Privacy Policy
Effective: 21 May 2026 Last updated: 21 May 2026 Version: 1.1
This privacy policy describes how SalesMonitor (hereinafter "we" or the "Service Provider") collects, uses and protects your personal data when you use the salesmonitor.io website and the SalesMonitor service (the "Service"). We process personal data in accordance with the EU General Data Protection Regulation (GDPR, 2016/679) and the Finnish Data Protection Act (1050/2018).
1. Data Controller
Salesmonitor Oy Business ID: 3626570-5 Data protection contact: info@salesmonitor.io Website: https://salesmonitor.io
You can contact us about any data protection matter at the email address above.
2. Personal data we process
2.1 Account data
- Name
- Email address
- Password (hashed)
- Company name
- Business ID
- Phone number (optional)
2.2 Data generated by use
- Login and session data
- Usage logs
- IP address
- Browser and device information
- Cookie data (see section 13)
2.3 Connected service data
We process data from the following services only with your explicit authorization and on a read-only basis:
- Google Analytics 4 — reporting data (sessions, users) from the GA4 property you select
- Google Ads — campaign performance data (impressions, clicks, cost, conversions) from your own ad account
- Meta Ads — campaign performance data from your own ad account
- Shopify — order and product data from your own store (order totals, products, payment methods, shipping countries) for reporting purposes
- WooCommerce — equivalent order and product data from your own store for reporting purposes
We do not collect your store customers' payment card details. Goals and other configuration data set by you are also stored in this category.
2.4 Payment data
- Billing address
- Transaction details
Note: we do not process or store your card details. Payments are handled by our payment provider Stripe (see section 9).
2.5 Communication
- Customer service messages and their content
- Marketing consent (if given)
3. How we use data
We use your data solely to provide the SalesMonitor service to you: combining your data into a unified reporting view (e.g. return on ad spend, ROAS), retaining your history, and operating the service.
We do not sell your data or use it for advertising. Your data is visible only to your own organization.
4. Google User Data (Limited Use disclosure)
SalesMonitor's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
5. Where we get your data
Primarily, data is received directly from you when creating an account, using the Service and communicating with customer service. Data is also generated automatically when you use the Service (logs, cookies, IP address).
Through third parties (Google, Meta, Shopify, WooCommerce) we receive the data you authorise us to retrieve via the OAuth or API connection.
6. Purposes and legal bases for processing
| Purpose | Legal basis (GDPR) |
|---|---|
| Providing the Service and managing the customer relationship | Contract (art. 6(1)(b)) |
| Billing and accounting | Legal obligation (art. 6(1)(c)) |
| Customer service and support | Contract (art. 6(1)(b)) |
| Improving and developing the Service | Legitimate interest (art. 6(1)(f)) |
| Ensuring information security | Legitimate interest (art. 6(1)(f)) |
| Marketing communications | Consent (art. 6(1)(a)) or legitimate interest |
| Meeting statutory obligations | Legal obligation (art. 6(1)(c)) |
7. Retention periods
- Account data: for the duration of the customer relationship and 6 months after it ends.
- Billing and accounting material: 6 years under the Finnish Accounting Act.
- Usage and security logs: maximum 12 months.
- Marketing communications: as long as a valid consent exists.
- Customer service messages: 24 months after the case is resolved.
8. Disclosure of data
We do not sell or rent your personal data. We may disclose data to our sub-processors (section 9), to authorities when required by law, or in connection with a business reorganisation.
9. Sub-processors
| Provider | Purpose | Data location |
|---|---|---|
| Cloudflare, Inc. | Hosting, DNS, CDN, WAF | Global edge network |
| Supabase Inc. | Database, authentication | EU (Stockholm) |
| Stripe, Inc. | Payment processing | Ireland / US |
| Twilio SendGrid | Email delivery | EU / US |
| Upstash, Inc. | Queues, scheduled jobs | EU |
| Google LLC (Workspace) | Internal email and docs | EU / US |
| GitHub, Inc. | Source code (no customer data) | US |
For transfers outside the EU/EEA we rely on EU Standard Contractual Clauses (SCC) or another approved mechanism.
10. Your rights
You have the right to access, rectify or erase your data, restrict or object to processing, data portability, and to withdraw consent. You can also lodge a complaint with the supervisory authority (in Finland, the Office of the Data Protection Ombudsman, www.tietosuoja.fi).
You can disconnect any integration at any time in the app, which immediately stops new data collection.
Requests can be sent to info@salesmonitor.io. We respond within one month.
11. Security
We use TLS 1.2+, encryption at rest, role-based access control and mandatory two-factor authentication for staff. We notify the supervisory authority of personal data breaches within 72 hours.
12. Changes
We may update this policy. Material changes will be notified by email or in the Service at least 30 days in advance.
13. Cookies
We use only strictly necessary cookies on our website: a login session cookie and Cloudflare Turnstile bot protection. We do not use advertising or tracking cookies.
14. Contact
Email: info@salesmonitor.io
Supervisory authority: Office of the Data Protection Ombudsman Lintulahdenkuja 4, 00530 Helsinki, Finland www.tietosuoja.fi