Privacy Policy

Mech Software LLC (“Mech,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform and website (collectively, the “Service”). Please read this policy carefully. By using the Service, you agree to the practices described here.

This policy applies to:

• Merchants — businesses and individuals who create a Mech account to use our platform
• End Customers — customers of merchants who interact with Mech-powered support widgets, live chat, or self-service portals

1. Information We Collect

1.1 Information You Provide

When you register for or use the Service, we may collect:

• Full name and business name
• Email address
• Phone number
• Website URL
• Billing information (processed by Shopify Billing or Stripe — Mech does not store full payment card details)
• Support ticket content, chat messages, and Help Center articles you create
• Account settings and preferences

1.2 Shopify Store Data

If you connect Mech to your Shopify store, we collect and process the following data on your behalf in order to provide the Service:

• Customer names, email addresses, and phone numbers
• Order history, order status, and order details
• Product information
• Shipping and fulfillment data

This data is processed solely to enable support features such as order tracking, self-service order editing, and customer conversation context. We do not use your customers’ data for our own marketing purposes.

1.3 Automatically Collected Information

When you visit our website or use the Service, we may automatically collect:

• IP address and general location
• Browser type and version
• Device type and operating system
• Pages visited and time spent on pages
• Referral URLs
• Usage data and feature interactions within the platform

We collect this information through cookies and similar tracking technologies, including Google Analytics.

1.4 Communications

If you contact us for support or inquiries, we retain records of that correspondence, including your email address and the content of your messages.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and manage billing
• Send transactional emails such as account confirmations, billing receipts, and password resets
• Send product updates and service announcements to your account email address
• Respond to support requests and inquiries
• Monitor and analyze usage to improve the Service
• Detect, prevent, and address security incidents or abuse
• Comply with applicable legal obligations

We do not sell your personal information to third parties.

3. Cookies and Tracking Technologies

Mech uses cookies and similar technologies to operate and improve the Service and our website.

3.1 Types of Cookies We Use

3.2 Google Analytics

We use Google Analytics to collect anonymized data about website traffic and usage patterns. Google Analytics may set cookies on your device. You can opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.

3.3 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

4. How We Share Your Information

We do not sell or rent your personal information. We may share your information with the following categories of third parties solely to provide and operate the Service:

4.1 Service Providers and Subprocessors

All subprocessors are contractually required to handle data in accordance with applicable privacy laws and only for the purposes described above.

4.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Mech, our users, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website prior to any such transfer.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon cancellation or termination of your account:

• Your Customer Data is retained for 30 days following termination
• After 30 days, your data is permanently deleted from our systems
• You are responsible for exporting any data you wish to retain before this period expires

We may retain certain information for longer periods where required by law or for legitimate business purposes such as fraud prevention or legal compliance.

6. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your information, including:

• Data hosted on AWS infrastructure with industry-standard security certifications (ISO 27001, SOC 1/SOC 2)
• Encryption in transit using TLS/SSL
• Access controls and role-based permissions
• Error and security monitoring via Sentry

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use the Service at your own risk.

7. International Data Transfers

Mech is based in the United States and your data is stored on AWS infrastructure in the US East region. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, which may have different data protection laws than your country.

We take steps to ensure that international data transfers comply with applicable legal requirements, including implementing appropriate safeguards for transfers from the European Economic Area (EEA), United Kingdom, and other regions with data transfer restrictions.

8. GDPR — Rights of European Users

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR):

• Right of Access — You may request a copy of the personal data we hold about you
• Right to Rectification — You may request that we correct inaccurate or incomplete data
• Right to Erasure — You may request that we delete your personal data, subject to certain exceptions
• Right to Restriction — You may request that we restrict the processing of your data in certain circumstances
• Right to Data Portability — You may request a copy of your data in a structured, machine-readable format
• Right to Object — You may object to our processing of your data where we rely on legitimate interests as our legal basis
• Right to Withdraw Consent — Where processing is based on consent, you may withdraw that consent at any time

Legal Basis for Processing

We process personal data on the following legal bases:

• Contract — Processing is necessary to provide the Service under our Terms of Service
• Legitimate Interests — For analytics, security monitoring, and platform improvement
• Legal Obligation — Where required by applicable law
• Consent — For optional features such as marketing communications

How to Exercise Your Rights

To exercise any of the above rights, please contact us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9. CCPA — Rights of California Residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know — You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, and how we use and share it
• Right to Delete — You may request that we delete your personal information, subject to certain exceptions
• Right to Opt-Out — You may opt out of the sale of your personal information. Mech does not sell personal information
• Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights

Categories of Personal Information Collected

In the past 12 months, we have collected the following categories of personal information:

• Identifiers (name, email address, IP address)
• Commercial information (order data, billing history)
• Internet or network activity (usage data, analytics)
• Professional or employment-related information (business name, website)

To exercise your California privacy rights, please contact us at [email protected].

10. Children’s Privacy

The Service is intended for use by businesses and is not directed at individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly. If you believe we have collected information from a child under 13, please contact us at [email protected].

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties and encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last Updated” date at the top of this page and, where appropriate, by sending a notice to your account email address. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at:

Mech Software LLC
Orlando, Florida, United States
[email protected]