Privacy Policy
1. Who we are
PBEcom (operating as Margr) is the data controller for the personal data you provide when using our service.
PBEcom
Sanderboutlaan 80l, 6171BE Stein, The Netherlands
start@margr.io
2. What we collect
We collect the following categories of data:
- Account data — your name, email address, and hashed password when you register
- Shopify store data — orders, revenue figures, and product information from your connected Shopify store(s), accessed read-only via OAuth
- Ad platform data — campaign and performance metrics from your connected Google Ads and Meta Ads accounts, accessed read-only via OAuth
- Usage data — pages visited and features used, to help us improve the service
- Landing page tracking — the Meta Pixel on our marketing website records page view events for advertising attribution
3. Why we collect it
We process your data under two legal bases:
- Contract performance (Article 6(1)(b) GDPR) — we need your account, Shopify, and ad platform data to deliver the dashboard service you signed up for
- Legitimate interest (Article 6(1)(f) GDPR) — we use usage data to improve the product, detect abuse, and maintain security
4. Third-party processors
We share data with the following sub-processors:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database hosting and authentication | EU / US |
| Resend | Transactional email delivery | US |
| Shopify | Data source — your store data, via API | US / EU |
| Data source — your Google Ads data, via API | US / EU | |
| Meta | Data source — your Meta Ads data, via API; landing page pixel | US |
All processors are bound by data processing agreements and handle data in accordance with applicable law.
5. Data retention
- Account data (name, email, password hash) is retained until you request deletion or close your account
- Shopify and ad platform data is fetched on demand to render your dashboard and is not stored beyond what is operationally necessary
- Usage data may be retained for up to 12 months for analytics purposes
6. Your rights under GDPR
You have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — ask us to stop processing your data while a dispute is resolved
- Objection — object to processing based on legitimate interest
To exercise any of these rights, email start@margr.io. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority: Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl.
7. Contact
Questions about this policy or how we handle your data? Email us at start@margr.io.