Privacy Policy

Last updated:

Version: 2.1

1) Introduction

This page explains what data ChannelWeave uses, why we use it, and what choices you have. We have written this policy for real use of the product (not as generic legal filler), so you can see how data moves through ChannelWeave day to day.

If you have questions, you can reach us directly via our privacy contact form.

2) Who we are (Controller)

ChannelWeave Limited is the data controller for personal data we process about account owners, users, prospects, and website visitors.

Contact details

  • Trading entity: ChannelWeave Limited
  • Registered address: 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
  • Privacy contact: Contact our privacy team

3) Scope

This policy covers data processed when you use:

  • Our public website (including marketing pages and contact forms);
  • Our web app and APIs;
  • Channel integrations (for example Amazon, eBay, Shopify, and Website connector flows);
  • Support and account-management communications.

It does not cover third-party services you connect to ChannelWeave. Those providers have their own privacy notices and responsibilities.

4) Data we collect

We only collect data needed to run, secure, and improve the service.

Category Typical examples Where it comes from
Account data Name, work email, password hash, role, tenant/workspace IDs, plan details. Provided by you when registering or invited by your team.
Channel connection data OAuth tokens, channel account IDs, shop references, connection status, sync settings. From connected channels after you authorise access.
Order, listing, and stock data Product metadata, listings, order identifiers, fulfilment status, buyer-facing delivery/contact fields provided by sales channels. From your workspace activity and connected channels.
Billing and finance records Billing contact details, invoices, tax references, payment status records. From you and our payment/billing flow.
Support and communications Contact form messages, support tickets, replies, and operational follow-up notes. From you.
Technical and usage data IP address, browser type, device information, request logs, page visits, error diagnostics. Automatically collected when you use our website or app.

5) How we use data & legal bases

Under UK GDPR/EU GDPR, we process personal data on the following legal bases:

Purpose Main legal basis What this includes in practice
Run your account and deliver the service Contract (Art. 6(1)(b)) Sign-in, permissions, channel connectivity, syncing listings, stock, and orders.
Billing and compliance records Contract + legal obligation (Art. 6(1)(b), 6(1)(c)) Subscriptions, invoicing, tax/accounting obligations, anti-fraud checks on account activity.
Security and abuse prevention Legitimate interests (Art. 6(1)(f)) Session security, suspicious-activity review, service abuse detection, and incident response.
Service reliability and product improvement Legitimate interests (Art. 6(1)(f)) Performance monitoring, fault diagnosis, and feature quality improvements.
Service messages and optional marketing Legitimate interests and/or consent Operational emails you need, plus product updates where lawful and appropriate. You can opt out of non-essential marketing.

ChannelWeave sends transactional email communications only (for example order confirmations, shipping updates, and account/security notices). We do not use purchased or scraped recipient lists. We suppress hard bounces and complaints, and we honour unsubscribe requests for non-essential product updates.

6) When we act as a processor

When you upload or sync your own customers’ data into ChannelWeave, you remain the controller for that data and ChannelWeave acts as your processor. Our processing follows your instructions and the relevant contractual terms, including our DPA where applicable.

7) Sharing & disclosures

We share data only where needed to deliver the service or comply with law.

Recipient type Why data is shared
Cloud and infrastructure providers Host and operate ChannelWeave securely.
Connected channel platforms (for example Amazon, eBay, Shopify, and website connectors) Complete actions you request, such as sync and order/listing updates.
Email and support tooling providers Send operational messages and handle support requests.
Professional advisers and regulators Legal, tax, audit, and regulatory compliance.
Corporate transaction counterparties Potential merger, acquisition, or asset sale (with lawful safeguards).

We do not sell personal data.

8) Cookies & analytics

We use a small number of cookies and similar technologies on the website and app.

Cookie / tool Purpose Type
cw_session Keeps signed-in users authenticated in the app. Essential (session/authentication)
Ahrefs Web Analytics Measures usage on public pages so we can improve site content and performance. Analytics

The app session cookie is set with a 30-day expiry window and is secured in production environments. You can still control or block cookies in your browser, but essential auth cookies are required for sign-in.

9) Data retention

We keep data only for as long as we need it for service operation, security, and legal obligations. Retention periods vary by data type.

  • Session cookie data: 30-day expiry window for the app session cookie.
  • Account and workspace records: retained while your account is active and for a limited period afterwards to support reactivation, security, or legal responsibilities.
  • Channel connection credentials: retained while the channel connection remains active, then removed or rotated according to operational/security needs.
  • Finance and billing records: retained for legally required accounting and tax periods.

10) Security

We use technical and organisational controls designed to protect data, including encrypted transport (HTTPS), controlled access, least-privilege permissions, and monitoring for suspicious activity.

No internet service can be guaranteed 100% secure, but we keep our controls under review and respond to incidents under defined procedures.

11) International transfers

Where data is transferred outside the UK or EEA, we use recognised safeguards such as adequacy decisions and contractual protections (including UK/EU standard clauses) as relevant to the transfer.

12) Your rights

Depending on your location and circumstances, you may have rights to access, correct, delete, restrict, object to processing, or transfer your personal data, and to withdraw consent where consent is the legal basis.

To submit a request, use our privacy rights request form. We may ask for identity verification before completing a request.

13) Children’s data

ChannelWeave is not aimed at children, and we do not knowingly collect children’s personal data. If you believe a child has provided data to us, contact us and we will investigate promptly.

14) Changes to this policy

When this policy changes, we update this page date and version. Material changes may also be communicated in-product or by email.

15) Contact & complaints

Contact us

ChannelWeave Limited
71-75, Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom
Contact our privacy team

Supervisory authority (UK)

You can complain to the UK Information Commissioner’s Office (ICO), or your local authority where applicable.

ico.org.uk • Tel: 0303 123 1113