Legal Document
Privacy Policy
01
Overview
Exit Ecom ("we," "us," or "our") operates exitecom.com and the dashboard at dash.exitecom.com (collectively, the "Platform"). We help e-commerce founders understand, prepare, and optimise their businesses for acquisition.
This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using the Platform, you agree to the practices described here.
Exit Ecom processes sensitive financial and business data. We treat that data with the same confidentiality a professional M&A advisor would extend to a client.
02
Data We Collect
Account & Identity Data
Name, email address, and password (hashed)
Business name and country of operation
Billing details (processed by our payment provider; we do not store full card numbers)
Business & Financial Data
Shopify store data accessed via OAuth: orders, products, customers, inventory, refunds, analytics
Ad platform data from Meta Ads, Google Ads, TikTok Ads, and Snapchat Ads: spend, ROAS, CPA, campaign metrics
Profit & Loss statements and financial documents you upload (CSV, PDF)
Manually entered figures: COGS, margins, fixed costs, supplier details
Google Analytics (GA4) session and conversion data where connected
Usage & Technical Data
IP address, browser type, operating system
Pages visited, features used, time spent on the Platform
Crash reports and error logs
Communications Data
Messages sent to our support team
Responses to onboarding questionnaires and surveys
03
How We Collect Data
Directly from you — when you create an account, answer onboarding questions, or upload files
Via OAuth integrations — when you authorise Exit Ecom to connect to Shopify, Meta, Google Ads, or other third-party platforms
Automatically — through cookies, server logs, and analytics tools as you browse the Platform
From third parties — payment processors and identity verification services as needed
04
How We Use Your Data
Generate your Exit Readiness Score, valuation range, and risk analysis
Produce your personalised de-risk roadmap and optimisation recommendations
Build and maintain your data room
Process payments and manage your subscription
Send transactional emails (account confirmations, report notifications) and, with your consent, marketing communications
Improve our internal proprietary AI scoring models using aggregated and anonymised data. We strictly prohibit the use of your raw business, financial, or end-customer data to train public or third-party foundational AI models.
Comply with legal obligations and enforce our Terms of Service
Prevent fraud and ensure platform security
We do not sell your business data to buyers, brokers, or any third parties. Buyer introductions occur only with your explicit consent as part of the exit advisory layer.
05
Legal Basis for Processing
Where UK GDPR or equivalent privacy law applies, we rely on the following legal bases:
Contract — processing necessary to deliver the services you signed up for
Legitimate interests — improving the Platform, preventing fraud, and ensuring security
Consent — marketing emails and non-essential cookies (you may withdraw consent at any time)
Legal obligation — where we must retain or disclose data under applicable law
06
Sharing Your Data
We share data only in the following circumstances:
Service Providers
We engage trusted third-party processors (cloud hosting, AI inference, payment processing, email delivery, analytics) under Data Processing Agreements that restrict how they may use your data.
With Your Consent
If you opt in to buyer introductions or exit advisory services, we will share relevant business information with verified, vetted acquisition parties. You control this entirely.
Legal Requirements
We may disclose data if required by law, court order, or to protect the rights and safety of Exit Ecom, our users, or the public.
Business Transfers
In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.
We never sell personal or business data to advertisers or data brokers.
07
Data Retention
We retain your data for as long as your account is active or as needed to provide our services. Upon account deletion:
Business and financial data is deleted within 30 days
Backup copies are purged within 90 days
Anonymised, aggregated data may be retained indefinitely for product improvement
Financial transaction records are retained for 7 years to meet accounting and legal obligations
08
Your Rights & Webhook Compliance
Depending on your jurisdiction, you may have the following rights:
Access — request a copy of the personal data we hold about you
Rectification — correct inaccurate or incomplete data
Erasure — request deletion of your data ("right to be forgotten")
Restriction — ask us to limit processing in certain circumstances
Portability — receive your data in a structured, machine-readable format
Objection — object to processing based on legitimate interests or for direct marketing
Withdraw consent — where processing relies on consent, withdraw it at any time
Shopify Privacy Webhooks: We fully comply with Shopify’s mandatory privacy requirements. If an end-customer requests data access (customers/data_request) or deletion (customers/redact), or if you choose to delete our app (shop/redact), our systems automatically process and execute these requests within the legally mandated timeframes.
09
Security
We implement industry-standard safeguards to protect your data:
TLS encryption for all data in transit
Encryption at rest for stored financial documents and business data
Role-based access controls limiting internal access to your data
Regular security reviews and penetration testing
OAuth token storage with minimal required scopes
No system is impenetrable. If we become aware of a data breach affecting your rights, we will notify you without undue delay in accordance with applicable law.
10
International Data Transfers
While Exit Ecom serves a global market and primarily adheres to UK GDPR compliance standards, our core technical development, administration, and support operations are located in Pakistan. Consequently, your data may be transferred to and processed outside the United Kingdom and the European Economic Area (EEA).
When this cross-border transfer occurs, we ensure appropriate safeguards are strictly enforced. We rely on legally recognised mechanisms, specifically Standard Contractual Clauses (SCCs) and robust Data Processing Agreements with our international team members and sub-processors, to guarantee that your data receives an equivalent level of protection as mandated within the UK and EEA.
11
Children
The Platform is intended solely for business owners and professionals aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe we have done so in error, contact us immediately at privacy@exitecom.com.
12
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a prominent notice on the Platform at least 14 days before the changes take effect. Your continued use of the Platform after that date constitutes acceptance of the updated policy.
13
Contact
For privacy-related questions, data requests, or complaints:
Email: privacy@exitecom.com
Website: exitecom.com
If you are located in the UK and are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).
ExitEcom