Privacy Policy

Ektra Solutions OÜ (“Ektra,” “we,” “us”) provides analytics software for ecommerce operators. Ektra connects to stores, advertising platforms, and user-entered business data to calculate contribution margin and net profit by product, store, and organization.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and the rights available to users and merchants. If you have questions, contact us at privacy@ektra.app.

We collect the following categories of data:

• Account and organization data. When you sign up or are invited to Ektra, we collect identifiers such as your email address, name, authentication method, organization membership, role, and account settings.
• Store and commerce data. When you connect a Shopify store or another commerce platform, we receive store metadata, product and variant records, inventory and stock information where enabled, orders, refunds, transaction totals, line items, discounts, taxes, currencies, and delivery-region information needed to calculate profitability.
• Advertising data. When you connect Meta, Google Ads, TikTok, or another advertising platform, we receive account, campaign, ad set, ad, and aggregated performance data such as spend, impressions, clicks, conversions, purchases, and country or placement breakdowns. We do not request audience-level profiles or individual advertising-user data.
• Business inputs. Users may enter costs of goods sold, shipping rules, payment-fee settings, tax settings, operating expenses, product grouping rules, notes, and other operational inputs.
• AI and support content. If you use Ektra's AI analyst or contact support, we process the prompts, messages, files, metadata, and diagnostic context needed to answer the request and improve the service.
• Usage, device, and log data. We collect product usage events, page views, IP address, browser and device details, request URLs, error reports, performance data, and security logs.

• To compute net profit per order, including ad spend, COGS, fees, and shipping costs.
• To present dashboards, breakdowns, and exports to authorized users in your organization.
• To power AI chat, MCP tools, forecasts, anomaly detection, and other analysis features requested by your organization.
• To operate, secure, and improve the service (debugging, capacity planning, fraud prevention).
• To communicate with you about service status, security, and product updates that affect your account.

We do not sell your data, do not share it with advertisers for their own marketing, and do not use your organization's private business data to train public AI models.

Where European data-protection law applies, we process personal data on the following bases: to perform our contract with you, to comply with legal obligations, with your consent where required, and for legitimate interests such as securing, operating, and improving Ektra, provided those interests are not overridden by your rights.

We use service providers to operate Ektra. They may process data only as needed to provide their services to us:

• Supabase — managed Postgres database, authentication, realtime, and storage.
• Vercel — application hosting and edge delivery.
• Inngest — background-job orchestration for sync workflows.
• Sentry — error tracking. May incidentally receive request URLs, stack traces, and user identifiers.
• Axiom — application logs.
• PostHog — product analytics and feature usage measurement.
• OpenAI — AI features when your organization uses the in-app analyst or related tools.
• Shopify, Meta, Google, TikTok, and other connected platforms — data sources and integration partners authorized by your organization.

We may add or replace providers as Ektra evolves. Material changes that affect how your data is processed will be reflected in this policy or communicated to account owners.

Ektra is operated from the European Union, but some providers may process data in other countries. Where required, we use appropriate safeguards such as data-processing agreements, Standard Contractual Clauses, and provider security commitments.

We retain organization data for as long as the organization is active or as needed to provide Ektra. If you disconnect an integration, uninstall an app, or delete your organization, we delete or anonymize the associated data within 30 days unless retention is required by law, needed to resolve disputes, or necessary for security and fraud prevention. Backups are rotated or overwritten within 90 days.

We comply with Shopify's mandatory GDPR webhooks for installed apps:

• customers/data_request: we search for any data associated with the requested customer identifiers and return or confirm what we hold.
• customers/redact: we delete or anonymize customer-linked data that we hold, except where retention is legally required.
• shop/redact: when received (48 hours after uninstall), we permanently delete all data associated with that shop within 30 days.

We use technical and organizational safeguards designed to protect your data, including encryption in transit, managed encryption at rest, role-based access controls, row-level security in our database, production access controls, multi-factor authentication for administrative systems, audit logging, monitoring, and encrypted storage of integration credentials. No online service can guarantee absolute security, but we work to prevent, detect, and respond to unauthorized access.

Depending on where you live, you may have the right to access, correct, port, or delete the personal data we hold about you, and to object to or restrict certain uses. To exercise any of these rights, email us at privacy@ektra.app. We respond within 30 days.

If you are in the EU/EEA or UK, you also have the right to lodge a complaint with your local supervisory authority.

We use a small number of cookies for authentication (session tokens) and for product analytics. We do not use third-party advertising cookies. Authentication cookies are required to use the application; analytics cookies can be disabled where an opt-out is available in the product.

The service is intended for businesses. We do not knowingly collect data from anyone under 16. If you believe a minor has used the service, contact us and we will delete the relevant data.

We may update this policy when our practices change or new features ship. Material changes are announced by email to the primary contact on each organization's account at least 30 days before they take effect. The “Last updated” date above always reflects the current version.

Ektra Solutions OÜ
Ahtri tn 12, 15551 Tallinn, Estonia
Email: support@ektra.app
Privacy requests: privacy@ektra.app