Privacy Policy

Last updated: 11/14/2025
Effective date: 11/14/2025

1. DATA WE COLLECT

  • Personal information: names, email addresses, phone numbers, physical addresses
  • Payment information: processed by Stripe (we do NOT store credit card data - Stripe is PCI-DSS Level 1 certified)
  • Location data: for showing nearby stores and order fulfillment
  • Device information: for push notifications via Firebase Cloud Messaging
  • Order history and purchase data
  • IP addresses and usage analytics

2. HOW WE COLLECT DATA

  • Through the Intershop Go mobile app (iOS and Android)
  • Via Stripe for secure payment processing
  • Through Firebase for push notifications and analytics
  • Via Supabase for secure database storage with Row-Level Security (RLS)

3. WHY WE COLLECT DATA

  • Order processing and fulfillment
  • Customer support and communication
  • Fraud prevention and security
  • Platform improvement and analytics
  • Legal compliance and tax reporting (orders retained 7 years)

4. WHO WE SHARE DATA WITH

  • Stripe, Inc. (payment processing - PCI-DSS compliant)
  • Supabase (secure database management with encryption)
  • Firebase (push notifications and analytics)
  • Merchant stores (only order details: customer name, phone, items ordered)
  • Law enforcement (only if legally required)

WE DO NOT SELL USER DATA TO THIRD PARTIES

5. USER RIGHTS (GDPR & CCPA COMPLIANT)

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to delete your account and data (completed within 30 days)
  • Right to opt-out of marketing communications
  • Right to data portability
  • How to exercise rights: Email Officialintershopgo@intershopgo.com

6. DATA SECURITY

  • 256-bit SSL/TLS encryption for all data transmission
  • Encrypted storage in Supabase with Row-Level Security policies
  • Regular security audits and penetration testing
  • PCI-DSS compliance through Stripe (we never see or store card data)
  • Password hashing and optional two-factor authentication (2FA)

7. DATA RETENTION

  • Order data retained for 7 years for tax compliance
  • Account data deleted within 30 days of deletion request
  • Marketing data deleted immediately upon opt-out

8. COOKIES

  • Essential cookies for website functionality (required)
  • Analytics cookies (Google Analytics) - optional with user consent
  • How to disable cookies in browser settings

9. CHILDREN'S PRIVACY

Service not intended for users under 18 without parental consent. COPPA compliance statement.

10. INTERNATIONAL DATA TRANSFERS

  • Data may be processed in the United States
  • GDPR compliance for EU users

11. CONTACT INFORMATION

Privacy inquiries: Officialintershopgo@intershopgo.com