Privacy Policy

Shimm ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our product research platform and services.

By using Shimm, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

Personal Information

We collect information that you provide directly to us, including:

• Account Information: Name, email address, password (encrypted), and company details when you create an account
• Profile Information: Any additional information you choose to provide in your user profile
• Payment Information: Billing details and payment method information (processed securely through third-party payment processors)
• Communications: Messages, feedback, and support requests you send to us

Usage Data

We automatically collect information about how you interact with our services:

• Product Research Data: Products you search for, analyze, save, and interact with within Shimm
• Activity Logs: Features used, pages viewed, time spent, and interaction patterns
• Device & Browser Information: IP address, browser type, operating system, device identifiers, and language preferences
• Analytics Data: Performance metrics, error logs, and crash reports to improve service reliability

Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See the "Cookies" section below for more details.

2. How We Use Your Information

We use the information we collect to:

• Provide Our Services: Enable you to access and use Shimm's product research and analysis tools
• Process Transactions: Handle billing, payments, and subscription management
• Improve Our Platform: Analyze usage patterns, optimize performance, and develop new features
• Personalize Experience: Customize content, recommendations, and user interface based on your preferences
• Customer Support: Respond to inquiries, troubleshoot issues, and provide technical assistance
• Communications: Send service updates, security alerts, and important account notifications
• Marketing: Send promotional materials about new features, upgrades, and special offers (with your consent)
• Security & Fraud Prevention: Detect, prevent, and respond to security incidents, abuse, and fraudulent activity
• Legal Compliance: Meet legal obligations, enforce our Terms of Service, and protect our rights

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We engage trusted third-party companies to perform services on our behalf, including:

• Cloud hosting and infrastructure providers
• Payment processing services
• Email delivery and communication platforms
• Analytics and performance monitoring tools
• Customer support software

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Amazon Product Advertising API

Shimm uses the Amazon Product Advertising API to retrieve product information. We comply with all Amazon API terms and conditions. Product data is used solely to provide our research services and is not shared with other third parties.

Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Protect the rights and safety of our users and the public

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and provide options regarding your information.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content.

Types of Cookies We Use

• Essential Cookies: Required for basic platform functionality, authentication, and security
• Performance Cookies: Help us understand how you use Shimm to improve performance
• Functional Cookies: Remember your preferences and settings for a personalized experience
• Analytics Cookies: Track usage patterns and gather insights about feature adoption
• Marketing Cookies: Deliver relevant advertisements and measure campaign effectiveness (with your consent)

Managing Cookies

Most web browsers allow you to control cookies through settings. You can configure your browser to reject cookies or alert you when cookies are being sent. However, disabling cookies may limit your ability to use certain features of Shimm.

5. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide the services you requested
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: For marketing communications and non-essential cookies (where required)

Your GDPR Rights

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (subject to legal requirements)
• Right to Restriction: Limit how we use your personal data in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

International Data Transfers

Your data may be transferred and processed in countries outside the EEA. When we transfer data internationally, we implement appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

6. CCPA Compliance (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

Your CCPA Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information (subject to certain exceptions)
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal information)
• Right to Non-Discrimination: Receive equal service and pricing even if you exercise your privacy rights

Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email address, IP address)
• Commercial information (purchase history, product interests)
• Internet activity (browsing history, search history, interactions with our services)
• Geolocation data (approximate location based on IP address)
• Professional information (company name, industry)

Exercising Your Rights

To exercise your CCPA rights, please contact us at privacy@shimm.io. We will verify your identity before processing your request and respond within 45 days.

7. Your Rights and Choices

Regardless of your location, you have the following rights regarding your personal information:

Access and Update

You can access and update your account information at any time through your Shimm account settings.

Data Portability

You can request a copy of your data in a portable format. We will provide your data in JSON or CSV format within 30 days of your request.

Account Deletion

You may request account deletion at any time. Upon deletion, we will remove or anonymize your personal information within 30 days, except where we are required to retain it for legal compliance, dispute resolution, or fraud prevention.

Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any promotional email or by updating your communication preferences in your account settings. Note that you cannot opt out of transactional emails (e.g., password resets, billing notifications).

How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@shimm.io. We will respond to your request within 30 days and verify your identity before processing.

8. Data Security

We implement industry-standard security measures to protect your information from unauthorized access, disclosure, alteration, and destruction:

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict role-based access controls limit who can access personal data
• Secure Infrastructure: Our services are hosted on secure, SOC 2 compliant cloud platforms
• Regular Security Audits: We conduct regular security assessments and penetration testing
• Incident Response: We have procedures in place to detect, respond to, and notify you of security breaches

While we strive to protect your information, no security system is impenetrable. We cannot guarantee the absolute security of your data transmitted to our services.

9. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (e.g., tax, accounting, regulatory requirements)
• Resolve disputes and enforce agreements
• Prevent fraud and abuse

After you close your account, we may retain certain information in anonymized or aggregated form for analytics and improvement purposes. We delete or anonymize personal information within 90 days of account closure unless longer retention is required by law.

10. Children's Privacy

Shimm is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at privacy@shimm.io.

11. Third-Party Links and Services

Shimm may contain links to third-party websites, including Amazon product pages. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party services you access through our platform.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending you an email notification (for significant changes)
• Displaying a prominent notice within the Shimm platform

Your continued use of Shimm after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.