Privacy Policy

Last updated: May 12, 2026

Privacy Policy



Last updated: 12 May 2026


1. Introduction


This Privacy Policy describes how data is processed in connection with our software-as-a-service platform (“Services”), which provides behavioral analytics, session tracking, and decision-support tools for e-commerce merchants.

We design our systems based on data minimization, purpose limitation, and privacy-by-design principles.


2. Roles of the Parties


For data processed through a merchant’s use of the Services:

The merchant is the data controller

We act as a data processor, processing data strictly on behalf of and under the instructions of the merchant

We do not independently determine the purposes of processing end-user data collected via merchant websites.


3. Categories of Data Processed


3.1 Behavioral Data


We process interaction data generated by users on merchant websites, including:

Page views, clicks, scrolls, and navigation paths

Session timelines and interaction sequences

Product views, cart actions, and purchase-related events

This data enables session reconstruction and behavioral analytics.

3.2 Technical and Device Data


We process technical information such as:

Browser type and version

Device type and operating system

Screen and rendering characteristics

Approximate geographic region (derived from network-level data)

Where IP addresses are processed, they are used transiently for operational purposes (e.g., request handling, security, approximate geolocation) and are not retained beyond what is necessary.


3.3 Pseudonymous Identifiers


We generate and process identifiers such as:

User identifiers

Session identifiers

Cookie and local storage identifiers


These identifiers:

Do not directly identify natural persons

Are used to maintain continuity across sessions

Support analytics and attribution modeling

As part of the system, multiple technical signals may be combined to associate sessions probabilistically


3.4 Identity Resolution and Fingerprinting


The Services may use pseudonymous and probabilistic identification techniques, including device and browser-level signals, to improve session continuity and analytics accuracy.

These techniques:

Operate without directly identifying individuals

Use aggregated or derived technical characteristics

Are designed to reduce duplication and fragmentation in analytics data

Identity resolution may rely on multi-signal approaches combining technical identifiers and behavioral context

Important:

The use of such techniques may be subject to consent requirements under applicable laws (e.g., EU ePrivacy rules). Merchants are responsible for ensuring lawful deployment.


3.5 Cookies and Similar Technologies


The Services use:

Cookies

Local storage

Session storage

to store identifiers and session-related data.


These technologies support:

Session persistence

Event tracking

Experiment and attribution systems

Merchants are responsible for:

Implementing cookie consent mechanisms where required

Configuring the Services in accordance with applicable laws


3.6 Optional Advanced Matching


Where enabled by the merchant, additional matching mechanisms may be used, including:

Hashed identifiers (e.g., email hashes)

Limited retention identity bridges


Safeguards include:

Hashing with salting

Time-limited retention

No storage of plain-text identifiers

This feature is:

Disabled by default

Activated only by merchant choice


4. Data We Do Not Intentionally Collect


We do not intentionally collect or store directly identifiable personal data such as:

Full names

Email addresses in plain text

Phone numbers

Postal addresses

Payment information

However, merchants may independently collect such data on their own systems, which is outside our role as processor.


5. Purpose of Processing


We process data solely to provide the Services, including:

Behavioral analytics and reporting

Conversion and funnel analysis

Attribution modeling

AI-driven insights and automation

System performance and reliability

We do not use merchant data for unrelated purposes.


6. Legal Basis


The legal basis for processing is determined by the merchant (data controller).

Depending on implementation, this may include:

Legitimate interest (analytics and service improvement)

User consent (e.g., cookies, advanced tracking)


7. Data Retention


We retain data only for as long as necessary to provide the Services and fulfill contractual obligations.


General principles:

Raw event data: limited retention

Session data: time-bound storage

Hashed identifiers: automatically expire (e.g., ~30 days where applicable)

Aggregated data: may be retained longer

Retention periods may vary depending on configuration and contractual terms.


8. Data Sharing and Sub-processors


We do not sell personal data.


We may engage sub-processors to provide infrastructure and technical services, including:

Cloud hosting providers

Database and storage services

Monitoring and security systems


All sub-processors are bound by:

Data processing agreements

Confidentiality obligations

Appropriate technical and organizational safeguards


9. International Data Transfers


Data may be processed outside the user’s jurisdiction.


Where required, we implement safeguards such as:

Standard Contractual Clauses (SCCs)

Contractual and technical protections


10. Security Measures


We implement appropriate technical and organizational measures, including:

Encryption of sensitive data (e.g., access tokens)

Access control and isolation mechanisms

Secure key management


For example, authentication tokens are encrypted and never stored in plain text


11. Data Subject Rights


Data subjects may have rights under applicable laws, including:

Access

Rectification

Erasure

Restriction of processing

Objection

Data portability


Because we act as a processor, such requests should be directed to the relevant merchant.


We will assist merchants in fulfilling such requests where required.


12. Merchant Obligations


Merchants using the Services must:

Provide legally compliant privacy notices

Obtain user consent where required

Configure tracking and matching features appropriately

Ensure lawful use of the Services


13. Data Processing Agreement (DPA)


Where required by law, a Data Processing Agreement (DPA) governs the relationship between us and the merchant.


The DPA defines:


Scope of processing

Security measures

Sub-processor use

Data subject rights handling


14. Changes to This Policy


We may update this Privacy Policy periodically.


Material changes will be reflected by updating the “Last updated” date.


15. Contact


For privacy-related inquiries:



AYOSEM VENTURES, LLC



c/o Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713
United States