Privacy policy

Privacy Policy

Last updated: September 8, 2025
Company: Trilogy Commerce Inc. ("Trilogy," "we," "us," "our")

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit or use our website, storefronts, and related features, tools, products, and services (the "Services"), or otherwise communicate with us. By accessing or using the Services, you acknowledge that you have read and understand this Policy. If there is a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy controls with respect to personal information.

Plain‑language summary: We collect limited information to run our site, fulfill purchases or inquiries, improve our Services, and—where permitted—market to you. We don’t sell your data. You control your marketing preferences and can request access, correction, or deletion of your information as the law allows.

1) Who we are & how to contact us

Trilogy Commerce Inc. provides Shopify storefront design ("Storefront Design"), operational infrastructure ("Store Engine"), and growth services ("Velocity"). We also operate our own website and, where applicable, a store.

Email: admin@trilogycommerce.com
Phone: +1 416-333-2565
Billing address: Trilogy Commerce Inc., 1808 St Clair Ave W, 809, Toronto, Ontario M6N 0C1, Canada

If you are in the EEA/UK or other regions with data rights, see Section 12.

2) Scope of this Policy

This Policy applies to personal information we collect about:

Visitors to our website and landing pages;
Prospective and current customers, partners, and vendors who contact us or purchase from us;
Individuals who receive our communications, download resources, or attend our events/webinars.

Client work: When we build or operate sites and systems for our clients, our clients are the controller of their customer data. We act as a service provider/processor and handle that data only under the client’s instructions and contract (see Section 13).

3) Personal information we collect or process

When we say “personal information,” we mean information that identifies or can reasonably be linked to a person. It does not include de‑identified or aggregated data. Depending on your use of the Services, where you live, and applicable law, we may collect:

Contact details (name, email, phone, billing/shipping address).
Financial & transaction information (payment card token/last 4 via our processor, payment confirmation, order details, returns/exchanges). We do not store full card numbers; secure processors handle those.
Account information (username, preferences, settings).
Usage & device information (IP address, browser, device identifiers, pages viewed, actions taken, timestamps).
Communications (messages, support requests, meeting notes).
Marketing preferences (opt‑ins, unsubscribes).
Inferences drawn from the above to improve or tailor the Services.

4) Sources of personal information

We collect personal information:

Directly from you (forms, checkout, support, proposals).
Automatically (cookies, pixels, SDKs, and similar technologies when you use the Services).
From service providers (e.g., payment processors, analytics) acting on our behalf.
From partners/third parties (ad platforms or lead sources, consistent with law and your settings).

5) How we use personal information

Depending on your interactions with us, we use personal information to:

Provide and operate the Services (fulfill orders, process payments, shipping/returns, account management).
Tailor and improve your experience (remember preferences, recommend products/content, fix bugs, enhance performance).
Support and communicate (respond to inquiries, service updates, transactional notices).
Market and advertise (send newsletters or promotions by email/SMS/post where permitted; show ads on our Services or other sites based on your activity and preferences).
Security and fraud prevention (authenticate accounts; prevent, detect, and respond to abuse or illegal activity).
Legal and compliance (comply with laws; enforce agreements; protect rights and safety).

Where required, we rely on your consent for certain marketing or analytics. You can withdraw consent at any time (see Section 11).

6) Cookies and similar technologies

We use essential cookies to run the site; analytics cookies to understand performance; and, where permitted, advertising/retargeting technologies to measure and improve campaigns.

Your choices: You can manage cookies in your browser and, in some regions, via our consent banner. You may also adjust settings with certain providers (e.g., Google Ad Settings) and opt out of many third‑party ad networks.

7) How we disclose personal information

We do not sell personal information. We may disclose personal information in these situations:

Service providers/processors (hosting, cloud storage, email/SMS, analytics, payment processing, fulfillment/shipping, support, security).
Business & marketing partners (to run campaigns, measure effectiveness, or co‑sponsor events—subject to their notices and where permitted by law).
Affiliates/corporate group (for internal operations consistent with this Policy).
Legal, safety, and rights (to comply with law, respond to lawful requests, or protect rights/safety).
Business transfers (e.g., merger, acquisition, financing, or asset sale).

Depending on your region, you may have the right to direct us not to share information for targeted advertising (see Section 11).

8) Relationship with Shopify (hosting & enhanced features)

The Services are hosted by Shopify. Information you submit via our store or embedded Shopify tools is transmitted to and processed by Shopify and certain third parties (which may be outside your country) to provide and improve the Services. To help protect, grow, and improve our business, we may enable Shopify enhanced features that incorporate data about interactions with our store, with other merchants, and with Shopify itself. For those enhanced‑feature uses, Shopify acts as a controller and is responsible for responding to requests regarding that processing.

Learn how Shopify uses your information: Shopify Consumer Privacy Policy — https://www.shopify.com/legal/privacy
Exercise rights about data Shopify controls: Shopify Privacy Portal — https://privacy.shopify.com/

9) International transfers

We are based in Canada and may use service providers in other countries (including the United States). Your information may be processed where laws differ from your jurisdiction. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for cross‑border transfers.

10) Security

We implement administrative, technical, and physical safeguards designed to protect personal information (e.g., access controls, encryption in transit where appropriate, least‑privilege practices, vendor diligence, monitoring). No method of transmission or storage is 100% secure.

11) Retention

We keep personal information only as long as needed for the purposes described here, to comply with laws, resolve disputes, and enforce agreements. Typical periods include:

Marketing contacts: up to 24 months after your last interaction or until you unsubscribe.
Orders, invoicing, and contractual records: retained as required by tax/accounting and regulatory obligations.
We delete or de‑identify information when it is no longer needed.

12) Your rights and choices

Your rights depend on where you live. Subject to legal limits, you may have the right to access/know, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing.

Marketing: Unsubscribe using the link in our emails/SMS or contact us.
Cookies/Ads: Manage browser settings and consent banner options; adjust platform ad settings.
Targeted advertising / "sharing": In some regions, you may direct us not to disclose data for targeted ads. If available, use the site controls or contact us.
Identity verification & agents: We may need to verify your identity to process a request. Where allowed, you can designate an authorized agent; we will require proof of authorization and may ask you to verify directly.
Non‑discrimination: We will not discriminate against you for exercising your rights.

How to exercise your rights: Email admin@trilogycommerce.com or write to our billing address. For data Shopify controls (Section 8), please use Shopify’s Privacy Portal linked above.

13) Regional information

Canada (PIPEDA): You may request access to or correction of personal information in our custody or control, withdraw consent where applicable, and challenge our compliance. You may contact the Office of the Privacy Commissioner of Canada (OPC) about unresolved concerns: https://www.priv.gc.ca/en/contact-the-opc/

EEA/UK (GDPR/UK GDPR): Where applicable, you may have rights to access, rectify, erase, or port your data; to object to or restrict processing (including direct marketing); and to withdraw consent. You can lodge a complaint with your local supervisory authority.

United States (state laws): Residents of some states (e.g., CA, CO, CT, UT, VA) may have rights to know/access, delete, correct, and opt out of targeted advertising or certain disclosures. If available, use our site controls or contact us to exercise these rights.

14) Third‑party links and social media

Our Services may link to third‑party sites or include embedded tools. Those third parties have their own privacy policies; we are not responsible for their practices. Information you share on public or third‑party platforms may be viewable by others.

15) Children’s data

Our Services are intended for business and general audiences and are not directed to children. We do not knowingly collect personal information from individuals under the age of majority in your jurisdiction (or under 16 where required). If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

16) Our role when working for clients (processor/service provider)

For services we perform on behalf of clients (e.g., Shopify builds, integrations, analytics, lifecycle messaging):

We process personal information only under the client’s instructions and contract.
We require sub‑processors to provide appropriate safeguards and sign written agreements.
We do not use client customer data for our own marketing.
At contract end, we return or delete data as instructed, subject to legal retention requirements.
A Data Processing Addendum (DPA) is available on request.

17) Changes to this Policy

We may update this Policy to reflect changes to our practices or legal requirements. We will post the updated version with a new Last updated date and provide additional notice as required by law. Please review this Policy periodically.

18) How to contact us

Questions, requests, or complaints about this Policy or our privacy practices:

Email: admin@trilogycommerce.com
Phone: +1 416-333-2565
Billing address: Trilogy Commerce Inc., 1808 St Clair Ave W, 809, Toronto, Ontario M6N 0C1, Canada

If we cannot resolve your concern, you may contact your local data protection authority (see Section 13 for Canada/EEA/UK references).

Quick summary

We collect contact, usage, and transaction data to operate the Services.
We use reputable service providers (including Shopify) and don’t sell your data.
You can unsubscribe from marketing and request access/correction/deletion subject to law.
For Shopify‑controlled processing, use Shopify’s Privacy Portal: https://privacy.shopify.com/