Privacy Policy

Last updated: April 18, 2026

This Privacy Policy explains how VOLBAK LTD ("VOLBAK", "we", "us") collects, uses and protects information in connection with WeProfit, our profit analytics and server-side tracking platform for e-commerce merchants (the "Service"), and this website, weprofit.com. Questions? Contact us at [email protected].

1. Who we are

WeProfit is operated by VOLBAK LTD, a company registered in the United Kingdom. For data protection purposes, VOLBAK LTD is the controller of merchant account data and a processor of the store data merchants connect to the Service.

2. Information we collect

From merchants (our customers)

From shoppers (our merchants' customers)

From visitors to this website

3. How we use information

We do not sell personal data. Data imported for a merchant is shown only to that merchant and the staff members they invite. It is never aggregated across customers for advertising purposes, shared with other customers, or sold.

Lawful bases. Where the UK or EU GDPR applies, we process personal data on the basis of performance of a contract (providing the Service to merchants), our legitimate interests (securing and improving the Service), consent where required, and compliance with legal obligations. For shopper data processed on a merchant's behalf, the merchant is the controller and determines the lawful basis.

4. Google user data

Where a merchant connects a Google account (for example Google Ads), WeProfit's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

5. Other advertising platforms

The same principles apply to every advertising platform a merchant connects (Meta, TikTok, Pinterest and others): spend import uses read-only reporting access, is used only for that merchant's own reports, is revocable at any time, and is never resold. Separately from spend import, server-side event delivery (Section 2) sends the merchant's own conversion events to the platforms that merchant has configured — it never reads anything from, and never modifies campaigns in, those ad accounts.

6. Storage and security

7. Retention

We retain merchant data while the account is active. When a merchant disconnects an integration, related credentials are deleted immediately. When an account is closed, we delete or irreversibly anonymize its data within 90 days, except where retention is required by law.

8. Sharing

We share data only with: (a) service providers strictly necessary to run the Service (for example cloud hosting), under agreements that limit their use of the data; (b) the advertising platforms a merchant has explicitly configured for server-side event delivery, acting on that merchant's instructions as described in Section 2; and (c) authorities where required by law. We never share data with advertisers for our own purposes, and never with data brokers.

9. Your rights

Depending on your location (including under the UK and EU GDPR), you may have the right to access, correct, export, restrict or delete your personal data. Contact [email protected] and we will respond within 30 days. You may also lodge a complaint with your local data protection authority.

10. Children

The Service is a business tool and is not directed to children under 16. We do not knowingly collect personal data from children.

11. Changes

We may update this policy as the Service evolves. Material changes will be announced to account holders by email or in-product notice, and the "Last updated" date above always reflects the current version.

12. Contact

VOLBAK LTD — [email protected] · volbak.com