Privacy Policy

Last Updated: January 22, 2026

1. Introduction and Definitions

MOONSHIFT LLC, operating as ProfitMaster (“we”, “our”, “us”, or “Company”), is a Limited Liability Company registered in Wyoming, USA. We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, transfer, store, retain, and otherwise process your information when you use our service (the “Service”).

This Privacy Policy applies to all users of our Service, including visitors to our website, registered users, and customers. Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Key Definitions:

• Personal Data/Personal Information: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
• Data Controller: The entity that determines the purposes and means of processing personal data.
• Data Processor: The entity that processes personal data on behalf of the data controller.
• Cookies: Small text files placed on your device to collect standard internet log information and visitor behavior information.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us when you:

• Register for an account (name, email address, password, business name, phone number)
• Connect your Shopify store (store URL, store credentials, API access tokens)
• Connect advertising accounts (Facebook Ads, Google Ads account credentials and data)
• Configure cost settings (product costs, shipping costs, platform fees)
• Fill out forms or surveys
• Communicate with our customer support team
• Subscribe to newsletters or marketing communications
• Provide payment information (processed through third-party payment processors)

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information, including:

• Device Information: IP address, browser type and version, operating system, device identifiers, device type
• Usage Information: Pages viewed, features used, time spent on pages, click patterns, navigation paths
• Location Information: General location based on IP address
• Log Information: Server logs, error reports, system activity
• Cookies and Tracking Technologies: See Section 10 for detailed information

2.3 Information from Third-Party Sources

We collect information from integrated third-party platforms:

• Shopify: Store data including orders, products, customers, inventory, sales transactions, refunds, shipping information
• Facebook Ads: Campaign data, ad spend, performance metrics, audience insights
• Google Ads: Campaign data, keyword performance, ad spend, conversion metrics
• Payment Processors: Transaction confirmation, payment status (we do not store full credit card details)

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance (GDPR Art. 6(1)(b)): Processing necessary to provide the Service you have subscribed to
• Legitimate Interests (GDPR Art. 6(1)(f)): Processing for business operations, fraud prevention, system security, and service improvements
• Consent (GDPR Art. 6(1)(a)): Marketing communications, optional features, cookies (where required)
• Legal Obligation (GDPR Art. 6(1)(c)): Compliance with applicable laws, tax obligations, responding to legal requests

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Delivery and Maintenance

• Provide, operate, and maintain the Service
• Process and complete transactions
• Synchronize data from Shopify and advertising platforms
• Calculate profit metrics, ROAS, and other analytics
• Generate reports and dashboards
• Manage your account and subscription

4.2 Communication

• Respond to your inquiries and support requests
• Send transactional emails (account confirmations, password resets, billing notices)
• Send service-related announcements (system updates, maintenance, security alerts)
• Send marketing communications (with your consent, where required)
• Conduct surveys and gather feedback

4.3 Service Improvement and Development

• Monitor and analyze usage patterns and trends
• Develop new features and functionality
• Improve user experience and performance
• Conduct research and analytics
• Test and troubleshoot new features

4.4 Security and Legal Compliance

• Detect, prevent, and address fraud, abuse, and security incidents
• Verify identity and prevent unauthorized access
• Comply with legal obligations and regulatory requirements
• Enforce our Terms and Conditions and other policies
• Protect our rights, property, and safety, and those of our users

5. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers and Business Partners

• Cloud Hosting Providers: For data storage and infrastructure (e.g., AWS, Google Cloud)
• Payment Processors: For processing subscription payments and refunds
• Email Service Providers: For sending transactional and marketing emails
• Analytics Providers: For usage analytics and performance monitoring
• Customer Support Tools: For managing support tickets and communications
• Security Services: For fraud detection, DDoS protection, and security monitoring

All service providers are contractually obligated to maintain the confidentiality and security of your information and may only use it for the purposes we specify.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Service of any change in ownership or uses of your personal information.

5.3 Legal Requirements and Protection

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Governmental or regulatory requests
• Protection of our rights, property, or safety
• Protection of the rights, property, or safety of our users or the public
• Investigation of fraud, security, or technical issues

5.4 With Your Consent

We may share your information for purposes not listed above when we have your explicit consent.

6. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence, including the United States, where our servers and service providers are located. These countries may have data protection laws that differ from those in your country.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure appropriate safeguards for such transfers, including:

• Standard Contractual Clauses (SCCs): EU-approved model contracts for data transfers
• Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
• Binding Corporate Rules: Where applicable
• Data Processing Agreements: Contractual obligations with service providers

For transfers from California under CCPA, we ensure that service providers commit to providing the same level of privacy protection required by California law.

7. Data Security

We implement and maintain appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

7.1 Technical Security Measures

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest using industry-standard algorithms
• Secure authentication mechanisms (password hashing, multi-factor authentication)
• Regular security assessments and penetration testing
• Firewall protection and intrusion detection systems
• Automated security monitoring and logging
• Regular security patches and updates

7.2 Organizational Security Measures

• Access controls limiting employee access to personal data on a need-to-know basis
• Confidentiality agreements with employees and contractors
• Regular security training for personnel
• Incident response procedures and data breach protocols
• Vendor security assessment and management
• Secure development practices and code reviews

While we use reasonable efforts to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

• Account Information: For the duration of your account plus 90 days after account closure
• Transactional Data: 7 years for tax and accounting purposes
• Shopify and Ad Platform Data: For the duration of your subscription plus 30 days
• Support Communications: 3 years from the last interaction
• Usage Logs: 12 months for security and analytical purposes
• Marketing Data: Until you withdraw consent or 2 years of inactivity
• Legal and Compliance Records: As required by applicable law (typically 7 years)

After the retention period expires, we will securely delete or anonymize your personal information. Some information may be retained in aggregated, anonymized form for statistical and analytical purposes.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We are committed to facilitating the exercise of these rights.

9.1 Rights Under GDPR (EEA, UK, Switzerland)

• Right of Access (Art. 15): Obtain confirmation of whether we process your data and receive a copy
• Right to Rectification (Art. 16): Correct inaccurate or incomplete personal data
• Right to Erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”)
• Right to Restriction (Art. 18): Limit how we use your personal data
• Right to Data Portability (Art. 20): Receive your data in a structured, commonly used format
• Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

9.2 Rights Under CCPA (California Residents)

California residents have the following rights under the California Consumer Privacy Act:

• Right to Know: Request disclosure of personal information collected, used, shared, or sold
• Right to Delete: Request deletion of personal information we have collected
• Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Not receive discriminatory treatment for exercising CCPA rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit Use of Sensitive Personal Information: Limit use and disclosure of sensitive personal information

9.3 How to Exercise Your Rights

To exercise any of these rights, please:

• Email us at: contact@profit-master.io with subject line “Privacy Rights Request”
• Log in to your account and access the privacy settings (for certain rights)
• Use our data subject request form (if available on our website)

We will respond to your request within the timeframe required by applicable law (typically 30 days for GDPR, 45 days for CCPA). We may need to verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and to personalize your experience. For detailed information about our use of cookies, please see our Cookie Policy.

10.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for the Service to function (authentication, security)
• Functional Cookies: Enable enhanced functionality and personalization
• Analytics Cookies: Help us understand how users interact with the Service
• Marketing Cookies: Track visitors across websites to display relevant advertisements

10.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of the Service.

11. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Service.

Third-party integrations include:

• Shopify (Privacy Policy: https://www.shopify.com/legal/privacy)
• Facebook/Meta (Privacy Policy: https://www.facebook.com/privacy/policy)
• Google (Privacy Policy: https://policies.google.com/privacy)

12. Children's Privacy

Our Service is not intended for individuals under the age of 18 years (“Children”). We do not knowingly collect personal information from Children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from Children without verification of parental consent, we will take steps to delete that information from our servers promptly.

13. Do Not Track Signals

Some web browsers incorporate a “Do Not Track” (DNT) feature that signals to websites you visit that you do not want to have your online activity tracked. Currently, our Service does not respond to DNT signals or similar mechanisms. We will continue to monitor developments in this area.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on this page with a new “Last Updated” date
• Sending an email notification to the email address associated with your account
• Displaying a prominent notice on our Service
• Requiring you to accept the updated Privacy Policy to continue using the Service (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

15. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For users in the European Economic Area, United Kingdom, or Switzerland, you have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates applicable data protection law.

16. Additional Information for Specific Regions

16.1 European Users (GDPR)

ProfitMaster is the data controller for the personal information we process, except where we process data on behalf of our customers (in which case we act as a data processor).

If you are located in the EEA, UK, or Switzerland, our legal basis for processing your information includes contract performance, legitimate interests, consent, and legal obligations as detailed in Section 3.

16.2 California Users (CCPA/CPRA)

Categories of Personal Information Collected (Last 12 Months):

• Identifiers (name, email, IP address, account ID)
• Commercial information (purchase history, subscription details)
• Internet activity (browsing history, interactions with Service)
• Geolocation data (general location from IP address)
• Professional information (business name, store information)
• Inferences (preferences, behavior patterns)

Sale of Personal Information: We do not sell personal information as defined by CCPA.

Sharing for Cross-Context Behavioral Advertising: We may share certain information with advertising partners. You can opt-out by contacting us.

16.3 Nevada Users

Nevada residents have the right to opt-out of the sale of certain covered information that we have collected or will collect. We do not currently sell covered information as defined under Nevada law. If you have questions, contact us at contact@profit-master.io.