitments about your data:

We do not sell your personal data to any third party, for any purpose, ever.
We do not share your data with advertisers or use it for targeted advertising.
We do not share your data with data brokers or information resellers.
We do not store full credit card numbers. Card data flows directly from your browser or terminal to your payment processor's API and never touches our servers.
We do not read your browsing history or monitor activity on non-supported websites.
We do not use your data for profiling, scoring, or automated decision-making that produces legal effects.
We do not store raw personally identifiable information in our analytics or observation systems.
We do not engage in cross-site tracking for advertising or any other purpose.

5.1 Do Not Track Signals

ShopConnect does not currently respond to Do Not Track (DNT) signals from browsers, as no uniform standard for honoring DNT signals has been established. However, as stated above, we do not engage in cross-site tracking for advertising purposes regardless of your DNT setting.

6. Data Storage & Security

We implement the following security measures to protect your data:

Encryption at rest - All payment processor credentials and sensitive data are encrypted at rest using industry-standard encryption.
Encryption in transit - All communications between the extension, console, and our servers use TLS/HTTPS encryption.
Access controls - Access to production data is restricted to authorized personnel on a need-to-know basis.
Credential isolation - Payment processor API keys are never exposed to client-side code after initial entry.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

7. Sub-Processors

We use the following third-party service providers ("sub-processors") to operate the Service. Each sub-processor is bound by data protection obligations no less protective than those in this Privacy Policy.

Sub-Processor	Function	Location
Supabase, Inc.	Cloud database, authentication, encrypted credential storage, operational telemetry (writeback events)	United States
Sentry (Functional Software, Inc.)	Error and crash reporting (PCI-scrubbed: card numbers, CVVs, emails, phone numbers, and transaction identifiers are redacted before transmission)	United States
Payment processors you configure	Transaction processing - Stripe, Valor Pay Tech, Windcave, NMI, Authorize.Net, EPX, Maverick, North, Dejavoo, iPOSpays, FluidPay, PayAnywhere	Per processor
Cloudflare, Inc.	Static site hosting (shopconnectpro.com), DNS, TLS termination	Global edge
Vercel, Inc.	Web console hosting	United States

We will notify you of any material changes to our sub-processor list that may affect the processing of your data.

8. Data Retention

Data Type	Retention Period	Reason
Account information	Duration of account + 30 days	Service operation
Transaction records	Duration of account + 7 years	Financial recordkeeping requirements
Processor credentials	Duration of account (deleted on termination)	Service operation only
Usage data & error logs	90 days	Service improvement

Upon account termination, we delete or anonymize your data within the timeframes above, subject to our legal retention obligations.

9. Your Privacy Rights

Regardless of your location, we honor the following data rights for all users:

Right to Know / Access - Request a summary of the personal data we hold about you.
Right to Correction - Request correction of inaccurate personal data.
Right to Deletion - Request deletion of your personal data, subject to legal retention requirements.
Right to Data Portability - Request a machine-readable export of your transaction data.
Right to Opt Out - We do not sell your data, but you may confirm this status at any time.

How to Exercise Your Rights

Submit requests to aashil@shopconnectpro.com with the subject line "Privacy Rights Request." We will:

Verify your identity before processing any request.
Respond to verified requests within thirty (30) days.
Extend the response period by an additional 30 days if necessary, with notice to you.

We will not discriminate against you for exercising your privacy rights. You will not receive a different level of service or pricing for making a request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know - You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it.
Right to Delete - You may request deletion of personal information we have collected, subject to legal exceptions.
Right to Correct - You may request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing - We do not sell or share (as defined by CCPA/CPRA) your personal information. No opt-out action is required.
Right to Limit Use of Sensitive Personal Information - We use sensitive personal information (payment processor credentials) only as necessary to provide the Service.
Right to Non-Discrimination - We will not deny, charge different prices, or provide a different quality of service because you exercised a CCPA right.

Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

Category	Collected	Sold	Shared for Ads
Identifiers (name, email, phone)	Yes	No	No
Commercial information (transactions)	Yes	No	No
Internet activity (usage data)	Yes	No	No
Professional information (business name)	Yes	No	No
Sensitive PI (processor credentials)	Yes	No	No

To make a CCPA request, contact aashil@shopconnectpro.com. You may also designate an authorized agent to make a request on your behalf.

11. Healthcare Data (HIPAA)

For merchants in healthcare verticals (medical, dental, chiropractic, veterinary, physical therapy, mental health, etc.):

The ShopConnect extension reads only financial data (invoice amounts, numbers, and patient names for invoice identification purposes).
ShopConnect does not read, store, or transmit protected health information (PHI), clinical records, diagnosis codes (ICD-10, CPT), treatment details, or medical histories.
ShopConnect is not a HIPAA covered entity or business associate as defined by HIPAA regulations, as we do not create, receive, maintain, or transmit PHI.

Merchants in healthcare verticals remain responsible for their own HIPAA compliance obligations.

12. SMS / Text Messaging

ShopConnect uses Twilio under our registered A2P 10DLC Brand SHOPCONNECT PRO LLC to deliver payment-related messages on behalf of merchants. Messages include one-time payment links generated by your merchant, payment-confirmation receipts, and card-on-file update invites.

How phone numbers reach us. Your phone number is provided to ShopConnect by the merchant you transact with - typically at the moment of invoice or transaction, as part of their existing customer relationship with you. ShopConnect does not collect mobile numbers directly from consumers through any public sign-up form.
Message frequency. Frequency varies and depends on your merchant's activity. Typically you may receive one SMS per invoice, plus an optional payment-confirmation SMS, plus an occasional card-update invite. Each merchant is rate-limited to a maximum of 100 SMS per 24 hours through ShopConnect to protect consumer experience.
Message and data rates. Standard message-and-data rates from your wireless carrier may apply. ShopConnect does not charge you to receive these messages.
Opt-out. Reply STOP (or UNSUBSCRIBE, END, QUIT, CANCEL) to any message to opt out. Opt-out is honored at the carrier level by Twilio and applies to all messages sent through ShopConnect on behalf of the relevant merchant. Reply HELP for help.
No marketing. The SMS Campaign is registered under the Customer Care use case. We do not send marketing or promotional SMS through this Campaign.
No sharing of mobile data. ShopConnect does not sell, rent, or share your mobile phone number, your SMS opt-in status, or the content of payment-related SMS with third parties for marketing purposes. We share data only with sub-processors necessary to deliver the SMS (Twilio) and to process the resulting payment (the processor configured by your merchant).
Merchant responsibility. Each ShopConnect merchant is responsible for ensuring it has a lawful basis (e.g., existing customer relationship, prior consent) to text the consumers it enters into ShopConnect.

13. Children's Privacy

The Service is intended for use by businesses and their authorized adult employees. We do not knowingly collect personal information from children under the age of 13 (or 16 in applicable jurisdictions). If we become aware that we have collected personal information from a child, we will promptly delete that information.

14. International Data Transfers

Our servers and sub-processors are primarily located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, we rely on Standard Contractual Clauses or other appropriate safeguards as required by applicable law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last updated" date at the top of this page.
Notify you via email or an in-console notification for material changes.
Provide at least 30 days' notice before material changes take effect.

Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the changes.

16. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, contact us:

Company: ShopConnect Pro LLC
Privacy Contact: aashil@shopconnectpro.com
Subject Line: "Privacy Inquiry" or "Privacy Rights Request"
Website: shopconnectpro.com