Privacy Policy

At SegmentFlow, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered email marketing platform.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using SegmentFlow, you agree to the collection and use of information in accordance with this policy.

SegmentFlow, an Estonian company, is the data controller responsible for your personal data.

Contact: [email protected]

For data protection inquiries, you may contact us at the email address above.

We collect the following categories of information:

Account Information

• Email address
• Name
• Business/company name
• Account credentials (securely hashed)

Shopify Store Data

When you connect your Shopify store, we access:

• Customer data (names, email addresses, purchase history, tags)
• Order data (order details, products purchased, order values, dates)
• Product data (names, descriptions, images, pricing, inventory)
• Store branding (logos, color schemes, brand assets)

Usage Data

• Features and pages you access
• Segments you create
• Campaigns you generate and send
• Time spent on the platform

Campaign Analytics

• Email open rates and timestamps
• Click-through rates and link clicks
• Bounce and unsubscribe events
• Revenue attribution data (linking emails to Shopify purchases)

Technical Data

• IP address
• Browser type and version
• Device information
• Operating system

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the SegmentFlow service as agreed in our Terms of Service
• Legitimate Interests: Processing for service improvement, security, and fraud prevention, where our interests do not override your rights
• Consent: Where you have given explicit consent for specific processing activities, which you may withdraw at any time
• Legal Obligations: Processing required to comply with applicable laws and regulations

We use your information to:

• Provide AI-powered segmentation: Analyze your customer data to create targeted audience segments based on your natural language descriptions
• Generate brand-aware campaigns: Use your store's branding, products, and customer data to create personalized email templates
• Send and track campaigns: Deliver emails to your customers and track engagement metrics (opens, clicks, bounces)
• Attribute revenue: Connect email engagement to Shopify purchases to show campaign ROI
• Improve our service: Analyze usage patterns to enhance features and user experience
• Communicate with you: Send service updates, security alerts, and support messages
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access

SegmentFlow integrates with Shopify to access your store data. This section explains how we handle this integration:

What We Access

Through Shopify's OAuth authorization, we access customer profiles, order history, product catalog, and store branding. We only request permissions necessary to provide our service.

How We Use Shopify Data

• Customer data is used to build segments based on your criteria (e.g., "customers who bought twice")
• Order data enables revenue attribution and purchase-based segmentation
• Product data allows us to include relevant products in your campaigns
• Branding assets (logos, colors) are used to generate on-brand email templates

Data Isolation

Your Shopify data is isolated to your account. We do not share, combine, or cross-reference data between different SegmentFlow users. Each merchant's data remains completely separate.

Shopify's Role

Shopify maintains control over the data in your Shopify store. When you disconnect SegmentFlow from Shopify or revoke access, we lose the ability to access new data from your store.

SegmentFlow uses artificial intelligence and machine learning to power its core features. Here's how we handle AI processing:

How AI Processes Your Data

• Segment Creation: AI interprets your natural language descriptions and queries your customer data to build matching segments
• Content Generation: AI generates email copy and designs based on your brand assets, products, and campaign goals
• Analytics: AI helps analyze campaign performance and provide insights

Your Data and AI Training

We do not use your customer data or campaign content to train general-purpose AI models that would be used for other customers. Your data is processed only to provide services to you.

Automated Decision-Making

Our AI makes automated suggestions for segments and content, but you retain full control. All segments and campaigns require your review and approval before any emails are sent. We do not make fully automated decisions that significantly affect your customers without your explicit action.

Third-Party AI Services

We may use third-party AI services (such as language models) to power certain features. When we do, we ensure these providers maintain appropriate data protection standards and do not retain your data for their own purposes.

When you send email campaigns through SegmentFlow, we collect and process the following data:

Tracking Data

• Opens: When and whether recipients open your emails
• Clicks: Which links recipients click within your emails
• Bounces: Emails that could not be delivered
• Unsubscribes: Recipients who opt out of future emails

Revenue Attribution

We connect email engagement data with Shopify order data to show you which campaigns generate revenue. This helps you understand the direct business impact of your marketing efforts.

Compliance Features

SegmentFlow automatically includes unsubscribe links in all marketing emails and processes unsubscribe requests to help you comply with CAN-SPAM, GDPR, and other email marketing regulations.

We may share your information with:

Service Providers

We work with trusted third-party providers who help us operate our service, including:

• Cloud hosting and infrastructure providers
• Email delivery services
• Analytics services
• AI/ML service providers

These providers are contractually bound to protect your data and may only use it to provide services to us.

Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect the rights, property, or safety of SegmentFlow, our users, or the public.

Business Transfers

If SegmentFlow is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

No Selling of Data

We do not sell your personal data or your customers' data to third parties.

SegmentFlow is based in Estonia (European Union). Your data may be processed in the EU/EEA and in other countries where our service providers operate.

When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Other legally approved transfer mechanisms

We retain your data as follows:

• Account data: For the duration of your account plus 30 days after deletion
• Shopify data: Synced data is retained while your account is active; deleted when you disconnect or close your account
• Campaign analytics: Retained for the duration of your account to provide historical reporting
• Usage logs: Typically retained for 12 months for security and debugging purposes

Upon account termination, we delete your data within 30 days, unless we are legally required to retain it longer. You may request data export before closing your account.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Under the GDPR and other applicable laws, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with a supervisory authority (in Estonia: the Data Protection Inspectorate)

To exercise these rights, contact us at [email protected]. We will respond to your request within 30 days.

SegmentFlow uses cookies and similar technologies to operate and improve our service:

• Essential Cookies: Required for the service to function, including authentication and session management
• Analytics Cookies: Help us understand how users interact with our service to improve it

We do not use third-party advertising or tracking cookies. You can manage cookie preferences through your browser settings, though disabling essential cookies may affect functionality.

SegmentFlow is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through the Service before the changes take effect.

We encourage you to review this policy periodically. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Data Controller: SegmentFlow (Estonia)