Last updated: June 7, 2026 | Email: [email protected] | Website: zundoecom.com
ZundoEcom is a full-service B2B ecommerce agency. We work with brands and retailers across the entire business of selling online, and our services reach well beyond any short list: storefront and checkout builds, platform selection and migration, system integrations, automation, conversion and performance work, ongoing store management, and a wide range of related ecommerce services shaped around each client. If a store needs it, we tend to do it.
Because we build and operate stores that sell to the public, the personal data we come near falls into two groups. There is the data of the businesses that hire us, and there is the data of the shoppers who buy from the stores we create. This policy explains how we treat both.
Who This Policy Is For
It helps to separate two situations up front, because they decide what you can ask of us.
You as a business dealing with us. When you enquire about our services, become a client, or browse this website, the data involved is yours and ZundoEcom decides how it is used. In privacy terms, we are the controller, and most of the sections below apply to us directly.
Shoppers buying from a store we built. The customer data inside a client’s store belongs to that client, the brand running the store. The brand is the controller; we only handle that data on the brand’s instructions, as a processor. The section on shopper data explains how we treat it, and requests about it go to the brand.
Information We Collect From Businesses and Visitors
When you use our enquiry form, request a proposal, or email us, we receive what you provide: your name, business email, phone number, company, the platform your store runs on, and the details you share about your catalogue, order volumes, and goals. We also keep our correspondence so a conversation does not restart each time.
As you browse zundoecom.com, the site logs ordinary technical data such as your IP address and rough location, device and browser type, the pages you open, and how you arrived. We use it to run and secure the site and to see which content is useful, not to build a personal profile of you.
Shopper Data We Process for the Stores We Build
This is the part that defines an ecommerce agency, so it gets the most detail. When a brand hires us, the shopper data in its store is the brand’s, and we handle it only to do the work the brand asked for. The kinds of data involved follow the path a customer takes through a store.
Browsing and Cart Activity
From the moment a shopper lands on a store, activity can be recorded: pages and products viewed, search terms, items added to a cart, and the device used. This relies on cookies, pixels, and similar tags, some set by the store and some by analytics or advertising partners. A familiar example is the abandoned cart, where a shopper who leaves with items in the basket can be sent a reminder. We build these flows on the brand’s instruction, and where consent is legally required for non-essential tracking, only after the shopper has given it.
Checkout and Payment
Checkout collects the most sensitive data: the buyer’s name, billing and shipping addresses, email, phone number, and the order itself. Card numbers are treated differently. We design checkout so raw card data goes straight to a dedicated payment processor such as Stripe, PayPal, or Shopify Payments, rather than through systems we operate, so the store receives a confirmation and a token instead of the full card number. Where the Payment Card Industry Data Security Standard applies, we follow it and keep cardholder data out of the store wherever the platform allows.
Fraud Screening
Online retail attracts fraud, so checkout often runs an order through address verification and a risk score from the payment or fraud provider. A high-risk order may be held or declined. Because that decision affects a real person, the brand can review a flagged order, and a shopper who believes a genuine order was wrongly blocked can ask the store to look again.
After the Sale
Once an order is placed, more data builds up. A shopper account holds order history, saved addresses, and preferences. Returns and refunds create their own records. Many stores invite reviews, which can show a shopper’s name and words publicly, so we configure those features to make it clear when content will be visible to others. Loyalty programmes and subscriptions, where a store runs them, track points, tiers, and recurring billing. We set these up and keep them running within the brand’s instructions.
Marketing to Shoppers
Online selling leans on marketing, and the rules differ by channel:
- Email. Promotional email goes only to shoppers who opted in, every message carries an unsubscribe link, and suppression lists make an unsubscribe stick. This follows CAN-SPAM in the US, CASL in Canada, and consent rules under GDPR and e-privacy law in Europe and the UK.
- SMS and messaging. Text-message marketing is held to a higher standard. In the US it needs prior express written consent under the Telephone Consumer Protection Act, and every programme honours a STOP keyword. We build SMS flows to capture that consent properly.
- Advertising and retargeting. Stores commonly use ad pixels and custom audiences to reach past visitors and find similar shoppers, which can involve sharing hashed customer details with ad platforms. Under several privacy laws this counts as selling or sharing data, and shoppers can opt out, as described under your rights.
Automated and AI Features
The AI features we build for stores include personalised product recommendations, dynamic pricing that moves with demand and stock, predictive inventory planning, and automated win-back offers when a shopper drops off. Most of these shape what a shopper sees rather than making a binding decision about them. The one place an automated process carries real weight is fraud scoring at checkout, covered above, where a person can review the outcome. We do not use one brand’s customer data to train models for another.
How We Use Information
Each kind of data has a defined use. Business-contact data lets us reply, scope and run projects, and, with opt-in, send occasional ecommerce updates to your inbox that you can stop with one click. Site data keeps the website working and secure. Shopper data is used only to deliver what the brand engaged us for, such as building checkout, running campaigns the brand authorised, or migrating customer and order history to a new platform. We do not invent new uses quietly; a purpose not covered here gets a fresh basis or your agreement first.
Who We Share Data With
Running a store means data reaches the partners that make it work:
- The commerce platform the store runs on, such as Shopify, WooCommerce, Magento, BigCommerce, or Salesforce Commerce Cloud
- Payment processors and fraud-prevention providers
- Shipping carriers and fulfilment partners, who need the buyer’s name and delivery address to deliver the order
- Email, SMS, and review platforms, plus advertising and analytics partners
- Our own hosting, email, and scheduling tools used to run ZundoEcom and communicate with clients
Each partner operates under its own privacy terms. We select providers that meet established security standards and require them to use shared data only for the agreed task. Beyond these, data is disclosed when the law or a regulator requires it, to defend legal rights or protect people from harm, and in a sale or merger where records would pass to a buyer bound by protections no weaker than these.
Cookies and Tracking on Our Site
Our own site uses a small set of cookies: necessary ones that run security and forms, analytics cookies that show in anonymised form how the pages perform, and preference cookies that remember simple settings. Your browser can block or delete them, and where consent is legally required for non-essential cookies, we ask first. Stores we build run their own cookie controls, configured with the brand.
Data Retention
Business contact and enquiry records stay with us for up to two years after your last interaction, then we remove them, unless a legal need extends that. Shopper data inside a store is kept under the brand’s rules and its contract with us, and order and tax records often carry their own legal retention periods the brand must observe. Marketing subscribers remain until they opt out, after which only a suppression entry survives. We return or delete the working data we hold for an engagement when it ends. De-identified statistics may be kept without a fixed end date.
Security
We apply technical and organisational safeguards suited to the data involved. Connections are encrypted, access to a store’s data is limited to the people working on it and removed when an engagement ends, and we keep card data out of systems we run by routing it to payment providers. Stores we manage receive plugin and platform updates to close known weaknesses. No online system is perfectly secure, and we will not claim otherwise, so keep your store and account credentials strong and private and tell us at once if you suspect a problem.
Your Rights
Depending on where you live, you can ask to access the data held about you, get a copy, correct it, delete it, restrict or object to its use, withdraw consent, and opt out of targeted advertising. For data held by ZundoEcom directly, email [email protected]. For data inside a store we built, the brand is the controller, so the request goes to that store and we help the brand carry it out. We verify identity before acting and respond within the time your law allows. You can also manage cookies in your browser, unsubscribe from any marketing email, reply STOP to marketing texts, and send a Global Privacy Control signal, which we honour where the law requires as a request to stop selling or sharing your data.
EEA, UK, and Switzerland
Personal data is processed only on a lawful basis: consent, the performance of a contract such as fulfilling an order, a legal obligation, or a legitimate interest weighed against your rights. Order processing and fraud prevention usually rest on contract and legitimate interest; most tracking and marketing rest on consent, which you can withdraw at any time without affecting earlier processing. You may complain to your national data protection authority.
California and Other US States
Under the CCPA and CPRA you can request the categories and specific pieces of personal information collected, ask for access, deletion, or correction, and opt out of the sale or sharing of your data. Advertising pixels and custom audiences can amount to selling or sharing data for cross-context behavioural advertising, and you can opt out through cookie controls, a Global Privacy Control signal, or by contacting the store. Residents of Virginia, Colorado, Connecticut, and other states with privacy laws hold comparable rights. We do not sell personal data for money, and using any right will not get you worse prices or service.
International Transfers
ZundoEcom, the platforms we use, and the shoppers who buy from our clients’ stores are spread across many countries, the United States included, where privacy law may differ from your own. For international transfers we apply recognised safeguards such as Standard Contractual Clauses or rely on an adequacy decision.
Children and Age
Our own service is for businesses and is not directed to children. Stores we build are intended for adult shoppers, and a store aimed at younger audiences carries extra legal duties that we configure with the brand. We do not knowingly collect data from anyone under 16 through our own site, and we delete it if we find we have. A parent or guardian with a concern can write to [email protected].
Links to Other Sites
Our pages and the stores we build link out to platforms, payment pages, and partners we do not operate. This policy ends at our boundary. Once you follow a link, that destination’s own policy applies, so review it before sharing anything there.
Changes to This Policy
We revise this policy as our services and the law change. The current version sits on this page with its date, and we make a reasonable effort to flag significant changes. Continuing to use the site after an update means the new version applies to you.
Contact
For any privacy question, request, or complaint, reach us directly. If your question is about a specific store we built, tell us which one so we can point you to the right controller.
Email: [email protected]