Data Deletion

Etovi Pty Ltd (ACN 697 881 940, ABN 56 697 881 940, trading as "Etovi") provides this page to describe how you can request deletion of personal data we hold about you. It complements our Privacy Policy, which sets out the broader framework governing how we collect, use, and protect personal data.

Personal data may reach Etovi via three different relationships. The route to request deletion depends on which applies to you:

• If you are an Etovi merchant (you signed up directly for a Etovi workspace and connected your Shopify store, ad accounts, etc.), see Section A below.
• If you are a customer of an Etovi merchant (you bought something from a Shopify store that uses Etovi for analytics), see Section B.
• If you connected your account via Meta or Google (e.g. you authorised Etovi to read your Meta Ads or Google Ads account), see Section C.

If you are a Etovi merchant, you can:

• Self-serve via the dashboard: sign in → Settings → Account → request workspace deletion. (When the account-deletion path is enabled in product, this option becomes the fastest route.)
• Email request: send a deletion request from the email address registered on your Etovi account to privacy@etovi.aiwith the subject line "Data Deletion Request". Include your workspace name and the Shopify shop domain (if any) you want deleted.
• Uninstall + Shopify redact: if you uninstall the Etovi Shopify app, Shopify automatically fires a shop/redact webhook approximately 48 hours later. On receipt we delete all merchant-owned data for that shop within 30 days, in accordance with our retention schedule.

On receipt of a valid deletion request, we will delete or irreversibly anonymise within 30 days:

• Your workspace and account profile
• OAuth tokens for connected platforms (already encrypted at rest)
• Order, customer, product, inventory, and ad-performance data ingested for your workspace
• AI agent memory entries, generated assets, and audit logs attributable to your workspace

Encrypted backups may retain copies for up to 30 additional days before they are permanently deleted on rotation.

If you are a customer of a Shopify store that uses Etovi, the most direct route is via the merchant. Most merchants can use Shopify's built-in customer data tools, which automatically notify Etovi:

• customers/data_request webhook — when a merchant or you, via the merchant, requests an export, Shopify fires this webhook to Etovi. We respond within the window required by applicable law and Shopify's policy.
• customers/redact webhook — Shopify fires this webhook 10 days after a customer redaction request. On receipt, we redact identifying fields (first name, last name) for that customer across our database. Email addresses we hold are already SHA-256 hashed at the moment of ingestion, so no plaintext email exists to redact.

You can also email privacy@etovi.ai directly. Include the merchant store's domain (e.g. example.myshopify.com) and the email address you used when buying from that store. We will route the request to the appropriate merchant and confirm completion.

If you authorised Etovi to access your Meta Ads or Google Ads account via OAuth, the OAuth token is the only personal data we typically hold for you (alongside the ad-account metadata your platform exposes to authorised apps).

• Revoke the OAuth grant on the source platform.Once revoked, Etovi can no longer call the platform on your behalf, and the existing token in our database becomes useless.
  Meta: facebook.com → Settings & Privacy → Apps and Websites → remove "Etovi".
  Google: myaccount.google.com → Security → Third-party apps with account access → remove "Etovi".
• Email us at privacy@etovi.ai from the email address associated with the OAuth grant. State which integration you want deleted (Meta, Google, or both) and the workspace it was linked to. We will:
  • Revoke the token from our side
  • Delete account-level metadata associated with the integration
  • Confirm completion within 30 days (typically much sooner)

We aim to action deletion requests within 30 days of receipt. Where the request is complex or the volume of simultaneous requests is high, we may extend by up to 60 additional days and will notify you of the extension.

We confirm completion via reply to the email address you contacted us from. For Shopify-fired GDPR webhooks (which arrive machine-to-machine), we acknowledge receipt to Shopify immediately and complete the deletion within the regulated timeframe; you can verify completion via Shopify's privacy tools.

Some data may be retained even after a deletion request, where retention is required by law or necessary to protect our rights or those of third parties. This includes:

• Operational audit logs (workspace identifiers, no customer PII) for up to 12 months for security investigation
• Records required for tax, accounting, or anti-fraud purposes, for the period required by Australian law
• Information already incorporated into aggregate, irreversibly anonymised data sets used for benchmarking (no individual user is identifiable in such data)

• Legal entity: Etovi Pty Ltd
• Australian Company Number (ACN): 697 881 940
• Australian Business Number (ABN): 56 697 881 940
• Privacy enquiries: privacy@etovi.ai

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au), or with your local data protection authority if you are in the EEA, UK, or another jurisdiction.