← Back to Home
Legal

Privacy Policy

How Gambit - Store Advisor collects, uses, and protects information when you install or use our Shopify application.

Effective 15 June, 2026Last updated 15 June, 2026

Gambit is operated by Gambit Technologies, LLC, an Illinois limited liability company (“Gambit,” “we,” “us,” or “our”).

This Privacy Policy explains how we collect, use, disclose, retain, and protect information when Shopify merchants install or use the Gambit application, access our website, communicate with us, or otherwise use our services.

For purposes of this Privacy Policy:

“Merchant” means the Shopify store owner or business that installs or uses Gambit.

“Merchant Data” means information relating to a Merchant, its Shopify store, authorized users, products, theme, app configuration, and use of Gambit.

“Customer Data” means information relating to visitors or customers of a Merchant’s Shopify storefront that Gambit processes on behalf of the Merchant.

“Services” means the Gambit Shopify application, website, dashboard, analytics, recommendations, theme-related functionality, and related services.

1. Our Role

Gambit helps Shopify merchants analyze their storefronts and identify conversion rate optimization opportunities.

For information relating to Merchants, Merchant representatives, app users, website visitors, and support contacts, Gambit generally acts as a data controller or business.

When Gambit processes Customer Data solely to provide the Services to a Merchant, the Merchant is generally the data controller or business, and Gambit acts as its processor or service provider. In those cases, we process Customer Data according to the Merchant’s instructions, our agreement with the Merchant, Shopify’s applicable requirements, and applicable law.

Merchants are responsible for providing any legally required privacy notices to their own customers and visitors, obtaining any legally required consents, and configuring applicable Shopify privacy and consent settings.

2. Information We Collect

The information we collect depends on how a Merchant installs, configures, and uses Gambit.

2.1 Merchant and Account Information

When a Merchant installs or uses Gambit, we may collect:

  • Shopify store name, store domain, store URL, and store identifier;
  • Merchant name, business name, email address, and contact information;
  • App installation, authentication, usage, and uninstallation timestamps;
  • Subscription, plan, billing status, and transaction-related information;
  • App settings, preferences, and configuration choices;
  • Support messages, feedback, and communications with us; and
  • Other information the Merchant or its authorized users provide to us.

Payment processing may be handled by Shopify or other payment providers. Gambit does not store complete payment card numbers.

2.2 Store and Product Information

To provide the Services, Gambit may collect or access information from a Merchant’s Shopify store, including:

  • Product names, descriptions, images, variants, prices, collections, and product identifiers;
  • Storefront content, navigation, page structure, templates, sections, theme files, theme settings, app embeds, and layout information;
  • Store performance, conversion, and revenue-related metrics;
  • Drafts, recommendations, previews, changes, and rollback-related information; and
  • Other store information reasonably necessary to analyze the storefront and provide recommendations.

Gambit only requests Shopify permissions that are reasonably necessary to provide the Services.

2.3 Storefront Interaction and Performance Data

If enabled by the Merchant, Gambit may collect or receive limited information about how visitors interact with the Merchant’s storefront. This may include:

  • Page views;
  • Product views;
  • Add-to-cart events;
  • Checkout or purchase-related conversion events;
  • Referring URLs;
  • Device type, browser type, and operating system;
  • Approximate location derived from IP address;
  • Session or event identifiers;
  • Date and time of interaction; and
  • Performance, diagnostic, and error information.

For the MVP version of Gambit, the Services are designed to avoid collecting directly identifying customer information such as customer names, email addresses, phone numbers, postal addresses, payment card information, or complete payment details, unless clearly disclosed and required for a specific future feature.

Some event, session, device, or technical information may still be considered personal information under applicable privacy laws.

2.4 Technical Information

When a person visits our website, accesses the Gambit dashboard, or uses the Services, we may collect technical information, including:

  • IP address;
  • Browser type and version;
  • Device type;
  • Operating system;
  • Login and session activity;
  • Pages or features accessed;
  • Date and time of access;
  • Referring URLs;
  • Error logs;
  • Performance logs; and
  • Security and diagnostic information.

2.5 Information from Third Parties

We may receive information from:

  • Shopify and Shopify APIs;
  • Merchants and their authorized users;
  • Hosting, analytics, infrastructure, security, email, customer-support, and artificial intelligence service providers;
  • Merchant-authorized integrations; and
  • Publicly available sources, where permitted by law.

3. How We Use Information

We use information to:

  • Provide, operate, maintain, and secure Gambit;
  • Connect Gambit to a Merchant’s Shopify store;
  • Analyze storefront structure, theme layout, product pages, and conversion opportunities;
  • Generate conversion rate optimization recommendations;
  • Create draft changes, previews, explanations, or proposed improvements;
  • Measure the performance and impact of recommendations or changes;
  • Provide rollback, versioning, or recovery functionality;
  • Authenticate users and administer accounts;
  • Process subscriptions, billing, and app usage;
  • Provide customer support;
  • Respond to questions and requests;
  • Send service, security, billing, and administrative communications;
  • Improve, debug, and develop the Services;
  • Monitor reliability, prevent abuse, detect fraud, and protect the security of the Services;
  • Create aggregated or deidentified analytics;
  • Enforce our agreements and protect our rights; and
  • Comply with legal, tax, accounting, regulatory, and Shopify platform obligations.

We do not use Customer Data for purposes materially unrelated to providing and improving Gambit for Merchants, except where required by law or expressly authorized by the applicable Merchant.

4. Artificial Intelligence and Store Recommendations

Gambit may use artificial intelligence and machine learning technologies to analyze storefronts, identify optimization opportunities, generate recommendations, and assist with proposed storefront improvements.

Depending on the feature, information processed by AI systems may include store content, product information, theme or layout information, performance metrics, Merchant instructions, and related technical context.

For the MVP version of Gambit, we do not intentionally submit directly identifying customer information, such as customer names, email addresses, phone numbers, postal addresses, payment details, or complete payment information, to artificial intelligence providers.

Gambit is designed to provide recommendations, explanations, previews, drafts, or proposed improvements. Gambit does not publish live storefront changes without Merchant authorization.

AI-generated recommendations may be incomplete, inaccurate, or inappropriate for a particular store. Merchants are responsible for reviewing recommendations, previews, drafts, and proposed changes before relying on them or publishing them to a live storefront.

We do not permit our third-party artificial intelligence providers to use Merchant Data or Customer Data submitted by Gambit to train general-purpose artificial intelligence models, unless we clearly disclose otherwise and obtain any legally required authorization.

Gambit does not use automated processing to make decisions about individuals that produce legal or similarly significant effects.

Where the GDPR, UK GDPR, or similar laws apply, we process personal information under one or more of the following legal bases:

  • Performance of a contract: To provide the Services requested by a Merchant.
  • Legitimate interests: To operate, secure, maintain, analyze, and improve the Services; prevent fraud; communicate with users; and support our business.
  • Legal obligations: To comply with applicable legal, tax, accounting, regulatory, and law-enforcement obligations.
  • Consent: Where we specifically request consent, including for certain marketing communications or nonessential tracking technologies.

When we process Customer Data on behalf of a Merchant, the Merchant is responsible for identifying the applicable legal basis for collecting and using that Customer Data.

6. How We Share Information

We do not sell personal information.

We may share information with the following categories of recipients:

6.1 Shopify

We share and receive information from Shopify as necessary to install, authenticate, operate, bill for, and support the Services, and to respond to Shopify privacy and compliance requests.

6.2 Service Providers and Subprocessors

We may share information with vendors that help us provide the Services, including providers of:

  • Cloud hosting and infrastructure;
  • Databases and storage;
  • Artificial intelligence processing;
  • Analytics and performance monitoring;
  • Error logging and diagnostics;
  • Authentication and security;
  • Email and communications;
  • Customer support;
  • Billing and subscription management; and
  • Legal, accounting, compliance, or professional services.

These providers are authorized to process information only as necessary to provide services to Gambit and are subject to contractual obligations where required by law.

A current list of material subprocessors is available upon request by contacting us at Sergio@trygambit.com.

6.3 Merchant-Authorized Integrations

We may share information with third parties when a Merchant directs us to enable an integration or otherwise authorizes the disclosure.

6.4 Business Transactions

We may share information in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar transaction, subject to appropriate confidentiality protections.

6.5 Legal and Safety Reasons

We may share information when we reasonably believe disclosure is necessary to:

  • Comply with applicable law, regulation, legal process, or governmental request;
  • Enforce our agreements;
  • Protect the rights, property, security, or safety of Gambit, Shopify, Merchants, customers, or others;
  • Detect, prevent, or investigate fraud, abuse, security incidents, or technical issues; or
  • Establish, exercise, or defend legal claims.

7. Sale, Sharing, and Advertising Use

Gambit does not sell Merchant Data or Customer Data for monetary consideration.

Gambit does not use Merchant Data or Customer Data for cross-context behavioral advertising or targeted advertising across unaffiliated merchants.

Our public website may use analytics or advertising technologies to understand website usage and improve our marketing. Where required by law, we provide applicable notice and choice for those technologies.

8. Cookies and Similar Technologies

We may use cookies, pixels, local storage, scripts, SDKs, and similar technologies.

8.1 Gambit Website and Dashboard

On our website and dashboard, these technologies may be used to:

  • Authenticate users;
  • Maintain sessions;
  • Remember preferences;
  • Protect accounts and prevent abuse;
  • Measure usage and performance;
  • Diagnose errors; and
  • Improve the Services.

8.2 Merchant Storefronts

If a Merchant enables storefront measurement features, Gambit may use Shopify-supported scripts, pixels, app embeds, customer event APIs, session identifiers, or similar technologies to measure storefront events and evaluate performance.

Merchants are responsible for disclosing Gambit’s use of these technologies in their own privacy policies and for obtaining any legally required consents from their customers or visitors.

Where supported, Gambit will process applicable consent signals made available through Shopify privacy tools or Merchant configurations.

9. Data Retention

We retain information only for as long as reasonably necessary for the purposes described in this Privacy Policy, including providing the Services, maintaining security, resolving disputes, enforcing agreements, and satisfying legal, tax, accounting, regulatory, and Shopify platform obligations.

Retention periods vary depending on the type of information and the reason for processing.

After a Merchant uninstalls Gambit:

  • We delete or deidentify Merchant Data and Customer Data from active production systems within 30 days, unless a shorter period is required by a valid Shopify privacy request or a longer period is legally required;
  • Residual copies may remain in encrypted backups for up to 90 days and will not be restored to active systems except for disaster recovery, security, or legal purposes;
  • Billing, tax, accounting, fraud-prevention, security, and legal records may be retained for longer where reasonably necessary or legally required; and
  • Aggregated or deidentified information that cannot reasonably be used to identify a person or Merchant may be retained.

10. Security

We use administrative, technical, and organizational safeguards designed to protect information from unauthorized access, loss, misuse, alteration, or disclosure.

These safeguards may include:

  • Encryption in transit;
  • Encryption at rest where appropriate;
  • Access controls;
  • Authentication controls;
  • Role-based and least-privilege access;
  • Logging and monitoring;
  • Backups and recovery procedures;
  • Vendor-security reviews;
  • Secure development practices; and
  • Incident-response procedures.

No method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

11. International Data Transfers

Gambit Technologies, LLC is based in the United States. We and our service providers may process information in the United States and other countries that may have data protection laws different from those in the country where the information was collected.

Where required, we use legally recognized safeguards for international transfers, which may include adequacy decisions, Standard Contractual Clauses, the UK International Data Transfer Addendum, or other approved transfer mechanisms.

12. Privacy Rights

Depending on location and applicable law, individuals may have rights to:

  • Request access to personal information;
  • Request correction of inaccurate personal information;
  • Request deletion of personal information;
  • Request restriction of processing;
  • Object to certain processing;
  • Request data portability;
  • Withdraw consent where processing is based on consent;
  • Opt out of certain sales, sharing, or targeted advertising, where applicable;
  • Appeal a privacy-rights decision, where applicable; and
  • Lodge a complaint with a data-protection authority.

These rights may be subject to legal limitations and exceptions. We may need to verify a requester’s identity and authority before completing a request.

We will not discriminate against individuals for exercising applicable privacy rights.

Merchant Representatives

Merchant representatives may submit privacy requests by contacting us at Sergio@trygambit.com.

Storefront Customers and Visitors

Gambit generally processes Customer Data on behalf of the applicable Merchant. Storefront customers and visitors should first direct privacy requests to the Merchant whose storefront they visited or from whom they purchased.

When we receive a valid privacy request from Shopify or a Merchant concerning Customer Data, we will assist the Merchant and process the request as required by applicable law, Shopify requirements, and our contractual obligations.

13. Shopify Privacy Requests

Gambit supports Shopify’s required privacy and compliance processes, including requests concerning:

  • Access to customer data;
  • Deletion of customer data; and
  • Deletion of shop data after uninstallation.

We authenticate and process valid Shopify privacy requests in accordance with Shopify requirements and applicable law.

14. Children's Privacy

Gambit is intended for businesses and is not directed to children.

We do not knowingly collect personal information directly from children under 13 through our website or dashboard. Merchants are responsible for ensuring that their own storefronts comply with applicable children’s privacy laws.

If you believe a child has provided personal information directly to Gambit in violation of applicable law, please contact us at Sergio@trygambit.com.

15. Third-Party Services

The Services may link to or integrate with Shopify and other third-party services. Those third-party services are governed by their own privacy policies and terms.

Gambit is not responsible for the independent privacy practices of third parties, except where required by applicable law.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to the Services, our data practices, legal requirements, or Shopify requirements.

When we update this Privacy Policy, we will revise the “Last Updated” date above. Where required by law or where changes are material, we will provide additional notice through the Services, by email, or by another appropriate method.

Continued use of the Services after an updated Privacy Policy becomes effective means that the updated Privacy Policy applies to the continued use of the Services.

17. Contact Us

If you have questions about this Privacy Policy or wish to submit a privacy request, please contact us:

Gambit Technologies, LLC

Illinois, United States

Email: Sergio@trygambit.com