Legal

Privacy Policy

Effective date: July 7, 2026

1. Introduction

This Privacy Policy explains how Byteex Ltd, a company registered in Cyprus, trading as Redspot ("Redspot", "we", "us"), collects, uses and protects personal data in connection with:

Two roles matter throughout this policy. For data about merchants who use the Service and visitors to this Site, we act as the data controller. For data about a merchant's own store visitors ("End Users") that the Service records on the merchant's behalf, the merchant is the controller and we act as their processor.

2. Information We Collect

2.1 From merchants

2.2 From Site visitors

2.3 From End Users, on behalf of merchants

When a merchant enables the Service on their store, we record:

What we deliberately do not collect: text typed by End Users is masked in their browser before anything is transmitted (typed values are replaced with bullets and sensitive fields are redacted); clipboard contents are never recorded; payment card details are never recorded. Recording is gated on the consent state exposed by Shopify's Customer Privacy API, so where consent is required and not given, the Service does not record.

3. Data From Your Shopify Store

The Service accesses your store through Shopify's APIs using the scopes approved at install time (for example, web pixel activation and order data used for revenue attribution). We use this data only to provide the Service to you. We do not sell it, and we do not use it to train third-party AI models.

When you uninstall the Service, Shopify notifies us and your store's data is deleted as described in Section 10. A Data Processing Agreement reflecting GDPR Article 28 terms is available on request at help@getredspot.com.

4. How We Use Information

5. Cookies and Tracking

5.1 On this Site

We use, or may introduce, analytics and advertising technologies such as Google Analytics and Meta Pixel to understand Site traffic and measure campaigns. Where required by law, these load only after you consent.

5.2 In the Service

The app inside the Shopify admin uses strictly necessary cookies for authentication and session management only.

5.3 On merchants' storefronts

The Service stores a pseudonymous session identifier in the End User's browser storage to stitch a browsing session together. It is first-party to the storefront, is not used for cross-site advertising, and recording remains consent-gated as described in Section 2.3.

6. Legal Basis for Processing (GDPR)

For End User data processed on behalf of merchants, the merchant determines the legal basis; we process on their documented instructions.

7. How We Share Information

We never sell personal data. We share it only with the sub-processors needed to run the Service:

We may also disclose information where required by law, or as part of a merger, acquisition or asset sale with equivalent protections.

8. International Transfers

Our sub-processors operate in the EU and the United States. Where personal data leaves the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

9. Data Security

10. Data Retention

11. Your Rights

If you are in the EU/EEA or UK, you may request access, rectification, erasure, restriction, portability, or object to processing, and you may lodge a complaint with your supervisory authority (for us, the Office of the Commissioner for Personal Data Protection in Cyprus).

If you are a California resident, you have the right to know, delete and correct personal information, and to opt out of "sharing" for cross-context behavioral advertising.

End Users: if you were recorded while visiting a store that uses Redspot, the store is the data controller — please contact the merchant directly. We support merchants in fulfilling such requests through Shopify's privacy tooling.

To exercise any right against us, email help@getredspot.com.

12. Children's Privacy

The Site and Service are not directed at children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us personal data, contact us and we will delete it.

13. Changes to This Policy

We may update this policy from time to time. The effective date above reflects the latest revision; material changes will be communicated to merchants through the app or by email.

14. Contact Us

Byteex Ltd (trading as Redspot), Cyprus
help@getredspot.com