Logo

Privacy Policy – FINCORY

Effective as of 4/11/2026
1. Definitions

For the purposes of this Privacy Policy, the following terms are defined as follows:

FINCORY application: refers to the application installed by merchants on their Shopify store, allowing the creation of retargeting campaigns based on store data (customer segments, orders, products, stock, prices).

Merchant: refers to the professional client who has installed the FINCORY Application on their Shopify store.



2. Purpose

The purpose of this privacy policy is to inform Shopify merchants using the FINCORY application, hereinafter referred to as “Merchants,”

about the conditions under which personal data is processed, in accordance with Regulation (EU) 2016/679 on the protection of personal data and the free movement of such data (hereinafter “the GDPR”) and Shopify's requirements regarding customer data.

FINCORY collects:

  • certain professional data of Merchants, strictly necessary for the commercial relationship, invoicing, or technical support;
  • data of Merchants' customers, intended to enable Merchants to trigger targeted marketing actions based on purchase history, in strict compliance with the principles defined by the GDPR.

For more information on the terms and conditions of use of the Application, please refer to our Terms and Conditions of Use.



3. Data Controller

The processing of personal data is carried out by FINCORY.

Simplified joint-stock company (SAS) with a share capital of €1,000, registered with the Paris Trade and Companies Register under number 987 625 522.

Head office: 5 rue François Bonvin, 75015 Paris – France.

Email : contact@fincory.com

FINCORY acts as data controller for the collection, segmentation and management of end-user data, in compliance with the GDPR.

Merchants, for their part, remain responsible for any processing they initiate based on the segments provided via the FINCORY Application.

FINCORY does not process any Merchant data for targeting or profiling purposes. Only technical and contractual information necessary for the use of the Application (such as name, email, and store ID) is retained.



4. Data collected from the Merchants' customers

4.1. Data concerned

FINCORY only uses data collected by the Merchant itself, such as the surname, first name, and email address of the persons concerned. FINCORY does not store this data.

Information related to customers' purchase history, such as delivery addresses, products purchased, and purchase dates, may also be used for targeting purposes.

4.2. Origin of data

The data is obtained, with consent, with the Merchant's authorization via the website administration interface. FINCORY does not collect any data directly from customers.

4.3. Storage

FINCORY does not store any personal data belonging to the Merchant's customers. The data stored by FINCORY is only related to commercial actions initiated by the merchant (such as the title of marketing campaigns sent, dates, and customer segments concerned).



5. Purpose of Data Processing

Analized data is processed solely for the following purposes.

  • Building behavioral customer segments (e.g., frequent buyers, inactive customers, premium clients);
  • Triggering personalized offers defined by the Merchant (e.g., discount, gift, exclusive access);
  • Performing aggregated analyses of customer behavior for loyalty, reactivation, or marketing optimization purposes.

FINCORY never uses the data for any other purposes, such as credit scoring or advertising on behalf of third parties. All marketing actions enabled by FINCORY are carried out exclusively for the benefit of the Merchant and directed toward their own customers.



6. Legal Basis

The processing is based on the obligations established by the General Data Protection Regulation in accordance with the requirements of the directive.



7. Profiling of Data Subjects and Associated Rights

FINCORY implements automated processing for marketing segmentation purposes, based on the Merchant's customer purchase history.

These segments are transmitted to the Merchant to trigger, at their discretion, personalized offers.

In accordance with Article 13(2)(f) of the GDPR, every data subject has the right:

  • to know the criteria and general logic that led to their classification in a segment;
  • to know the general segmentation logic implemented (e.g., frequency, amount, type of spending);
  • and to object to its use in the context of automated decision-making.

FINCORY allows data subjects to exercise their rights as described in Article 10 of this Privacy Policy.



8. Data Retention Period

Professional data relating to Merchants is retained for the entire duration of the contract between the Merchant and FINCORY and may be archived beyond that period in the event of a legal obligation (e.g., accounting or tax purposes).



9. Data Recipients

Data is collected from Merchants using FINCORY. Data processing takes place exclusively between each Merchant and FINCORY.

FINCORY never shares data between Merchants.

FINCORY does not market, resell, or transfer data to unauthorized third parties.



10. Data Security, Integrity and Hosting

In accordance with Article 32 of the GDPR, FINCORY implements appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of the personal data processed. FINCORY applies the following security measures:

  • Data pseudonymization;
  • Encryption: all data is systematically encrypted in transit.
  • Restricted access to data through strong authentication;
  • Complete logging of access to protected data;
  • Strict separation of environments (dev/test/production);
  • Secure, auditable backups;
  • Documented incident response procedures.

FINCORY complies with the security requirements imposed by Shopify for levels 1 and 2 of protected customer data, as described in the official Shopify API Access Scopes and App Store Requirements documentation.

Data is hosted exclusively in the European Union.

Additional processing is carried out on Fly.io infrastructure (data center located in Paris - CDG).

No data is transferred outside the European Union.



11. Rights of Data Subjects

In accordance with Articles 15 to 22 of the GDPR, you have the following rights:

  • Access: Obtain a free copy of all personal data processed;
  • Rectification: Correct inaccurate or incomplete information;
  • Erasure: Request the deletion of your data. This can also be done directly via our public portal: https://www.fincory.com/consent
  • Objection: Refuse any processing, including profiling, without needing to justify your request;
  • Portability: Retrieve your data in a structured and readable format;
  • Restriction: Temporarily limit the processing of your data;
  • Information: Understand the criteria and general logic that led to your inclusion in a segment;
  • Automated decision-making: Be informed, contest a decision, and request human intervention;
  • Complaint: File a complaint with the CNIL (www.cnil.fr) if you believe your rights are not being respected.

To exercise these rights, data subjects may send their request to: contact@fincory.com.

The request must clearly specify the nature of the right being exercised (e.g., access, objection, erasure, information on segmentation, etc.).

A copy of a valid ID may be requested only when the nature of the request justifies it, particularly in the following cases:

  • Access: To obtain a free copy of all your personal data being processed;
  • Rectification: To correct inaccurate or incomplete data;
  • Objection: To object to a specific data processing activity or to an automated decision;
  • Request for explanation: To understand the logic behind the applied segmentation;
  • Portability: To retrieve your data in a structured, machine-readable format;
  • Restriction: To temporarily suspend the processing of your data;
  • Information: To know the criteria and general logic behind your segment classification;
  • Automated decision: To contest an automated decision, request an explanation or human intervention, or refuse the application of the segment;
  • Access to assigned segment: To request access to the segment you have been assigned to.

FINCORY is committed to responding within a maximum of 30 days, in accordance with Article 12 of the GDPR.



12. Changes to This Policy

This policy may evolve based on regulatory or technical changes.

In the event of a substantial update, FINCORY will inform users:

  • via its website,
  • and, where applicable, by email for Merchants with whom a direct contractual relationship exists.