Privacy Policy

1. Introduction

LumiPoints ("we", "us", "our") provides profit analytics and shop insights for Etsy and Printify sellers through our web application at app.lumipoints.com and our Chrome Extension.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By using LumiPoints, you agree to the practices described in this policy.

2. Data We Collect

Account information

• Email address (for sign-in and account recovery)
• Password (stored as a secure hash, never in plain text)
• Display name (optional)

Authentication tokens

• JWT session tokens (stored in httpOnly cookies)
• OAuth tokens for Etsy and Printify (when you connect your shops)

Usage data

• Pages visited within LumiPoints (for analytics)
• Feature usage (which tools you use most)
• Error logs (to fix bugs)

3. Chrome Extension Data

The LumiPoints Chrome Extension operates with minimal permissions and collects data only when you explicitly use its features.

What the extension accesses

• Etsy listing pages: The extension reads listing data (title, price, tags, description, images, reviews) to calculate profit and SEO scores. This happens only when you actively view an Etsy listing.
• Printify product pages: The extension reads product pricing to auto-fill COGS for profit calculations.
• Local browser storage: Authentication tokens, user preferences, and cached calculations are stored locally in your browser using chrome.storage.

Extension features by tier

• Guest (no account): SEO scores and unit economics calculator work locally in your browser. No data leaves your device.
• Signed in: You can save calculations and import listings to your LumiPoints account.
• Connected shop: Your shop data is synced to your LumiPoints dashboard for profit tracking.

4. Shop Manager Data (Opt-In Only)

The LumiPoints Chrome Extension can parse data from your Etsy Shop Manager pages (Ads, Stats, Finances) to show aggregated analytics in your LumiPoints dashboard.

What is collected (only after consent)

• Ads performance: Ad spend, clicks, views, conversion rate, ROAS (aggregated per period)
• Stats: Traffic sources, page views, listing performance summaries
• Finances: Revenue totals, fee breakdowns, order counts (aggregated per period)

How it works

• Data is parsed from the DOM only when you actively visit these pages
• Parsed data is sent to your LumiPoints backend and linked to your account only
• We do not access raw order details, customer names, or personal buyer information
• We never sell or share your shop data with third parties

How to delete Shop Manager data

You can delete all collected Shop Manager data at any time through:

• Extension settings: toggle off "Shop Manager Data Collection"
• Web app: Settings → Privacy → "Delete Shop Manager Data"
• API call: DELETE /api/extension/shop-manager/data

Deletion is immediate and cascades across all related records.

5. Third-Party Integrations

LumiPoints integrates with the following services when you explicitly connect them:

Etsy

We connect via Etsy's official OAuth API to access your shop data (listings, orders, stats). We follow Etsy's API terms and never store customer PII.

Printify

We connect via Printify's API to access your products, pricing, and orders. This enables automatic COGS calculation and order tracking.

Google (optional sign-in)

If you choose Google sign-in, we receive your email and name only. We do not access your Google Drive, Gmail, or other Google services.

Analytics

We use privacy-respecting analytics (PostHog) to understand how the product is used. Analytics events are anonymized and aggregated.

6. How We Use Your Data

• To provide profit analytics, SEO scoring, and shop insights
• To sync data between the extension and your account
• To improve the product and fix bugs
• To communicate about product updates (only if you opt in)
• To comply with legal obligations

7. Data Sharing

We do not sell your data. We do not share your personal information with third parties for marketing purposes.

We may share data only in these limited cases:

• Service providers: Hosting (Hetzner), database (Neon), analytics (PostHog) — all under strict data processing agreements
• Legal compliance: If required by law, court order, or government request
• Business transfer: In case of merger or acquisition (you will be notified)

8. Data Retention & Deletion

• Account data: Retained while your account is active
• Shop Manager data: Retained until you delete it or close your account
• Extension local data: Stored only in your browser; you can clear it by uninstalling the extension
• Backups: Deleted data is removed from backups within 30 days

To delete your entire account and all associated data, go to Settings → Account → Delete Account in the web app, or email us.

9. Your Rights (GDPR & CCPA)

You have the following rights regarding your personal data:

• Access: Request a copy of all data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Export your data in a machine-readable format
• Objection: Object to certain types of processing
• Withdrawal of consent: Withdraw consent for opt-in features at any time

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

10. Security

We take security seriously:

• All data is transmitted over HTTPS/TLS
• Passwords are hashed with bcrypt (not stored in plain text)
• Session tokens use httpOnly cookies to prevent XSS attacks
• Database access is restricted and monitored
• Extension uses Manifest V3 with minimal permissions
• We regularly review and update our security practices

If you discover a security vulnerability, please report it responsibly to our contact email.

11. Children

LumiPoints is not intended for users under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact