Farnsla Privacy & Data Protection Policy

Effective Date: 02/02/2025
Last Updated: 01/02/2026

This Privacy & Data Protection Policy explains how Farnsla (“Farnsla,” “we,” “our,” or “us”) collects, uses, shares, stores, and protects information when you use our website, applications, and services (collectively, the “Services”).

This Policy covers personal data relating to:

Merchants (store owners/admin users) who use Farnsla
Merchants’ customers and prospective customers
Visitors to merchant storefronts where Farnsla features may be used

By using our Services, you agree to this Policy.

1) Contact us

If you have questions or requests about privacy, contact: hello@farnsla.com

2) Definitions

Personal Data: information that identifies a person or can reasonably be linked to a person (e.g., name, email, customer ID, order total).
Merchant: a business or individual that uses Farnsla.
Merchant Customer: a person who purchases from or interacts with a Merchant.
Processing: anything done with Personal Data (collecting, storing, using, disclosing, deleting).

3) Our role when processing Merchant Customer data

When a Merchant uses Farnsla, the Merchant generally controls how Merchant Customer data is used for the Merchant’s store. In those cases, Farnsla processes Merchant Customer data to provide the Services to the Merchant and uses it only for the purposes described in this Policy and to operate the Services.

If you are a Merchant Customer and want to exercise rights about your data, you should typically contact the Merchant first (see Section 13).

4) Information we collect

We collect and process information to provide, secure, and improve the Services. The specific data depends on how the Services are used and which features are enabled.

A) Merchant account and admin information

Name, email address, account settings and preferences
Billing/contact information (if applicable)
Support requests, messages, and feedback

B) Store/integration information

Store identifiers and integration configuration required to operate the Services
Installation/uninstallation status and related operational events
Credentials/tokens needed to connect integrations (handled securely)

C) Merchant Customer and order-related information (only if required by enabled features)

Depending on the Merchant’s configuration and enabled features, we may process limited data such as:

Customer identifiers (e.g., customer ID), name, email (only if needed)
Order identifiers (e.g., order ID), order totals, currency, timestamps
Other order/storefront data only where necessary to deliver the Merchant’s selected features

D) Usage, device, and log data

IP address, device type, browser type, operating system
Pages/screens viewed within our Services, feature usage, timestamps
Error logs, diagnostics, and security-related events

E) Cookies and similar technologies

We may use cookies or similar technologies on our website and, if applicable based on enabled features, in connection with merchant storefront experiences to operate the Services, maintain security, remember preferences, and understand usage.

5) Data minimization and purpose limitation

We aim to:

process only the minimum Personal Data needed to provide the Services and the specific features a Merchant uses;
use Personal Data only for the purposes described in this Policy; and
restrict access to Personal Data to authorized personnel and service providers who need it to deliver the Services.

6) How we use information

We use Personal Data for the following purposes:

A) Provide and operate the Services

create and manage Merchant accounts
enable integrations and deliver requested features
provide customer support and troubleshooting

B) Maintain, secure, and improve the Services

monitor performance and fix bugs
prevent fraud, abuse, and unauthorized access
maintain service reliability and security

C) Communicate with you

send service-related communications (updates, security notices, policy changes)
respond to inquiries and support requests
send marketing communications where permitted (you can opt out)

D) Legal and compliance

comply with applicable laws and lawful requests
enforce our terms and protect rights, safety, and security

7) How we share information

We do not sell Personal Data.

We may share Personal Data only in the following situations:

A) Service providers (subprocessors)

We may share Personal Data with trusted vendors that help us operate the Services (for example: hosting, storage, email delivery, analytics/monitoring, customer support tooling, and payment processing if applicable). These vendors are permitted to use Personal Data only to provide services to us and must protect it.

B) Legal and safety

We may disclose information if required by law or if we believe disclosure is necessary to comply with legal obligations, respond to lawful requests, or protect the rights, safety, and security of users, Merchants, or the public.

C) Business transfers

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, Personal Data may be transferred as part of that transaction, subject to appropriate protections.

8) Cookies, consent, and preference choices

Where consent is required by applicable law or platform requirements, we aim to respect and apply relevant consent choices for the processing activities that rely on consent (such as certain analytics or advertising-related processing).

You can typically manage cookies through:

your browser settings (blocking or deleting cookies), and
any consent or preference tools we present in the Services where available.

9) Do Not Sell/Share and opt-out requests

We do not sell Personal Data.

Some privacy laws define “sale” or “sharing” broadly (including certain disclosures for targeted advertising). If you want to submit an opt-out request that may apply under those laws, contact us at hello@farnsla.com with the subject line: Do Not Sell/Share Request. We will process the request as required and will respond with next steps if we need additional information to complete it.

10) Automated decision-making

We do not use Personal Data for automated decision-making that produces legal or similarly significant effects on individuals as part of our Services.

11) Data retention and deletion

We retain Personal Data only for as long as necessary to:

provide and maintain the Services,
meet legal, accounting, or compliance requirements, and
protect the security and integrity of the Services (for example, retaining certain logs for troubleshooting and security).

When Personal Data is no longer needed for these purposes, we delete it or de-identify it, subject to legal and operational constraints.

A) Deletion timeline after uninstall or account deletion (30–60 days)

If a Merchant uninstalls the app or deletes their account, we start a deletion process for data related to that Merchant and the use of the Services. We aim to delete all related Personal Data within 30 to 60 days from the uninstall/account deletion date, unless:

we must retain certain information longer to comply with legal obligations (for example, tax, accounting, or law enforcement requests), or
retaining limited information for a longer period is necessary to prevent fraud, protect security, or resolve disputes.

If we retain data for these exceptions, we limit it to what is necessary and restrict access.

B) Typical retention by data category

Data category	Examples	Purpose	Typical retention
Merchant account data	name, email, settings	account management, service delivery	while account is active; deleted within 30–60 days after account deletion/closure (unless legally required)
Store/integration data	shop domain, configuration	run integration/features	while installed; deleted within 30–60 days after uninstall
Merchant Customer/order data (if enabled)	customer/order IDs, order totals	provide enabled feature(s)	processed only as needed; deleted within 30–60 days after uninstall/account deletion (unless required longer by law)
Usage/log data	IP, device, events, errors	security, diagnostics, service improvement	retained for 30–60 days, then deleted or de-identified (unless required longer for security/legal reasons)
Support data	messages, attachments	support and troubleshooting	retained for 30–60 days after ticket close, then deleted (unless legally required)

12) Data security

We use reasonable technical and organizational measures designed to protect Personal Data from unauthorized access, loss, misuse, alteration, or disclosure. These measures may include:

secure transmission methods (such as HTTPS/TLS) where applicable,
access controls and least-privilege practices,
monitoring and logging to detect suspicious activity, and
safeguards around storage systems used for the Services.

No system is completely secure, and we cannot guarantee absolute security, but we work to continuously improve our safeguards.

13) Your rights and choices

A) Merchants (account holders/admin users)

You may request to:

access, correct, or delete certain account data
receive a copy of certain information
opt out of marketing communications

B) Merchant Customers and storefront visitors

Where the Merchant controls your data (common for ecommerce transactions), the Merchant is typically the best point of contact for access, correction, and deletion requests. If you contact us directly, we may refer your request to the Merchant or assist where we are permitted or required.

To submit a privacy request, email hello@farnsla.com with the subject line: Privacy Request. We may ask for verification to protect against unauthorized requests.

14) International data transfers

We may process and store information in countries other than your own. Where required, we use appropriate safeguards for cross-border transfers.

15) Children’s privacy

Our Services are not intended for children under 13, and we do not knowingly collect Personal Data from children under 13. If we learn we have collected such data, we will take steps to delete it.

16) Changes to this Policy

We may update this Policy from time to time. We will post the updated version on our website and update the “Last Updated” date. If changes are material, we may provide additional notice where appropriate.

17) Merchant agreements

If you are a Merchant, additional terms may apply to your use of the Services, including data protection terms that govern how we process data on your behalf. If you need a copy of our merchant data protection terms, contact us at hello@farnsla.com.