Start Free →

Privacy Policy

Last updated: May 5, 2026

1. Who we are

This Privacy Policy describes how Unmazed ("Unmazed", "we", "us", "our") collects, uses, shares, and protects personal data when you visit our website, create an account, or use our AI-powered analytics service (the "Service").

Data controller: Unmazed

Registered address: van Vollenhovenstraat 14, 5652SP, Eindhoven, Netherlands

Contact: privacy@getunmazed.com

2. Scope

This Policy applies to personal data we process about:

  • Users — people who create an Unmazed account (typically e-commerce founders, marketers, agency staff).
  • Website visitors — anyone browsing getunmazed.com
  • Customers of our users (end customers) — shoppers whose data may appear in the ad and store data our users connect, but only as described in Section 6.

3. What data we collect

3.1 Data you provide to us

  • Account data: name, email, password (hashed), company name, role, country, phone number (optional).
  • Billing data: billing contact, VAT / tax ID, last four digits of the payment card, payment status. Full card details are handled by our payment processor and never stored by Unmazed.
  • Support data: messages, screenshots, and attachments you send to support.

3.2 Data we collect automatically

  • Usage data: pages viewed, features used, clicks, session duration, referrer URL, timestamps.
  • Device and log data: IP address, browser type, operating system, device identifiers, crash logs.
  • Cookies and similar technologies — see our Cookies Policy.

3.3 Data we receive from connected integrations

When you connect a Third-Party Service (e.g., Shopify, Meta Ads, TikTok Ads, or Salla), we receive data you authorise via OAuth or API. This may include:

  • Store data: orders, products, SKUs, inventory, revenue, customer counts, AOV, refunds.
  • Ad account data: campaigns, ad sets, ads, spend, impressions, clicks, conversions, ROAS.
  • Account metadata: account ID, currency, time zone, connected user email.
  • Aggregate or anonymized end-customer information (e.g., number of new vs returning buyers, city-level geography) — we do not request raw end-customer personal data beyond what is needed to compute aggregate metrics.

We do not intentionally collect special categories of data (health, biometric, religious belief, etc.). Please do not upload such data to the Service.

Salla stores: when you connect a Salla store we additionally receive, via order records, customer names, email addresses, phone numbers, and shipping addresses. This information is used exclusively to compute order-level metrics for your dashboard and is not used to contact end customers or for advertising purposes.

Shopify stores: when you connect a Shopify store we receive order IDs, order totals, line items, customer names, email addresses, shipping addresses, product titles, variants, and fulfillment data. This information is used exclusively to compute analytics and metrics within your dashboard and is not sold to third parties. If you uninstall Unmazed from your Shopify store, your data is deleted within 30 days of receiving Shopify's deletion notification. You may also request deletion at any time by emailing privacy@getunmazed.com. We comply with Shopify's API Terms of Service and Partner Program Agreement.

Meta Ads: data received from Meta is used exclusively to provide analytics within your Unmazed dashboard. It is not used for ad targeting on other platforms and is not sold to third parties. If you disconnect Meta in Unmazed, your data is retained for up to 24 months to support historical analysis. If you remove the Unmazed app from your Facebook settings, or submit an explicit data deletion request, your Meta-linked data is deleted within 30 days. You may submit a deletion request at any time by emailing privacy@getunmazed.com. We comply with the Meta Platform Terms and Developer Policies.

TikTok Ads: data received via the TikTok Marketing API (ad account information, campaign performance metrics, ad group and ad-level data) is used exclusively to provide analytics within your Unmazed dashboard. It is not used for advertising targeting, resold, or shared with third parties beyond what is necessary to provide the Service. If you disconnect TikTok in Unmazed, your data is retained for up to 24 months to support historical analysis. You may request deletion at any time by emailing privacy@getunmazed.com. We comply with the TikTok Marketing API Terms of Service.

4. How we use personal data

We process personal data for the following purposes and legal bases:

#PurposeExamplesLegal basis
1Provide the Serviceauthenticating you, syncing data from connected platforms, generating dashboards and AI insightsPerformance of contract
2Billing and account managementprocessing subscriptions, invoicing, fraud preventionPerformance of contract / legal obligation
3Supportresponding to tickets, investigating bugsLegitimate interests
4Product improvementanalysing feature usage, improving models on aggregated and anonymised dataLegitimate interests
5Securitydetecting abuse, preventing unauthorised accessLegitimate interests / legal obligation
6Marketingsending product updates, tips, and offers to usersLegitimate interests (users); consent (prospects) — you can opt out at any time
7Legal complianceresponding to lawful requests, enforcing our TermsLegal obligation

Where consent is the legal basis, you can withdraw it at any time without affecting the lawfulness of earlier processing.

5. AI processing

5.1 Unmazed uses machine-learning and large-language-model (LLM) technology to generate summaries, recommendations, and anomaly detection from the data connected to your account.

5.2 We do not use your Customer Data to train foundation models offered to other customers. Where we fine-tune or evaluate models, we do so on aggregated or anonymised data that cannot reasonably identify you, your business, or your end customers.

5.3 Some AI features may be powered by sub-processors (e.g., OpenAI, Anthropic, Google). Data sent to these sub-processors is governed by their data-processing terms and is used solely to return a response to your request — it is not used by them to train their public models.

6. End-customer data in connected platforms

When you connect a store or ad account, that platform may expose data about your end customers. Unmazed acts as a processor of that data on your behalf: you remain the controller and are responsible for obtaining any consents required under applicable law (for example, consent to share customer data with analytics providers).

We minimize end-customer exposure by:

  • requesting only the scopes needed for the feature you use;
  • preferring aggregated / anonymized endpoints where available;
  • encrypting data in transit and at rest;
  • deleting data on disconnect or account closure as described in Section 9.

7. How we share personal data

We do not sell personal data. We share it only with:

  • Sub-processors — service providers that help us run the Service (hosting, databases, email, payments, analytics, AI model providers, customer-support tools). A current list is available on request at privacy@getunmazed.com.
  • Third-Party Services you connect — we send data to these only when you initiate an action that requires it.
  • Professional advisors — auditors, lawyers, accountants, under duties of confidentiality.
  • Authorities — where required by law, court order, or to protect rights, safety, or property.
  • Acquirers — in connection with a merger, acquisition, or asset sale, subject to confidentiality and continued protection of your data.

8. International data transfers

Unmazed operates primarily in the MENA region. Our primary database infrastructure is hosted in the European Union (EU). Other sub-processors may be located in the EU, UK, US, or elsewhere. When we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or your explicit consent, as required by applicable law.

9. Retention

  • Account data: kept while your account is active and for up to 24 months after closure, unless a longer period is required by law (e.g., tax records).
  • Billing data: kept for 7 years (or the minimum retention required by local tax law).
  • Connected-platform data: retained for up to 24 months after you disconnect an integration, to support historical analysis and year-over-year comparisons. Upon an explicit deletion request, account closure, or a platform-mandated deletion callback (e.g., Meta deauthorization, Shopify shop redact), data is deleted within 30 days. Aggregated metrics that no longer identify any individual are not subject to this timeline.
  • Support tickets: kept for 24 months after resolution.
  • Marketing data: kept until you opt out or after 24 months of no engagement.
  • Backups: may persist for up to 90 days beyond deletion timelines before being overwritten.

10. Security

We apply technical and organizational measures appropriate to the risk, including:

  • TLS encryption in transit and AES-256 (or equivalent) at rest;
  • access controls, least-privilege, and audit logs;
  • secrets management and encrypted credential storage for OAuth tokens;
  • regular patching, vulnerability scanning, and dependency updates;
  • principle of data minimisation in scopes and queries.

No system is perfectly secure. If you believe your account has been compromised, contact security@getunmazed.com immediately.

11. Your rights

Depending on your jurisdiction, you may have the right to:

  • access the personal data we hold about you;
  • correct inaccurate data;
  • delete your data ("right to be forgotten");
  • restrict or object to processing;
  • data portability (receive your data in a structured format);
  • withdraw consent at any time;
  • lodge a complaint with your local data-protection authority (in Egypt: the Personal Data Protection Centre; in UAE: the UAE Data Office; in KSA: SDAIA; in the EU: your national DPA).

To exercise a right, email privacy@getunmazed.com. We will respond within the statutory period (typically 30 days). We may need to verify your identity before acting on the request.

If you are an end customer of one of our users and want to exercise a right related to data held by that business, contact the business directly — they are the controller of that data.

12. Cookies

See our Cookies Policy.

13. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

14. Changes to this Policy

We may update this Policy from time to time. Material changes will be notified by email or in-app notice at least fourteen (14) days before they take effect. The "Last updated" date at the top indicates the latest version.

15. Contact

Unmazed

Legal entity: Unmazed

Address: van Vollenhovenstraat 14, 5652SP, Eindhoven, Netherlands

Email (privacy): privacy@getunmazed.com

Email (security): security@getunmazed.com