By using Littledata’s services you are granting us access to private data which we undertake to handle in a secure and confidential way. The types of data you share with us are covered below.
Secure data transfer and storage
When Littledata requests or sends your data to web services you opt into, or to display data in your browser, this is done via a secure (SSL) web connection. Any of your data that we store to provide your services is encrypted at rest in a database hosted on Google or AWS servers in North Virginia, USA (with the highest security precautions), and accessible only via our web servers (for your consumption) and a select number of Littledata employees and contractors.
Email and password
We use your email to provide customer support, and infrequently promote new products and services to you (only from Littledata). You can opt out of these emails. We promise never to share this email address with third parties.
Your password is encrypted at rest.
By connecting your Google account you are granting us access to
- Your name and profile image
- Your email address
- All Google Analytics properties linked to your account
Littledata pulls a range of data from your Google Analytics account. We use this data to:
(a) Provide data exports of your website performance, and accessible only via your Google account or (with explicit permission from you) to other members your invite to your Littledata account.
(b) Test new analytic methods and visualisations for our internal use. Your data will only be accessible by Littledata’s European Union based employees and contractors, bound by a non-disclosure agreement
(c) Provide anonymised benchmarks to other customers. We promise this will never be identifiable to you or your website, and will only be used in aggregate segments of at least 10 benchmark companies – so that your performance cannot be inferred from the benchmark
Sending Personally Identifiable Information (PII) about your end users to Google Analytics (for example, customer email addresses) is in breach of Google’s terms as well as our Terms.
Our Shopify apps pull historic and current customer orders in order to feed this information onto your chosen destinations. We only store non-personal information (order numbers, transaction amounts and product names), and only for up to 3 months for reconciliation and audit purposes.
Where you ask us to send PII customer data from Shopify to a destination (e.g. Segment.com) we pass this information straight on without storing in our own database.
Your rights regarding your personal information
The UK’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations and good practices.
Your objection (or withdrawal of any previously given consent) could mean that you are not able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular, in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
To make any request outlined above, please use our contact form.