Privacy Policy.

1. Who We Are

OneCampaign is operated by NC Digital Limited, a company registered in England and Wales (Company No. 16413452), trading as OneCampaign.

Registered address: 5 Canon Court, Institute St., Bolton, England, BL1 1PZ

Contact: hello@onecampaign.io

NC Digital Limited is the data controller for personal data collected directly from merchants who use OneCampaign. For personal data belonging to a merchant's customers, NC Digital Limited acts as a data processor on the merchant's behalf.

2. What This Policy Covers

This policy explains how we collect, use, store, and protect personal data in two contexts:

• Merchant data (B2B): Information from Shopify store owners and their team members who use OneCampaign to manage lifecycle email.
• End-customer data (B2B2C): Information about a merchant's customers, synced from Shopify and processed by OneCampaign on the merchant's behalf to deliver personalised email.

3. Information We Collect

3.1 Merchant Data

• Shopify account information (shop name, domain, owner email, API credentials)
• Team member details (name, email, role) for accounts with team management
• Brand settings (brand voice, tone preferences, avoid phrases, excluded products/collections)
• Email branding configuration (colours, fonts, logo uploads, social links)
• Billing and subscription information (plan tier, contact count — processed via Shopify App Billing)

3.2 End-Customer Data (as Processor)

• Contact information: email address, first name, last name
• Marketing consent status (as recorded in Shopify)
• Order history: products purchased, order values, dates, financial status
• Abandoned checkout data: cart contents, checkout timestamps

3.3 Generated Data

OneCampaign generates derived data to power its lifecycle decisioning engine:

• Lifecycle stage classification (new, active, at-risk, lapsed, VIP)
• Engagement and fatigue scores
• Discount sensitivity classification
• Replenishment cycle predictions

3.3.1 Behavioural Signals

Per-customer learned signals derived from engagement data:

• Preferred send hours and optimal send frequency
• Intent responsiveness (which email types each customer engages with)
• Engagement trends and velocity

3.3.2 Purchase Pattern Analysis

• Product co-purchase associations (which products are frequently bought together)
• Sequential purchase patterns (typical product progression over time)
• Product affinity scores

3.4 Commerce Data

• Recommendation tracking: which product recommendations were shown, clicked, and converted
• Automated discount codes created via the Shopify API on the merchant's behalf (code, percentage, expiry, redemption status)
• Product interest registrations for back-in-stock notifications
• Email branding configuration change history

3.5 Email Engagement Data

• Opens: Tracked via a transparent pixel embedded in emails, processed by our email delivery provider (Postmark)
• Clicks: Tracked via URL rewriting in email links, with UTM parameters for attribution
• Deliveries, bounces, and complaints: Reported by Postmark via webhook events

3.6 Cookies

OneCampaign uses a minimal set of cookies. We do not use any advertising or analytics cookies.

3.7 IP Addresses

IP addresses are used in-memory for rate limiting only. They are not persisted to any database or log.

3.8 Data Provision Requirement

Provision of your Shopify account information is a contractual requirement necessary to provide the OneCampaign service. If you do not provide this data, we cannot operate the service for your store.

4. How We Use Information

• Providing the OneCampaign service: syncing Shopify data, evaluating lifecycle intents, generating and sending personalised email
• AI-powered copy generation: creating email subject lines and body content tailored to each customer's context
• Deliverability monitoring: tracking bounce and complaint rates to protect sender reputation
• Billing and usage tracking: counting marketable contacts, managing subscription tiers via Shopify App Billing
• Compliance: responding to GDPR data requests and redaction webhooks from Shopify
• Service improvement: analysing aggregate engagement patterns to improve decisioning accuracy (no individual-level data is shared externally for this purpose)

5. Legal Basis for Processing

• Contract performance (Article 6(1)(b) UK GDPR): Processing merchant data is necessary to provide the OneCampaign service under our Terms of Service.
• Legitimate interest (Article 6(1)(f) UK GDPR): Aggregate analysis of engagement patterns to improve the service. We have conducted a Legitimate Interest Assessment and concluded that this processing does not override the interests or rights of data subjects because: the data is aggregated and not used to single out individuals, individual-level data is not shared externally for this purpose, and data subjects can object at any time. A full Legitimate Interest Assessment document is available on request by contacting hello@onecampaign.io.
• Consent (for end-customer marketing emails): OneCampaign only sends marketing emails to end customers who have consented to marketing via their Shopify checkout. The merchant is responsible for obtaining and maintaining this consent. OneCampaign respects the accepts_marketing flag from Shopify and provides one-click unsubscribe in every email.

6. AI and Automated Decision-Making

6.1 AI Copy Generation

OneCampaign uses AI language models (currently provided by Anthropic) to generate email subject lines and body copy. The following data is sent to the AI model for each generation:

• Customer first name
• Brand voice and tone settings configured by the merchant
• Product titles and descriptions relevant to the email intent
• Lifecycle stage (e.g., new customer, VIP, at-risk)
• Intent type (e.g., welcome, replenish, winback)

We do not send email addresses, full order histories, or financial data to the AI model.

6.2 Lifecycle Intent Selection

OneCampaign uses automated decision-making to select which lifecycle intent (if any) should trigger for each customer. The system analyses purchase history, engagement patterns, and timing to determine the most relevant email type. Every automated decision includes a full explainability trail — consent status, fatigue check, intent scores, timing evaluation, and final outcome — which merchants can review in the dashboard.

6.3 Automated Discount Code Creation

When a merchant enables discount codes, OneCampaign algorithmically determines whether to include a discount offer in winback emails. The system evaluates the customer's purchase history and engagement to classify their discount sensitivity (how likely a discount is to motivate a purchase). This means some customers may receive discount offers while others do not, based on their individual profile.

6.4 Product Recommendations

OneCampaign selects product recommendations based on purchase patterns, product associations, and individual customer affinity. This determines which commercial offers each customer receives in their emails.

6.5 Your Rights Regarding Automated Decisions

If you are an end customer who has received an email via OneCampaign and wish to request human review of an automated decision that affects you, you may contact the merchant who sent the email (the data controller) or contact us at hello@onecampaign.io and we will work with the merchant to review the decision. You may also object to automated profiling at any time.

7. Data Sharing and Sub-Processors

We do not sell personal data. We do not share data with advertising networks. Data is shared only with the following sub-processors as necessary to provide the service:

8. International Transfers

Our primary database is hosted by Supabase in the UK (London region). Some sub-processors (Vercel, Postmark, Anthropic, Slack) are based in the United States. Where personal data is transferred outside the UK, we have implemented the following safeguards:

• UK adequacy regulations where applicable
• UK International Data Transfer Agreements (IDTAs) or UK Addenda to EU Standard Contractual Clauses, as approved by the ICO, executed with each US-based sub-processor
• Transfer Risk Assessments documented for each international transfer

9. Data Retention

• Active service: All data is retained for the duration of the merchant's active subscription.
• Post-uninstall: When a merchant uninstalls the Shopify app, sending is paused immediately and Shopify access is revoked. We then process Shopify compliance webhooks (including shop/redact) and delete associated shop data when required by those requests.
• Suppression records: Email suppression records (unsubscribes, bounces, complaints) are retained for the duration of the merchant's active subscription. When Shopify shop redaction is processed, suppression records are deleted with the rest of the shop data, except where retention is required by law.
• GDPR redaction: When a customer redaction request is received via Shopify's GDPR webhook, the customer's data is anonymised and their engagement data is deleted.
• Message and event history: Retained as an audit trail for the duration of the merchant's subscription.

10. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to data portability: Receive your data in a structured, machine-readable format
• Right to object: Object to processing based on legitimate interest
• Right to restrict processing: Request that we limit how we use your data
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time
• Rights related to automated decision-making: Request human review of automated decisions that significantly affect you (see Section 6.5 for how to exercise this right)

For Merchants

Contact us at hello@onecampaign.io to exercise any of these rights. You can also export your customer data at any time using the CSV export feature in your dashboard.

For End Customers

If you have received an email sent via OneCampaign and wish to exercise your rights, you can:

• Click the one-click unsubscribe link in any email to stop receiving marketing emails from that merchant
• Contact the merchant directly — they are the data controller for your data
• Submit a data request through Shopify, which is forwarded to us via GDPR webhooks for processing

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Encryption: All data is encrypted at rest and in transit (TLS 1.2+)
• Row-level security: Database access is restricted at the row level, ensuring merchants can only access their own data
• Role-based access control: Team members are assigned roles (owner, member, viewer) with appropriate permissions
• Rate limiting: API endpoints are rate-limited to prevent abuse
• Input sanitisation: All user inputs are validated and sanitised to prevent injection attacks
• HMAC-signed tokens: Webhook payloads are verified using HMAC signatures; unsubscribe links use signed tokens
• Secure cookies: Authentication cookies use httpOnly, secure, and sameSite attributes

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email to the address associated with your account. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

If you have questions about this policy or wish to exercise your data protection rights, contact us at:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have not been respected.