Effective Date:

Last Updated Date: July 23, 2025

1. Scope

This Privacy Policy governs the collection, use, and disclosure of personal information in connection with your access to and use of the services offered by Shuppi Inc. (“Shuppi,” “we,” “us,” or “our”) through the Shuppi website (https://shuppi.com), related subdomains, mobile applications, tools, APIs, and associated digital content (collectively, the “Site” or “Sites”), as well as through any other features, technologies, or services offered by Shuppi (collectively, the “Service”).

This Policy applies to all users of the Site and Service, including without limitation Sellers, Buyers, Affiliates, Affiliate Partners, Growth Partners, and Founding Partners, and governs personal data collected directly or indirectly through your interaction with the Shuppi platform.

Capitalized terms not otherwise defined herein shall have the meanings assigned to them in the Shuppi User Agreement or other applicable agreements posted on the Site.

If you created a Shuppi account prior to the “Last Revised” date posted above, this Privacy Policy will become effective on July 17, 2025. For all other users, this Privacy Policy is effective immediately.

2. Types of Data We Collect

We may collect and process various categories of personal data (“Personal Data”) in connection with your access to and use of the Service. The types of Personal Data we collect include, but are not limited to, the following:

A. Information You Provide to Us

We may collect and store information that you voluntarily provide to us when using the Site or Service, including:

  • Contact Information: such as your name, user ID, email address, and telephone number.
  • Account and Transaction Information: including financial or tax-related data necessary to remit payments to Sellers, details of the digital products you list or sell, and transaction-related communications.
  • User-Generated Content: such as product descriptions, listings, feedback, chat messages, dispute resolution materials, support correspondence, and other communications made through the Site.
  • Marketing Preferences: such as your subscription status, communication preferences, and interaction history with promotional content.
  • Other Voluntary Submissions: including information you choose to submit in forms, surveys, or other interactions with our platform.

B. Information We Collect About Buyers from or on Behalf of Sellers

To facilitate transactions between Buyers and Sellers, we may collect information about Buyers that is either (i) provided directly to us by Sellers, or (ii) collected by us on behalf of Sellers. The scope of this Buyer information may vary depending on the Seller and may include:

  • Transaction Data: such as purchase history, content accessed, and delivery confirmations.
  • Payment Information: including payment card details and billing data, processed via Stripe or other third-party payment processors.
  • Contact Details: such as your name, user ID, email address, and shipping or billing address, as provided during checkout.
  • Additional Data: as supplied by Sellers, consistent with their own privacy practices and in accordance with applicable laws.

C. Information Automatically Collected

When you access or interact with the Site, we may automatically collect certain technical and usage information, including:

  • Device and System Information: such as your operating system type and version, browser type, screen resolution, device model, device identifiers (e.g., Apple IDFA, Google Advertising ID).
  • Usage Data: including pages viewed, time spent on pages, navigation paths, referring URLs, access times, and user activity.
  • Location Data: including general geographic location based on IP address.
  • Cookies and Similar Technologies: This information is collected via cookies, pixel tags, web beacons, and similar technologies. Please refer to the “Cookies and Similar Technologies” section for more information.

This information may also be collected over time by service providers and business partners and may be combined with data from other sources.

D. Social Media and Third-Party Platforms

We may allow you to access the Service using third-party authentication (e.g., Google, Facebook). When you use single sign-on (SSO) or integrate your third-party account with our Services, we may, with your consent, collect profile information such as your name, email address, connections, or social media identifiers.

We may also maintain official Shuppi pages on third-party platforms (e.g., Facebook, Instagram, YouTube). When you interact with these pages, your use is governed by the privacy policies of those platforms. To the extent such platforms share data about your interactions with us, we will treat that information in accordance with this Privacy Policy.

E. Sensitive Personal Information

Shuppi does not require the submission of sensitive personal information (e.g., health data, biometric information) for general use of the Service. However, for Sellers and Partners to receive Payouts via Stripe Connect, we require uploading a copy of government-issued IDs for identification purposes. This is a requirement from Stripe Connect.

If you submit or disclose such data, you expressly consent to our processing and use of that information in accordance with this Privacy Policy. If you do not wish for such data to be processed, you must refrain from submitting it.

3. Cookies and Similar Technologies

What Are Cookies?
Cookies are small text files that are placed on your computer, tablet, mobile device, or other device when you access or interact with a website. Cookies enable websites to recognize your browser and store certain information, such as user preferences.
Our Sites utilize both session cookies (which expire when you close your browser) and persistent cookies (which remain stored on your device until deleted or they expire) to enhance and personalize your experience.
We use two main categories of cookies:

  1. First-party cookies: Set directly by Shuppi to recognize your device when you return to our Site.
  2. Third-party cookies: Set by third-party service providers and business partners to enable third-party features or functions (such as advertising, analytics, or social media integration).

Types of Cookies We Use
Our Sites may use the following categories of cookies for the purposes described below:

  • Essential Cookies
    These cookies are strictly necessary to enable core functionality such as secure login, session management, product purchases, and checkout. Without these cookies, some services on the Site may not function properly.
  • Functionality Cookies
    These cookies allow the Site to remember your preferences and settings (such as language selection, display preferences, or stored login credentials) to provide a more customized user experience.
  • Analytics and Performance Cookies
    These cookies collect aggregate and anonymized data about how users access and interact with our Sites. We use this data to improve Site functionality, diagnose technical issues, and analyze traffic patterns.
    We may use third-party analytics providers including:
    Google Analytics
  • Social Media Cookies
    These cookies are used when you share content from our Sites using social media sharing buttons or when you link your Shuppi account to a third-party platform (such as Facebook, Twitter, Instagram, or YouTube). Such interactions are subject to the privacy policies of those third-party platforms, which may use their own cookies independently.
  • Targeting and Advertising Cookies
    These cookies collect information about your browsing behavior in order to deliver advertisements more relevant to your interests. These may be set by us or by third-party advertising networks. They enable ad targeting both on our Sites and across third-party websites.
    For more information about how to opt out of behavioral advertising practices, please refer to the “Your Choices” section below under “Targeted Online Advertising.”
  • Affiliate and Referral Cookies
    These cookies are used as tracking mechanisms to determine affiliate or referral attribution. They help identify when you arrive at our Sites through an affiliate link, partner referral, or promotional campaign, allowing us to attribute commissions, rewards, or credits to the appropriate partners. This may involve collecting data such as referral sources, click identifiers, or campaign details, which is used solely for attribution purposes and may be shared with relevant affiliates or partners.

Managing and Disabling Cookies
Most browsers allow you to manage your cookie preferences. You may remove or reject cookies by adjusting your browser settings. Instructions for managing cookies can typically be found within your browser’s “Settings,” “Help,” “Privacy,” or “Tools” menu.
To learn more about cookies and how to manage or delete them, you may visit: www.allaboutcookies.org

Please note: Disabling or deleting cookies may affect certain functionalities of our Sites. For example, you may be required to re-enter your login credentials each time you visit, or you may not be able to complete transactions or retain preferences.

Other Technologies
In addition to cookies, we may use a variety of other tracking and information collection technologies on our Sites and within our mobile applications to improve functionality, analyze usage, enable advertising, and support interactive features. These technologies may include Flash storage, pixel tags (also known as web beacons), and software development kits (“SDKs”), as described below.

Pixel Tags
We may use pixel tags—also referred to as web beacons or clear GIFs—on our Sites and in HTML-formatted emails. These tags are small, invisible graphics embedded on web pages or within email content.
Pixel tags are used for various operational purposes, including:

  • Tracking whether a specific web page was visited or an email was opened
  • Measuring the success of marketing campaigns
  • Analyzing user engagement with content or communications
  • Compiling aggregate usage and performance statistics
    Unlike cookies, pixel tags are not stored on your device and operate in conjunction with cookies and other tracking tools.

Software Development Kits (SDKs)

Our mobile applications may incorporate SDKs provided by third-party partners and service providers. SDKs are packages of code that enable the implementation of features developed by third parties within our mobile apps. The SDKs we use may allow third parties to collect data directly from your device or app usage.

Types of SDKs employed in our mobile applications may include:

  • Analytics SDKs: These SDKs collect data regarding your usage of the mobile application, including usage frequency, error diagnostics, session duration, and technical information about your device. We use this data to improve functionality, monitor performance, and enhance the user experience.
  • Social Media SDKs: These enable you to engage with social networking services (e.g., Facebook, Instagram, Twitter) directly from within the app, including through sharing features or social login. Social media SDKs may also support advertising or analytics integrations from such networks.
  • Advertising SDKs: These SDKs collect data regarding your interactions with advertisements, in-app behavior, and activity across third-party apps and websites. This information may be used by advertising partners to deliver targeted advertising and to evaluate ad effectiveness. Collection, use, and sharing of data by these third parties is subject to their own privacy policies.
    You may be able to limit or manage certain information collected through advertising SDKs for targeted advertising purposes. For additional guidance, please refer to the “Targeted Online Advertising” subsection within the “Your Choices” section of this Privacy Policy.
  • For transparency, we maintain a list of SDKs currently used in our mobile applications, available here: _______________________________________________

4. Use of Your Personal Data

We use the personal data we collect for the following business, operational, and legal purposes, consistent with applicable laws and the scope of the Shuppi platform:

A. To Provide and Operate Our Sites and Services

We use your personal data to:

  • Facilitate the creation, authentication, and secure management of your Shuppi account;
  • Identify you as a registered user within our system;
  • Send transactional or administrative communications, including a welcome email to verify your account;
  • Provide access to and facilitate the sale, purchase, and delivery of digital products through our Services;
  • Enable payment processing and commission tracking via third-party platforms (e.g., Stripe);
  • Provide customer support and respond to inquiries, including those related to employment, technical issues, or platform use;
  • Resolve disputes, enforce contractual obligations, and collect fees;
  • Detect, investigate, and prevent fraud, security breaches, misuse, or other prohibited or unlawful activities;
  • Customize, measure, and enhance the functionality, user experience, and content of the Site;
  • Send you service updates, administrative messages, promotional offers, and marketing communications in accordance with your communication preferences;
  • Conduct internal data matching and verification, including comparison of submitted information with third-party records;
  • Fulfill any other business purpose for which the data was collected and disclosed at the time of collection.

B. To Communicate With You

If you sign up for an account, subscribe to marketing communications, request information, or participate in contests or promotions, we may use your personal information to send you emails and other communications about Shuppi products, services, offers, and updates. You may opt out of receiving such communications at any time by following the unsubscribe instructions provided or by adjusting your communication preferences.

C. Use of Personal Data About Buyers on Behalf of Our Sellers

When we process personal data on behalf of Sellers, such as information related to Buyers of digital products, we do so solely as a service provider and data processor. This includes:

  • Enabling e-commerce functionality and facilitating digital product delivery;
  • Supporting payment processing through Shuppi’s integrated Merchant of Record model;
  • Sending transactional communications or receipts on behalf of Sellers.

We do not use this buyer information for our own independent purposes.

D. To Comply With Legal Obligations

We may use or disclose your personal information as we deem necessary or appropriate to:

  • Comply with applicable laws, regulations, legal processes, or enforceable governmental or regulatory requests;
  • Respond to subpoenas, court orders, or other lawful requests from public authorities.

E. For Compliance, Fraud Prevention, and Platform Integrity

We may process personal data where necessary to:

  • Enforce the terms of our User Agreement, policies, and other applicable agreements;
  • Protect the rights, safety, property, or privacy of Shuppi, our users, or others;
  • Investigate, prevent, or take action regarding fraudulent, unauthorized, unethical, or unlawful activities.

F. With Your Consent

Where legally required, we will obtain your consent before using your personal information, including for marketing communications or data sharing with third parties. You may withdraw your consent at any time using the method provided when your consent was obtained or by contacting us directly. If you provided consent to third-party partners, you must contact those parties to withdraw consent.

G. To Create Anonymous Data

We may de-identify or aggregate personal information to create data that cannot reasonably be linked to an identified or identifiable individual (“Anonymous Data”). We use Anonymous Data to analyze usage trends, enhance platform performance, and improve navigation and functionality. We reserve the right to use and disclose Anonymous Data for any lawful business purpose at our sole discretion.

5. Our Disclosure of Your Personal Data

We may disclose your Personal Data to third parties as necessary to operate our Services, comply with legal obligations, enforce our policies, and protect the rights, property, and safety of Shuppi, our users, or others. Such disclosures will be made in accordance with applicable laws and this Privacy Policy.

We may disclose your Personal Data to the following categories of recipients:

A. Legal Compliance and Protection

We may disclose your Personal Data:

  • To comply with legal obligations, including in response to subpoenas, court orders, or other lawful requests from government authorities;
  • To enforce our Terms of Service, User Agreement, and other policies;
  • To investigate or respond to claims, including claims that listings or user content violate the rights of third parties;
  • To protect the rights, property, or safety of Shuppi, our users, our affiliates, or the general public.

B. Service Providers

We may share your Personal Data with third-party service providers and contractors engaged under binding agreements to assist with our business operations, including but not limited to:

  • Fraud prevention and investigation;
  • Payment processing;
  • Customer service and support;
  • Affiliate and rewards program administration;
  • Data hosting, analytics, and marketing services.

This includes our cloud infrastructure provider, Amazon Web Services (AWS), which processes data under a GDPR-compliant Data Processing Addendum (DPA) incorporated into our service agreements. The DPA includes Standard Contractual Clauses where applicable and covers sub-processors listed on AWS's website. We review and audit these arrangements regularly to ensure compliance.

These service providers are authorized to process your Personal Data solely as necessary to provide their contracted services to us and are subject to contractual obligations regarding confidentiality and data security.

C. Sellers and Transactional Disclosures

When you purchase a digital product via the Shuppi platform, we may disclose certain personal information to the Seller to facilitate the transaction, provide order details, enable delivery of digital content, and allow appropriate follow-up communications.

D. Corporate Affiliates

We may share your Personal Data with our parent company, subsidiaries, affiliates, or related corporate entities for purposes consistent with this Privacy Policy, including internal administration and business operations.

E. Payment Processing Partners

We use third-party payment processors to facilitate secure financial transactions. Currently, payments made through our Services are processed via Stripe. Personal Data shared with or collected by Stripe in connection with such payments is governed by Stripe’s own privacy policy, available at: https://stripe.com/privacy. Stripe may use your information both as instructed by us and for other limited purposes consistent with its privacy practices.

F. Professional Advisors

We may disclose your information to professional advisors—such as legal counsel, accountants, auditors, bankers, or insurers—when reasonably necessary in the context of obtaining professional advice or conducting audits, risk assessments, or business planning.

G. Law Enforcement and Government Agencies

We may disclose Personal Data to law enforcement authorities, regulatory agencies, or authorized third parties in response to a legally valid request in connection with:

  • A criminal investigation;
  • Suspected or alleged unlawful conduct;
  • Activity that may expose us, you, or others to legal liability.

The scope of information disclosed may include, but is not limited to, your name, contact details, user ID, IP address, transaction history, and account activity, as deemed relevant to the investigation.

H. With Your Consent

We may disclose your Personal Data to any third party with your explicit consent or at your direction. This includes circumstances in which you request or agree to data sharing as part of using a specific feature or service.

I. Business Transfers

In connection with or during the negotiation of any actual or proposed merger, acquisition, sale of company assets, financing, reorganization, or similar business transaction involving Shuppi, your Personal Data may be disclosed or transferred to prospective or actual acquirers, successors, or investors. We will take reasonable steps to ensure that any such recipient agrees to process your Personal Data in a manner consistent with this Privacy Policy.

In the event of insolvency, bankruptcy, or receivership, Personal Data may also be considered a business asset and may be transferred or sold as part of those proceedings, subject to applicable legal requirements.

6. Account Protection

Your Shuppi account is protected by a password that you create. You are solely responsible for maintaining the confidentiality and security of your password and for restricting access to your account. To enhance security, you should choose a strong password that includes a combination of upper- and lower-case letters, numbers, and special characters, and avoid using the same password across multiple services.

You must not disclose your Shuppi password or account credentials to any third party. If you share your account access or Personal Data with others, you are responsible for all activities conducted under your account, whether or not authorized by you. Unauthorized use of your credentials may expose you to legal liability and may compromise the security of your Personal Data.

If you believe that your password or account has been compromised, or if you suspect unauthorized access or use, you must promptly notify Shuppi at support@shuppi.com (or via another designated support channel) and update your password immediately. Shuppi shall not be liable for any loss or damage resulting from your failure to adequately safeguard your credentials or comply with these responsibilities.

7. Your Choices

Shuppi provides you with various choices regarding the collection, use, and disclosure of your Personal Data. These choices include managing your account information, marketing preferences, and participation in targeted advertising.

A. Accessing, Reviewing, and Modifying Your Personal Data

You may access and update certain Personal Data associated with your Shuppi account by logging into your account and editing your profile or account settings. You may also request access to, or correction or deletion of, your Personal Data by contacting us at support@shuppi.com.

Please note that:

  • We may retain certain information as required by law, for legitimate business purposes, or as otherwise permitted by this Privacy Policy.
  • If you request deletion of your Personal Data, we may delay such deletion where retention is necessary to:
    • Comply with legal obligations;
    • Resolve disputes;
    • Collect fees owed;
    • Prevent fraud or abuse;
    • Enforce our agreements or protect legal rights.

Upon verified request, we will close your account and remove your Personal Data from public view as soon as reasonably practicable, subject to applicable legal retention requirements and account activity.

B. Marketing Communications

You may opt out of receiving marketing or promotional communications from us by:

  • Clicking the “unsubscribe” link in our marketing emails; or
  • Contacting us directly at support@shuppi.com.

Please note that you may continue to receive service-related or transactional communications even after opting out of marketing communications (e.g., purchase confirmations, account notifications).

C. Targeted Online Advertising

We may engage third-party advertising partners who collect information about your online activity to deliver more relevant ads on our Sites and across other websites and mobile applications. These partners may participate in self-regulatory programs that offer you choices about the use of your information for targeted advertising.

You may opt out of receiving interest-based advertising by visiting the following organizations:

  • U.S. Users:
    • Network Advertising Initiative
    • Digital Advertising Alliance
  • European Users:
  • Mobile App Users:
    • Install the AppChoices mobile app (available on iOS and Android) provided by the Digital Advertising Alliance.

Please note:

  • Opting out does not stop ads from being shown but may make them less relevant.
  • Not all advertising partners participate in the above programs; you may still receive targeted ads from others.
  • You can also manage ad tracking at the device level via your mobile operating system settings:
    • On iOS: Settings > Privacy > Tracking
    • On Android: Settings > Google > Ads > Opt out of Ads Personalization

D. Do Not Track Signals

Some web browsers offer a “Do Not Track” (DNT) setting. At this time, Shuppi does not respond to DNT signals, as no consistent industry standard has been adopted. For more information about DNT, please visit: www.allaboutdnt.com.

E. Declining to Provide Information

In certain cases, we are required by law or contract to collect specific Personal Data to provide our Services. If you choose not to provide such required information, or later withdraw your consent or request deletion of such data, we may be unable to provide you with some or all of the Services.

Where applicable, required fields will be clearly identified on our Site or during the account setup or transaction process.

8. Security

Shuppi takes the security of your Personal Data seriously and implements reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, alteration, or disclosure.

Your Personal Data is stored on secured servers located in the United States. We utilize a combination of security technologies and procedures—including encryption, access controls, and monitoring systems—to help safeguard your information while in transit and at rest. Leveraging AWS services, we implement features such as AWS Identity and Access Management (IAM) for role-based access, encryption at rest and in transit via AWS Key Management Service (KMS), and monitoring with AWS CloudTrail and GuardDuty. We conduct regular risk assessments and audits to address potential vulnerabilities, ensuring our infrastructure remains appropriate for handling Personal Data under GDPR.

Despite our efforts, please be advised that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Accordingly:

  • We cannot guarantee the absolute security of your Personal Data or communications.
  • Third parties may unlawfully intercept or access transmissions or private communications.
  • Other users may misuse the Personal Data they access through the platform, despite our policies and enforcement efforts.

By using the Service, you acknowledge and accept that we cannot ensure or warrant the complete privacy or security of any information you transmit or provide through the Site.

If you believe your account or information has been compromised, please contact us immediately at support@shuppi.com.

9. International Transfers

Shuppi Inc. is headquartered in the United States, and our platform relies on a network of third-party service providers and infrastructure partners located in various jurisdictions worldwide. As a result, your Personal Data may be transferred to, stored in, or processed in countries other than your state, province, or country of residence—including the United States—where data protection laws may differ and may not provide the same level of protection as those in your jurisdiction.

By using the Site or Services, you acknowledge and expressly consent to the transfer of your Personal Data to jurisdictions that may not have data protection laws equivalent to those in your home jurisdiction.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, please note the following:

  • Personal Data transferred outside the EEA may be subject to safeguards as required under applicable data protection laws, such as the European Union General Data Protection Regulation (GDPR).
  • Shuppi may rely on appropriate safeguards such as Standard Contractual Clausesdata processing agreements, or certified service providers to lawfully transfer Personal Data internationally.
  • For transfers to our primary infrastructure provider, Amazon Web Services (AWS), located in the United States, we rely on AWS's certification under the EU-US Data Privacy Framework (DPF), which provides an adequacy mechanism for such transfers. We conduct Transfer Impact Assessments (TIAs) where required and may supplement with SCCs if the DPF does not apply. AWS's DPF certification is verifiable via the US Department of Commerce's DPF list. If you require details on our TIAs or safeguards, contact us at privacy@shuppi.com.

If you have questions about how your data is handled across borders or wish to inquire about the safeguards in place, you may contact us at privacy@shuppi.com.

10. Third Parties

Except as expressly set forth in this Privacy Policy, this document governs only the collection, use, and disclosure of Personal Data by Shuppi Inc. through the use of our Sites and Services. It does not apply to the practices of third parties that we do not own, control, or manage.

If you disclose your Personal Data to other individuals or entities—such as Buyers, Sellers, Affiliates, or third-party service providers—whether on or through our Site or elsewhere on the Internet, the treatment of your information by those third parties will be governed by their respective privacy policies and practices.

Shuppi does not control and is not responsible for the content, conduct, or privacy practices of third-party websites, services, or users. You are encouraged to review the privacy notices and policies of any third party with whom you interact before disclosing any Personal Data.

We recommend exercising caution and asking questions when interacting with any third party to understand how your Personal Data will be used, stored, and protected.

11. Changes to This Privacy Policy

We reserve the right to amend, update, or modify this Privacy Policy at any time, in our sole discretion. We encourage you to review this page periodically to stay informed about our data handling practices and any changes to our privacy obligations.

If we make material changes to this Privacy Policy, we will take appropriate steps to notify you, which may include:

  • Updating the “Last Revised” date at the top of this Privacy Policy;
  • Posting the updated version on our Sites and in the app stores where our mobile applications are made available; and
  • Where required by applicable law, providing notice through other reasonably appropriate means, such as by sending an email to the contact information associated with your Shuppi account or displaying a prominent notice within the Services.

Unless otherwise stated, modifications to this Privacy Policy shall become effective upon posting. Your continued access to or use of the Sites or Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

If you do not agree with any changes to this Privacy Policy, you must discontinue use of the Services and may request that your account be closed in accordance with the procedures described herein.

12. Google User Data

We respect and protect the privacy and security of data obtained through Google APIs and adhere strictly to Google’s API Services User Data Policy, including the Limited Use requirements. This section describes our practices regarding the access, use, disclosure, and retention of Google user data in connection with your use of the Shuppi platform.

A. Limited Use

We access, use, and retain Google user data solely to provide or improve the core functionality of our application as clearly and prominently described in the user interface. We do not use Google user data for any other purpose beyond the intended functionality of the Services.

B. Data Access

Google user data is accessed only to the extent necessary to operate features explicitly presented to the user within our platform. We do not engage in any hidden data use or undisclosed background access to your Google data.

C. Data Sharing

We do not sell, transfer, or otherwise disclose Google user data to third parties, including advertisers, data brokers, or information resellers, except in the following limited circumstances:

  1. With explicit user consent, when required to support or improve core app features;
  2. For security purposes, including investigation of potential abuse or malicious activity;
  3. To comply with applicable laws, legal processes, or enforceable governmental requests;
  4. In the context of a business transaction, such as a merger, acquisition, or sale of assets, subject to prior user notification and explicit consent.

D. Data Processing

Access to Google user data by Shuppi personnel (employees, agents, or contractors) is strictly limited. No individual is permitted to read or access such data except:

  • When the user has explicitly agreed to such access in connection with a specific action or support request;
  • When necessary to diagnose security issues or investigate abuse;
  • When required to comply with legal obligations.

All personnel with access to Google user data are subject to strict confidentiality and security obligations.

E. Prohibited Uses

We do not use Google user data for:

  • Serving or targeting advertisements, including interest-based, personalized, or retargeting ads;
  • Evaluating creditworthiness or for lending or financial risk assessment;
  • Any purpose not expressly disclosed in this Privacy Policy or permitted under Google’s API Services policies.

F. Data Retention

We retain Google user data only for as long as reasonably necessary to provide the Services for which access was granted. Users may request the deletion of their Google data from our systems at any time by contacting support@shuppi.com or as otherwise provided through the platform.

G. Security

We implement industry-standard administrative, technical, and physical safeguards to secure Google user data from unauthorized access, alteration, disclosure, or destruction. These measures are designed to meet or exceed prevailing best practices for data protection.

H. User Control and Revocation

You may revoke Shuppi’s access to your Google user data at any time through your Google Account Security Settingsor by contacting us directly. Upon revocation, access to Google services will cease, and any retained data will be subject to deletion in accordance with our data retention policies.

I. Updates to This Section

We will update this section of our Privacy Policy as needed to reflect changes in our use of Google user data or to maintain compliance with Google’s API Services User Data Policy. In the event of material changes, we will provide notice as described in the “Changes to This Privacy Policy” section above.

By using our Services and authorizing access to your Google account, you consent to our collection, use, and disclosure of your Google user data as described in this section.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your rights in relation to your Personal Data, you may contact us at:

Shuppi Inc.
Email: support@shuppi.com

We will make reasonable efforts to respond to all inquiries in a timely and appropriate manner in accordance with applicable data protection laws.

14. Additional Information for European Union Users

A. Personal Data

For purposes of this Privacy Policy, references to “personal information” are equivalent to “personal data” as defined under the General Data Protection Regulation (GDPR) and other applicable European data protection laws.

B. Data Controller and Processor Roles

For activities where Shuppi, Inc. collects and processes personal data for its own business purposes (e.g., platform operations, compliance, marketing), Shuppi Inc. acts as the data controller.

For activities where Shuppi provides services on behalf of Sellers (e.g., order facilitation, product delivery, or communication), Shuppi acts as a data processor, and the relevant Seller is the data controller of any personal data processed in connection with the sale or delivery of digital products.

When acting as a processor for Sellers, we ensure flow-down GDPR terms in agreements and limit processing to instructions, including via AWS.

See the Contact Us section for Shuppi’s contact information.

C. Legal Bases for Processing

We process your personal data only as permitted under the GDPR and applicable law. The legal bases for our processing are as follows:

PurposeLegal Basis
To provide our Sites and ServicesProcessing is necessary to perform the contract between you and Shuppi or to take pre-contractual steps at your request.
To communicate with you, create anonymous data, and for compliance, fraud prevention, and safetyProcessing is based on our legitimate interests. We balance these interests against your data protection rights and do not use your data where such interests are overridden by your fundamental rights or freedoms.
To comply with legal obligationsProcessing is necessary to comply with applicable legal and regulatory obligations.
With your consentWe rely on your consent for specific processing activities, such as sending marketing communications. You may withdraw your consent at any time by contacting us at support@shuppi.com.
Processing on behalf of SellersWhere we act as a processor, we process personal data in accordance with the Seller’s instructions and the terms of our service agreements.

D. Use for New or Compatible Purposes

If we intend to use your personal data for a purpose that is materially different from those described in this Privacy Policy, or not compatible with the original purpose, we will notify you and explain the applicable legal basis. Where required, we will obtain your consent.

E. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations. When determining retention periods, we consider:

  • The volume, nature, and sensitivity of the data;
  • The risk of harm from unauthorized use or disclosure;
  • The purposes for which we process the data;
  • Whether those purposes can be achieved by other means;
  • Applicable legal, regulatory, or contractual requirements.

For high-risk activities, such as processing sensitive data for payouts or handling significant EEA user data via AWS, we perform Data Protection Impact Assessments (DPIAs) as required by GDPR. Retention on AWS servers is configured with automated deletion tools to minimize storage duration.

When your personal data is no longer needed, we will either delete, anonymize, or de-identify it. In some cases, we may continue to use anonymized data indefinitely for analytical purposes.

F. Your Data Protection Rights

If you are located in the European Economic Area (EEA), you may have the following rights under applicable data protection laws:

  • Access – Request information about our processing of your personal data and obtain a copy of your data.
  • Correction – Request that we correct inaccuracies or complete incomplete data.
  • Deletion – Request that we delete your personal data under certain circumstances.
  • Restriction – Request that we restrict processing of your personal data.
  • Objection – Object to our reliance on legitimate interests as the legal basis for processing your personal data.
  • Portability – Request a portable copy of your personal data or that it be transferred to a third party.
  • Opt-out – Opt out of receiving direct marketing communications.

To exercise any of these rights, please contact us at support@shuppi.com. We may request verification of your identity before responding to your request. We will respond in accordance with applicable law.

If we decline your request, we will provide the reason where legally required. You also have the right to lodge a complaint with your local data protection authority. You may find contact details for EU data protection regulators here: https://edpb.europa.eu/about-edpb/board/members_en

If your data was provided to Shuppi by a Seller acting as the controller, you should contact the relevant Seller directly to exercise your rights.

G. Cross-Border Data Transfers

When we transfer your personal data outside of the EEA, including to the United States, we rely on appropriate legal mechanisms such as:

  • Standard Contractual Clauses approved by the European Commission;
  • The recipient’s participation in an approved certification mechanism (e.g., EU-U.S. Data Privacy Framework, if applicable);
  • Our reliance on the DPF includes providers like AWS, certified as of July 2025.
  • Your explicit consent;
  • Other lawful bases under Article 49 of the GDPR.

To obtain more information on the specific safeguards in place for international transfers, please contact us at support@shuppi.com.