Privacy Policy

How Smart Bundles AI protects and handles your BigCommerce store data

Last Updated: September 20, 2025
Table of Contents

1. Overview

Expert Ecom LLC ("we," "us," or "our") operates Smart Bundles AI, a BigCommerce application that helps merchants create and manage product bundles. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

We are committed to protecting your privacy and maintaining the trust you place in us when using our BigCommerce app. This policy complies with applicable data protection laws, including GDPR, CCPA, and other privacy regulations.

Key Principle: We only collect data necessary to provide and improve our Service. We never sell your personal data to third parties.

2. Information We Collect

2.1 BigCommerce Store Data

When you install our app, we collect:

  • Store Information: Store name, URL, currency, timezone
  • Product Data: Product names, descriptions, prices, inventory levels
  • Order Data: Bundle purchase information for analytics
  • Customer Data: Aggregated purchasing patterns (no personal identifiers)

2.2 Account Information

  • Name and email address from your BigCommerce account
  • Store administrator details
  • Billing information (processed by BigCommerce)
  • Subscription plan and usage data

2.3 Usage Data

  • App interaction data and feature usage
  • Bundle creation and performance metrics
  • Error logs and technical diagnostics
  • IP addresses and browser information

2.4 Communications

  • Support inquiries and feedback
  • Email correspondence
  • Survey responses (optional)

3. How We Use Information

3.1 Service Provision

  • Creating and managing product bundles
  • Generating AI-powered recommendations
  • Providing analytics and insights
  • Syncing with BigCommerce APIs

3.2 Service Improvement

  • Analyzing usage patterns to enhance features
  • Identifying and fixing technical issues
  • Developing new functionality
  • Optimizing performance

3.3 Customer Support

  • Responding to support requests
  • Providing technical assistance
  • Troubleshooting account issues
  • Offering usage guidance

3.4 Business Operations

  • Processing payments through BigCommerce
  • Maintaining account records
  • Complying with legal obligations
  • Preventing fraud and abuse

4. Information Sharing

4.1 We Do NOT Share Personal Data With:

  • Advertisers or marketing companies
  • Data brokers or aggregators
  • Other BigCommerce app developers
  • Social media platforms

4.2 We MAY Share Data With:

Service Providers:

  • Cloud hosting providers (AWS, Google Cloud)
  • Analytics services (anonymized data only)
  • Customer support tools
  • Security monitoring services

Legal Requirements:

  • Government agencies when required by law
  • Law enforcement with valid legal process
  • Courts pursuant to legal proceedings

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

5. Data Security

5.1 Technical Safeguards

  • Encryption: All data is encrypted in transit and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls and intrusion detection systems
  • Monitoring: 24/7 security monitoring and alerting

5.2 Organizational Measures

  • Regular security training for employees
  • Background checks for staff with data access
  • Incident response procedures
  • Third-party security audits

5.3 Compliance

  • SOC 2 Type II compliance
  • GDPR compliance for EU users
  • CCPA compliance for California residents
  • BigCommerce security standards

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and you continue using our Service.

6.2 Closed Accounts

  • Personal Data: Deleted within 30 days of account closure
  • Business Data: Retained for 90 days for potential account recovery
  • Aggregated Data: May be retained indefinitely (anonymized)
  • Legal Requirements: Some data may be retained longer if required by law

6.3 Data Deletion

You may request immediate deletion of your data by contacting our support team. We will process deletion requests within 30 days.

7. Your Rights

7.1 Data Access and Portability

  • Request a copy of your personal data
  • Export your bundle configurations
  • Receive data in a machine-readable format

7.2 Data Correction and Updates

  • Update your account information
  • Correct inaccurate data
  • Modify your preferences

7.3 Data Deletion

  • Request deletion of your account
  • Remove specific data elements
  • Withdraw consent for data processing

7.4 Communication Preferences

  • Opt out of marketing emails
  • Choose notification preferences
  • Limit data collection (may impact service functionality)
Exercise Your Rights: Contact us at support@smartbundlesai.com to exercise any of these rights. We will respond within 30 days.

8. GDPR Compliance (European Union)

8.1 Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: To provide the Service you've subscribed to
  • Legitimate Interests: To improve our Service and communicate with you
  • Consent: For marketing communications and optional features
  • Legal Obligations: To comply with applicable laws and regulations

8.2 EU/EEA Data Transfers

When we transfer data outside the EU/EEA, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) with service providers
  • Data Processing Agreements (DPAs) with all processors
  • Adequacy decisions where applicable

8.3 Your GDPR Rights

  • Right to Access: Obtain copies of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive data in a portable format
  • Right to Object: Object to certain processing activities
  • Right to Withdraw Consent: Withdraw consent at any time

8.4 Data Protection Contact

Data Protection Officer: privacy@smartbundlesai.com
EU Representative: Available upon request
Supervisory Authority: You may lodge a complaint with your local data protection authority

9. CCPA Compliance (California)

9.1 Categories of Personal Information Collected

In the last 12 months, we have collected these categories under CCPA:

  • Identifiers: Name, email, IP address, account ID
  • Commercial Information: Purchase history, subscription details
  • Internet Activity: Browsing history within our app, interaction data
  • Professional Information: Business name, industry type
  • Inferences: Preferences and trends derived from your data

9.2 Do Not Sell My Personal Information

We DO NOT sell your personal information to third parties. We have not sold personal information in the past 12 months and will not sell it in the future.

9.3 Your CCPA Rights

California residents have the right to:

  • Know: What personal information we collect, use, and share
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt-out of the sale of personal information (not applicable as we don't sell)
  • Non-Discrimination: Not be discriminated against for exercising your rights
  • Correct: Request correction of inaccurate information
  • Limit Use: Limit use and disclosure of sensitive personal information

9.4 How to Exercise Your Rights

To exercise your CCPA rights, you may:

  • Email us at: privacy@smartbundlesai.com
  • Call us toll-free at: 1-888-XXX-XXXX
  • Submit a request through your account dashboard

We will verify your identity before processing requests. We respond to requests within 45 days. You may make up to 2 requests per 12-month period.

9.5 Authorized Agent

You may designate an authorized agent to make requests on your behalf. The agent must provide written permission and verify their identity.

10. Cookies and Tracking

10.1 Essential Cookies

We use essential cookies to:

  • Maintain your session and login status
  • Remember your preferences
  • Ensure security and prevent fraud
  • Enable core app functionality

10.2 Analytics Cookies

With your consent, we use analytics cookies to:

  • Understand how you use our Service
  • Identify popular features
  • Measure performance
  • Improve user experience

10.3 Cookie Management

You can control cookies through your browser settings. Note that disabling essential cookies may impact app functionality. We do not use third-party advertising cookies.

10.4 Cookie Consent

For EU/EEA users, we obtain explicit consent before placing non-essential cookies. You can withdraw consent at any time through your account settings.

11. Data Breach Notification

11.1 Our Commitment

In the unlikely event of a data breach that affects your personal information, we commit to:

  • Notify affected users within 72 hours of discovery
  • Provide details about what information was affected
  • Explain the measures we've taken to address the breach
  • Offer guidance on steps you can take to protect yourself
  • Report to relevant supervisory authorities as required by law

11.2 Notification Methods

We will notify you through:

  • Email to your registered address
  • Prominent notice in your account dashboard
  • Public announcement on our website for large-scale breaches

11.3 Breach Response Team

We maintain a dedicated incident response team that follows established procedures to contain, assess, and remediate any security incidents.

12. Third-Party Services

12.1 Service Providers We Use

We work with carefully selected third-party service providers:

Service Provider Purpose Data Shared
BigCommerce App platform and API services Store data, product information, orders
Stripe Payment processing Billing information (encrypted)
Amazon Web Services (AWS) Cloud hosting and storage All application data (encrypted)
Google Cloud Platform Backup and disaster recovery Backup data (encrypted)
Cloudflare CDN and DDoS protection Traffic data, IP addresses
SendGrid Transactional email delivery Email addresses, names
Sentry Error tracking and monitoring Error logs, performance data
Google Analytics Usage analytics (optional) Anonymized usage data

12.2 Third-Party Compliance

All our service providers are required to:

  • Sign Data Processing Agreements (DPAs)
  • Comply with GDPR and CCPA requirements
  • Maintain appropriate security standards
  • Only process data according to our instructions
  • Delete data upon termination of services

12.3 Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

13. Children's Privacy

Our Service is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected such information, we will take steps to delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

14. Policy Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Email notification to your registered address
  • Prominent notice within the app
  • Posting updates on our website

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Office

Privacy: support@smartbundlesai.com

Security: support@smartbundlesai.com

Your Privacy is Protected

Install Smart Bundles AI with confidence knowing your BigCommerce data is secure

Install Securely on BigCommerce Privacy Questions?