Privacy Policy
Last updated: March 2026
1. Introduction
Welcome to Kitenzo Ltd ("we," "our," "us").
Kitenzo Ltd. Company number 15839157. Registered address: The Island House The Island, Midsomer Norton, Radstock, England, BA3 2DZ.
We are committed to protecting and respecting your privacy and ensuring that your personal information is handled in a safe and responsible manner. This privacy policy ("Privacy Policy") and any other documents referred to in it, sets out the basis on which we collect and process your personal data as a data controller when you use our website, our app to create bundles, or our services.
Kitenzo ("App") provides a public application using the Shopify API ("Platform") for merchants operating on Shopify ("Merchant") to create product bundles. We operate all services in accordance with Shopify's privacy requirements and terms of use. You can read Shopify's privacy policy here.
Kitenzo's website, kitenzo.com ("Site"), provides information on the application and the services provided and enables users to contact the Kitenzo support team. By visiting our Site or installing the App and using the services listed on our Site you are accepting and consenting to the practices described in this Privacy Policy.
Please note this Privacy Policy does not apply where we provide services as a data processor under the GDPR on behalf of merchants.
2. Data Controller
For the purposes of EU and UK data protection laws and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together "Data Protection Law"), the data controller is Kitenzo Limited of The Island House The Island, Midsomer Norton, Radstock, England, BA3 2DZ.
3. Legal Basis for Processing
We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:
- To fulfil our contractual obligations to you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- To comply with a legal obligation.
To the extent we process your personal data for any other purposes, we ask for your consent in advance or require that our partners obtain such consent. Please note that country/region specific rules regarding consent may also apply, depending upon the jurisdiction in which you reside.
4. Personal Data We May Collect About You
We may collect and process personal data about you. Personal data, or personally identifiable information, means any information about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).
When Kitenzo is installed, automatic access is granted to the following information from a merchant's Shopify account:
- Shop domain
- Shopify ID
- Merchant's Email
- Merchant's Name
Additionally, the following types of personal data are collected from merchants and their customers once an App has been installed:
- User Agent of everyone who purchases any bundle
- Customer name, e-mail address, phone number, physical address, geolocation, and browser user agent of every customer who purchases any bundle
Data Categories
We have grouped the different types of information that we collect from merchants, customers and user agents ("you") together as follows. This also includes the types of data that we collect from users of our Site:
- Identity Data: includes email addresses, first name, last name, title, username, MyShopify.com URL or similar identifier.
- Contact Data: includes home address, billing address, delivery address, email address and telephone numbers.
- Financial Data: includes access to bank account and payment card details. Note: we only ever handle tokenised details, never account details or actionable data.
- Transaction Data: includes details about payments to and from us and/or you and other details of products and services purchased.
- Technical Data: includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices used to access the Site or the App.
- Profile Data: includes username, purchases or orders made, interests, preferences, feedback and survey responses.
- Usage Data: includes information about how customers and merchants use our Site and the App, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site and App (including date and time); products viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any emails used to contact our merchant support team.
- Marketing and Communications Data: includes your preferences in receiving marketing from us and our third parties and customer and merchant communication preferences.
- Aggregated Data: We also collect, use and share statistical or demographic data for any purpose. This Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Special Category Data: We do not collect, store or use special category data about you. (This is details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.)
If you fail to provide personal data: Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you use, but we will notify you if this is the case at the time.
5. How Personal Data Is Collected
We use different methods to collect data from and about you including via:
- Direct Interactions: You may give us your Identity, Contact and Financial Data when you fill in forms or correspond with us by post, phone, email or otherwise. This includes personal data you provide when you register to use our Site or to receive our newsletter, subscribe to use or when you install our App, create an account, request marketing to be sent to you, search for a product or place an order, participate in discussion boards or other social media functions, enter a competition, promotion or survey, attend a conference or webinar, give us feedback or contact us and when you report a problem with our Site or App.
- Purchases: If you make purchases via our Site or within the App, or register for an event or webinar, we may require you to provide your Identity, Contact, Financial and Transaction Data.
- Community: If you register for an online community that we provide, we may ask you to provide us with Identity, Contact, Profile and Technical Data.
- Automated Technologies or Interactions: As you interact with our App, Site or emails, we automatically collect Technical Information about your device, browsing actions, patterns, Location Data and Usage Data. We collect this personal data by using cookies, server logs, web beacons, pixels, and similar technologies. We may also receive Technical Data and Location Data about you if you visit other websites using our cookies. Please see our Cookie Policy for further details.
6. Personal Data We Receive from Other Sources
We work closely with third parties (including business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive personal data about you from them:
- Google Analytics: tracks user behaviour and provides analytics. You can read more about how Google uses and protects personal information at policies.google.com/privacy.
- Shopify: We interact through Shopify first party and third party gateway providers in accordance with Shopify's privacy policy.
- Help Scout: provides email and in-app support services to merchants. See Help Scout's privacy policy.
- MailJet: provides email services to merchants. See MailJet's privacy policy.
- Gmail: provides email support services to merchants. See Google's privacy policy.
7. Mixpanel
We use Mixpanel, a product analytics service provided by Mixpanel Inc., to understand how users interact with our website and application. Mixpanel collects data such as page views, button clicks, feature usage, session duration, device type, browser type, operating system, and approximate location derived from your IP address. This data helps us improve our product experience and identify areas where users may encounter difficulties.
Mixpanel may use cookies and similar technologies to collect and store this information. Your IP address is anonymized before storage. Data collected by Mixpanel is processed and stored in the United States. You can opt out of Mixpanel tracking by visiting Mixpanel's opt-out page. For more information, see Mixpanel's Privacy Policy.
8. Personal Data We Collect from Other Sources
We also collect personal data about you from publicly available sources. We may combine this information with personal data provided by you. This helps us update, expand, and analyse our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you. The personal data we collect includes:
- Identity and Contact Data: from publicly available sources such as Companies House.
- Identity, Contact and Profile Data: that is published about you on social media profiles such as LinkedIn, Facebook, Instagram, X (Twitter), TikTok.
9. Cookies
We use cookies on our Site and in our App to distinguish you from other users. This information helps us to provide you with a good experience and also allows us to improve our Site and Apps. For full details on the cookies we use and how to manage them, please see our Cookie Policy.
10. Uses Made of Personal Data
We have set out below the ways we use your personal data and the legal bases we rely on to do so:
| Purpose | Data Types | Lawful Basis |
|---|---|---|
| Register you as a new customer | Identity, Contact | Performance of a contract with you |
| Process and deliver your order including managing payments, fees, charges and collecting money owed | Identity, Contact, Financial, Transaction, Marketing and Communications | Performance of a contract; Legitimate interests (to recover debts due to us) |
| Manage our relationship with you including notifying you about changes to our terms or Privacy Policy | Identity, Contact, Profile, Marketing and Communications | Performance of a contract; Legal obligation; Legitimate interests (to keep our records updated) |
| Enable you to use the Site and App, including subscription confirmation and updates | Identity, Contact, Profile, Transaction, Marketing and Communications | Performance of a contract; Legitimate interests (to enable you to use the App and Site) |
| Administer and protect our business and our Site | Identity, Contact, Technical | Legitimate interests (running our business, IT services, network security, fraud prevention); Legal obligation |
| Deliver relevant content and advertisements and measure effectiveness | Identity, Contact, Profile, Usage, Marketing and Communications, Technical | Legitimate interests (to study how customers use our products/services and inform our marketing strategy) |
| Use data analytics to improve our Site, Apps, marketing, customer relationships and experiences | Technical, Usage | Legitimate interests (to keep our website updated, develop our business and inform our marketing strategy) |
| Make suggestions and recommendations about goods or services of interest to you | Identity, Contact, Technical, Usage, Profile, Marketing and Communications | Legitimate interests (to develop our services and grow our business) |
We will not sell or rent your personal data to anyone. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
11. Disclosure of Your Personal Data
We may share your personal data with the following third parties:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Service providers: Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, including AWS, Google, Shopify, MailJet, Help Scout and Notion.
- Professional advisors: Lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
- Regulators and authorities: Tax authorities, regulators and other authorities who require reporting of processing activities in certain circumstances.
- Advertisers: We do not disclose personal data about identifiable individuals to our advertisers, but we may provide them with Aggregated Data about our users.
- Credit reference agencies: For the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may also disclose your personal data to third parties if we sell or buy any business or assets, if we or substantially all of our assets are acquired by a third party, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
12. International Transfers
Our Site and App are global and your personal data may be stored and processed in any country where we have operations, our staff are located or where we engage service providers. This will involve a transfer of your personal data to countries outside of your country of residence, where data protection rules are different from those of your country of residence.
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy. In particular this means that your personal data will only be transferred to a country that provides an adequate level of protection or where the recipient is bound by Standard Contractual Clauses according to conditions provided by the European Commission.
13. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All information you provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
14. Your Rights
You have the right under Data Protection Law, free of charge, to request:
- Access to your personal data
- Rectification or deletion of your personal data
- A restriction on the processing of your personal data
- Object to the processing of your personal data
- A transfer of your personal data (data portability) in a structured, machine readable and commonly used format
- Withdraw your consent to us processing your personal data, at any time
If you wish to exercise any of the above rights, please contact us using the details below. We will respond to such queries within 30 days and deal with requests in accordance with Data Protection Law.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We may need to request specific information from you to help us confirm your identity.
15. Marketing
We will send you marketing emails if you opt in to receive them when registering on our Site or for our App, or if you have enquired about or purchased any of our goods or services and you have not opted out.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can opt out at any time by clicking the "unsubscribe" link at the bottom of any marketing message. Once you opt out, you will no longer receive marketing messages from us. We will continue to communicate with you regarding your service billing and support via email.
16. Data Retention
We retain personal data for as long as reasonably necessary to fulfil the purposes for which it was provided or collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
After you have closed your account, uninstalled the app or ceased using the Site or App we redact the store information and app core data within 48 hours. Configuration data is stored for up to 2 years. Order data is automatically redacted on request in 14–60 days depending on payment method used.
We will retain some anonymised information after your account has been closed and we may use this for research or statistical purposes indefinitely without further notice to you.
17. Links to Other Websites
Our Site and App may contain links to and from the websites of our partner networks, Shopify merchants, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
18. Complaints
If you have any complaints about our use of your personal data, please contact us using the details below, or contact our appointed data representative in the EU DataRep at datarep.com/data-request. You can also contact your local data protection supervisory authority.
19. Age of Users
The Site and the App are not intended for and shall not be used by anyone under the age of 16. It is the responsibility of the merchant (not the App) to ensure age restrictions are enforced on selling products that require age limits.
20. Changes to Our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.
21. Contact Us
If you have any questions, comments or requests regarding our privacy practices or about this Privacy Policy, please contact us:
Kitenzo Limited
The Island House The Island, Midsomer Norton, Radstock, England, BA3 2DZ
Email: [email protected]
EU Data Representative: datarep.com/data-request