← Back to leaderboard

Privacy Policy

Last updated: February 28, 2026

What EcomELO Does

EcomELO is a public leaderboard for verified Shopify store revenues. Merchants install the app to showcase their revenue on the leaderboard. Revenue figures are calculated from Shopify order data and displayed publicly (unless the merchant opts out).

Data We Collect

  • Order data: Order totals and timestamps from your Shopify store. We do not collect line-item details, product names, or customer information.
  • Store information: Store name, domain, currency, and owner name as provided by the Shopify Shop API.
  • Profile information: Founder name, bio, category, and social media handles that you voluntarily provide via the dashboard.
  • Account credentials: Email and hashed password for your EcomELO dashboard account (managed by Supabase Auth).

How We Use Your Data

  • Calculate and display revenue metrics (MTD, L30D, L365) on the leaderboard.
  • Show your store profile (name, founder, socials) on the public leaderboard.
  • Authenticate you when you sign in to the merchant dashboard.

We do not sell, rent, or share your data with third parties for marketing purposes.

Privacy Controls

You have full control over what is displayed. From the merchant dashboard you can:

  • Opt out of the public leaderboard entirely.
  • Hide your brand name (appear anonymously).
  • Hide your revenue figures and order counts.
  • Hide your founder name and photo.

These settings apply to the public leaderboard. For private communities, you can configure separate privacy settings per community from the community page.

When you hide information, it is stripped from API responses server-side and never sent to other users' browsers.

Data Retention & Deletion

We retain your data for as long as the app is installed on your Shopify store. When you uninstall the app, Shopify sends a shop/redact webhook and we delete all associated data (store record, orders, and stats) from our database.

You may also request data deletion at any time by contacting us.

Security

  • Passwords are hashed using bcrypt and never stored in plain text.
  • Shopify access tokens are stored securely and used only to fetch order data.
  • All connections use TLS encryption (HTTPS).
  • Webhook payloads are verified using HMAC-SHA256 signatures.
  • Database access is protected by Row-Level Security (RLS) policies.

GDPR & Customer Data

EcomELO does not collect personally identifiable information about your customers. We only access order amounts and timestamps. We comply with Shopify's mandatory GDPR webhooks for customer data requests, customer deletions, and shop deletions.

Third-Party Services

  • Supabase: Database and authentication hosting.
  • Vercel: Application hosting.
  • Open Exchange Rates: Currency conversion (no personal data is sent).

Contact

For privacy questions or data deletion requests, email hello@ecomelo.io.