Privacy policy | CMOgpt v13

Our privacy policy

Your privacy matters to us. CMOgpt is designed to help ecommerce merchants understand business performance without creating a new customer data platform.

This Privacy Policy explains what data we collect, what data we do not collect, how data is used, how data may be transmitted through MCP, and how long data is retained.

1. How You Access CMOgpt

CMOgpt is provided as a web-based service.

You may access CMOgpt through Shopify authentication, a CMOgpt account, connected platform integrations, or an authorised MCP connection.

Only authenticated and authorised users can access their own merchant data.

2. Data collected

CMOgpt reads or receives data during a session in order to provide analysis, benchmarking, and business recommendations.

This may include data pulled through authorised Shopify and Google Analytics API calls.

Shopify data

CMOgpt may collect or read:

Shopify order data
Product information
Inventory information
Sales and revenue data
Discount data
Refund and return information where required for analysis
Margin and profitability inputs where available

We use this data to calculate performance metrics, assess business health, support profitability modelling, and benchmark your store.

Google Analytics 4 data

Where you connect Google Analytics 4, CMOgpt may collect or read GA4 metrics.

This may include:

Traffic metrics
Conversion metrics
Channel performance
Campaign performance
Store or account-level analytics metrics

We use this data to assess traffic quality, conversion performance, marketing efficiency, and performance gaps.

3. Data input by you

You may enter additional information into CMOgpt.

This may include:

Marketing spend
Business targets
Revenue goals
Margin targets
Growth targets
Business questions
Commercial context
Notes, prompts, or other inputs

We use this information to assess marketing efficiency, compare actual performance against targets, identify gaps, and provide business strategy recommendations.

This information is entered by you through the CMOgpt platform under your login access control.

4. Data generated by CMOgpt

CMOgpt also generates derived data from your business inputs and connected data sources.

This may include:

Business metrics
CMOgpt scores
Performance assessments
Benchmark comparisons
Performance gap analysis
Contribution margin analysis
Marketing efficiency analysis
Decision tree outputs
Scoring matrix outputs
AI-generated responses and explanations

These outputs are used to provide the CMOgpt service within your account.

5. Data not collected

CMOgpt does not collect customer-identifiable information such as:

Customer names
Customer email addresses
Customer phone numbers
Delivery addresses
Payment details
Card information
Passwords
Shopify admin credentials

Shopify customer records are not extracted and not retained.

CMOgpt is a business performance and strategy tool, not a customer data platform.

6. Data transmission through MCP

If you use CMOgpt in Claude, ChatGPT, or another authorised AI client, CMOgpt may provide selected data to the AI model through our MCP server.

The data provided through MCP may include:

Business metrics
CMOgpt scores and assessments on your business metrics
Industry benchmarks
Business targets
Performance gap analysis
CMOgpt proprietary algorithms, decision trees, and scoring matrix outputs needed to support machine inference

The MCP server is designed to provide business performance context and analytical reasoning, not customer-identifiable records.

MCP requests may be logged for security, debugging, audit, and abuse prevention.

7. How data is used

CMOgpt uses merchant data to:

Calculate performance indicators
Build business metrics
Generate benchmarks
Assess marketing efficiency
Model margin and profitability
Identify performance gaps
Support business strategy recommendations
Power AI-assisted responses
Provide customer support
Maintain security and service reliability
Improve the accuracy and usefulness of the CMOgpt service

We do not sell merchant data.

We do not use merchant data for advertising.

We do not use merchant data to train public AI models.

8. AI processing

CMOgpt uses AI services to help generate insights and responses.

AI processing may use:

Merchant performance data
Business metrics
Benchmarks
CMOgpt scoring outputs
Business targets
User prompts and questions

Merchant data submitted for AI processing is used only to provide the CMOgpt service.

It is not used to train public AI models.

It is not shared with other merchants.

It is not used for advertising.

9. Data storage and security

CMOgpt uses trusted infrastructure providers to host and operate the service.

We take reasonable steps to protect merchant data, including:

Encryption in transit
Encryption at rest
Secure authentication
Role-based access control
Logical separation of merchant data
Limited internal access
Logging and monitoring
Secure infrastructure practices

No system can be guaranteed to be completely secure, but CMOgpt is designed to limit access to the data required to provide the service.

10. Data retention

CMOgpt retains different types of data for different periods.

Data category Retention period

Business metrics Retained for the duration of the signup, trial, or subscription period

Shopify order data Retained for 30 days to support margin and profitability modelling

Shopify customer data Not extracted and not retained

Product and inventory information Retained for the duration of the signup, trial, or subscription period

GA4 metrics Retained for the duration of the signup, trial, or subscription period

Marketing spend entered by you Retained for the duration of the signup, trial, or subscription period

Business targets entered by you Retained for the duration of the signup, trial, or subscription period

CMOgpt scores and assessments Retained for the duration of the signup, trial, or subscription period

MCP request logs Retained for a limited period for security, debugging, audit, and abuse prevention

AI prompts and responses Retained only as required to provide the service, support account history

Billing and legal records Retained where required by law

Backups Deleted through normal backup rotation

After cancellation, disconnection, or expiry of a trial, merchant data is deleted or de-identified, subject to limited retention required for security, compliance, legal, billing, or backup purposes.

11. Disconnection and deletion

You may disconnect integrations or cancel your subscription at any time.

When you disconnect a data source, CMOgpt will stop using that connection to retrieve new data.

You may request deletion of your merchant data by contacting support.

Deletion may be subject to limited retention required for security, compliance, legal, billing, or backup purposes.

12. Third-party services and sub-processors

CMOgpt may use trusted third-party providers to operate the service.

These may include infrastructure, AI processing, authentication, analytics, billing, support, and communications providers.

Where third-party providers process merchant data on our behalf, they act as sub-processors.

Use of third-party platforms such as Shopify, Google Analytics, Claude, ChatGPT, or other AI clients may also be subject to their own terms and policies.

13. Your rights

Depending on your jurisdiction and applicable law, you may have rights to:

Access your data
Correct your data
Delete your data
Restrict or object to processing
Request information about how your data is handled
Make a privacy complaint

To make a request, contact support@cmogpt.io.

14. Changes to this Privacy Policy

CMOgpt may update this Privacy Policy from time to time.

Material changes will be communicated through the service, email, website, or other reasonable means.

Continued use of the service after changes take effect means you accept the updated policy.

15. Contact

For privacy questions or data requests, contact:

support@cmogpt.io