Last updated: 7 July 2026
This Privacy Policy explains how Commerce Bridge ("Commerce Bridge", "we", "us") collects, uses, shares and protects personal information when you use our multi-tenant commerce platform, our website, and our Shopify app and connectors (together, the "Services"). It also explains the rights available to you under the UK GDPR, EU GDPR, POPIA and similar laws.
Name, email, phone, company, login credentials (passwords are hashed), and billing/subscription details for account holders and resellers.
Log data, IP address, browser/device type, pages viewed, and performance metrics (see Cookies). Used to operate, secure and improve the Services.
When a merchant uses Commerce Bridge, we process the data their store generates — product catalogue, orders, inventory, and customer details (name, email, address, order history) — solely to provide the Services to that merchant.
Where a merchant connects an ERP/PIM (e.g. SAP, SysPro, SalesLayer) or a marketplace/payment provider, we process the catalogue, pricing, inventory and order data required to synchronise those systems.
Our legal bases are: performance of a contract, our legitimate interests in operating and securing the Services, consent (where required, e.g. non-essential cookies/marketing), and legal obligation.
Our Shopify app accesses only the scopes a merchant approves — typically products, orders, inventory, fulfilment, customers, and (for B2B) company data — to sync the store with Commerce Bridge and power storefront features (wishlists, upsells, search, loyalty, audits). We honour Shopify's mandatory compliance webhooks: customers/data_request, customers/redact and shop/redact. When a shop uninstalls the app or a redaction request is received, we delete the associated data from our systems.
We do not sell personal information. We share it only with:
Sub-processors are bound by contract to protect data and process it only on our instructions.
We use strictly-necessary cookies for authentication and security, and, with your consent, analytics/performance cookies. We collect anonymised real-user performance metrics (e.g. page load timings) to monitor and improve reliability. You can manage non-essential cookies via the on-site consent banner.
We keep personal information only as long as needed to provide the Services, comply with legal, tax and audit obligations, and resolve disputes. Merchant/storefront data is retained per our agreement with the merchant and deleted on account closure or valid redaction request.
We protect data with encryption in transit (TLS) and at rest for sensitive fields, access controls and least-privilege scoping, audit logging, and regular security review. No system is perfectly secure, but we work to protect your information and to notify you of material incidents as required by law.
Subject to applicable law, you may request access, correction, deletion, restriction, portability, or object to certain processing, and withdraw consent. Where Commerce Bridge is a processor for a merchant, we will direct storefront-shopper requests to that merchant or assist them in responding.
To exercise your rights, contact us at support@commerce-bridge.tech. You also have the right to complain to your data protection authority (e.g. the UK ICO or the South African Information Regulator).
We operate infrastructure in multiple regions (including the UK, EU and South Africa). Where personal data is transferred across borders, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.
The Services are not directed to children under 16, and we do not knowingly collect their personal information.
We may update this policy from time to time. Material changes will be posted here with a revised "Last updated" date.
Commerce Bridge — Privacy
Email: support@commerce-bridge.tech