Last updated: December 18, 2025

Privacy Policy

This Privacy Policy explains how Intern Charlie collects, uses, and protects information when you use our website, Shopify app, and Google OAuth connections.

Terms of Service|Dansk

We only request the minimum read-access scopes needed from Shopify and Google to generate analytics summaries and video recaps.

Data is used to provide the service, improve reliability, and comply with legal obligations. We do not sell user or store data.

You can disconnect Google access, uninstall the Shopify app, or email us to delete data. We remove OAuth tokens when you disconnect the connection in the app.

Data we collect

  • Account and contact information: name, email, and authentication details you provide when creating or signing in to an account.
  • Shopify data (read-only): store domain, store metadata, orders, products, customers, and analytics metrics provided through approved scopes.
  • Google OAuth data (read-only): connected Analytics accounts, reporting metrics, property metadata, and OAuth tokens to access them.
  • Product usage and device data: log data, IP address, browser/device information, and cookies for security and performance.

How we use data

  • Provide the service: generate insights, analytics dashboards, and video recaps based on connected Shopify and Google data.
  • Security and reliability: prevent abuse, monitor uptime, and protect accounts.
  • Support and communication: respond to support requests and send important operational notices.
  • Compliance: meet legal, accounting, and audit requirements.

Legal bases (EEA/UK)

  • Performance of a contract: to deliver the Shopify app and Google-connected analytics you asked us to provide.
  • Legitimate interests: improving the service, keeping it secure, and preventing fraud, balanced against your rights.
  • Consent: for optional cookies/marketing (where shown) and for connections you authorize.
  • Legal obligation: to comply with laws, court orders, or enforce our agreements.

Sharing and processors

  • Infrastructure, logging, and analytics providers that host the application and monitor performance.
  • Subprocessors (for example, email delivery) bound by written data protection agreements.
  • Professional advisors and authorities when required to meet legal obligations or defend legal claims.
  • We do not sell or rent personal data, and we do not permit processors to use data for their own marketing.

Retention

  • Account data is kept while you have an account and for a reasonable period afterward to comply with legal requirements.
  • Shopify and Google OAuth tokens are deleted immediately when you revoke access or uninstall the app.
  • Aggregated analytics may be kept without identifiers after accounts are closed.
  • Server logs and backups are retained for a limited time for security and recovery purposes.

Your choices and rights

  • Disconnect or revoke Google access at any time from your Google Account permissions page.
  • Uninstall the Shopify app to stop new data sharing; to remove stored data, contact us and we will delete data we no longer need.
  • Request access, correction, deletion, or export of your personal data by emailing us.
  • Object to certain processing or withdraw consent where applicable; you can also lodge a complaint with your local supervisory authority.

Shopify merchant data

  • We request read-only scopes needed to surface revenue, orders, and product performance; we do not change store settings or process payments.
  • Data received from Shopify is used only to provide analytics, insights, and video recaps to you.
  • If you disconnect the Shopify connection or request deletion, we remove tokens and associated store data that are no longer necessary, except where retention is required by law.

Google user data

  • We use Google OAuth only to read the Analytics resources you select so we can generate dashboards and insights.
  • Google data is not transferred to third parties except to subprocessors acting on our behalf under data protection terms.
  • The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Security

  • Encryption in transit (HTTPS) and restricted, role-based access to production systems.
  • Least-privilege access to customer data and monitoring for unusual activity.
  • Vendor due diligence and data processing agreements with subprocessors.

Contact

If you have questions about privacy or these terms, reach out and we will respond promptly.

Email:
privacy@interncharlie.com

Need the short version?

We collect only the data required to generate your insights, keep it secure, and let you leave anytime.

Privacy PolicyTerms of Service