Contact us

Privacy Policy

Effective Date: February 27, 2026

This Privacy Policy explains how Elade ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our services. This applies to your interactions with our website (elade.io), our Shopify applications and themes, or any related marketing or events.

Elade specializes in providing Shopify themes and apps that enhance the visual design and functionality of your ecommerce stores. It is important to note that our themes do not collect, store, or process any personal data from merchants or their customers. However, our app, Designy, collects basic store information provided through the Shopify API—such as your store name and contact details—strictly for the purpose of delivering core app functionality. We never sell or share this data with third parties.

By reading this document, you will understand your privacy rights and choices. If you do not agree with our policies and practices, please refrain from using our Services. For any further questions or concerns, you can always reach us at privacy@elade.io.

1. What Information Do We Collect?

We collect personal data in two main ways: information you actively provide to us, and data that is collected automatically through your use of our Services. Please note that we do not process any sensitive personal information (such as racial origins, religious beliefs, or sexual orientation), nor do we collect data from third-party data brokers.

Information You Voluntarily Provide

The specific information we collect depends on how you interact with us, but it generally includes:

  • Personal details such as your name, phone number, email address, and mailing address.
  • Account credentials, including your username and password.
  • Your specific contact preferences.

All information you provide must be true, complete, and accurate, and it is your responsibility to notify us of any changes to this data.

Social Media Login Data

If you choose to register or log in using existing social media accounts (such as Facebook or X), we will collect certain profile information from that provider. This often includes your name, email address, friends list, profile picture, and any other information you have chosen to make public on that platform. We use this data only for purposes described in this Privacy Policy. We do not control and are not responsible for how your third-party social media provider uses your personal information.

Information Collected Automatically

When you navigate our Services, our servers automatically collect certain technical information. This data does not reveal your specific identity but is necessary to maintain the security and operation of our Services, as well as for our internal analytics. This automatically collected information includes:

  • Log and Usage Data: Diagnostic, usage, and performance details. This may include your IP address, browser type and settings, date/time stamps, pages viewed, searches made, hardware settings, system activity, and error reports (crash dumps).
  • Device Data: Information about the computer, phone, or tablet you use, including proxy server details, device and application identification numbers, operating system, system configuration, Internet service provider, and mobile carrier.
  • Location Data: Imprecise or precise geolocation data based on your IP address or GPS technologies. You can opt out of this by refusing access to location settings on your device, though some features of our Services may become unavailable.

Google API Limited Use: Our use of information received from Google APIs strictly adheres to the Google API Services User Data Policy, including the Limited Use requirements.

2. How We Process Your Information

We process your personal data for several business and legal reasons, including:

  • To facilitate account creation, authentication, and general account management.
  • To deliver the services you requested.
  • To respond to your inquiries and offer customer support.
  • To send administrative details, such as updates to our terms, policies, or product features.
  • To fulfill and manage your orders, payments, returns, and exchanges.
  • To protect an individual's vital interests (e.g., to prevent physical harm).

3. Legal Bases for Processing Your Data

We only process your data when we have a valid legal reason to do so. These bases vary depending on your geographical location.

For Users in the EU and UK (GDPR)

  • Consent: When you have explicitly permitted us to use your data for a specific purpose (which you can withdraw at any time).
  • Performance of a Contract: When processing is necessary to fulfill our obligations to you, or at your request prior to entering into a contract.
  • Legal Obligations: When necessary to comply with the law, cooperate with law enforcement, or defend our legal rights.
  • Vital Interests: When necessary to protect your vital interests or those of a third party, such as in situations involving potential threats to safety.

For Users in Canada

We may process your information if you have given us express consent or in situations where your permission can be inferred (implied consent). Under Canadian law, there are exceptional cases where we may process your data without consent. These include, but are not limited to:

  • Investigations, fraud detection, and prevention.
  • Business transactions, provided certain legal conditions are met.
  • Situations clearly in the interests of an individual where consent cannot be obtained in a timely way.
  • Processing necessary to assess or settle an insurance claim (e.g., in a witness statement).
  • Identifying injured, ill, or deceased persons and communicating with next of kin.
  • Reasonable grounds to believe an individual is a victim of financial abuse.
  • When seeking consent would compromise an investigation into a breach of an agreement or Canadian law.
  • Compliance with subpoenas, warrants, or court orders.
  • Data produced by an individual in the course of their employment, business, or profession.
  • Information used solely for journalistic, artistic, or literary purposes.
  • Publicly available data specified by regulations, or de-identified data used for approved research projects.

4. Sharing Your Personal Information

We may share your data with trusted third-party vendors, service providers, contractors, or agents who perform services on our behalf. These third parties are bound by strict contractual obligations to safeguard your data, retain it only as instructed, and refrain from sharing it further or using it for their own purposes.

The specific categories of third parties we share information with include:

  • Web Analytics & Advertising: Google Analytics, Google Ads, and Meta Pixel (Facebook Pixel).
  • Infrastructure & Hosting: Shopify Inc. (for application functionality and API integrations).
  • Performance Monitoring Tools.

Additionally, we may share or transfer your data in connection with a business transfer, such as a merger, sale of company assets, financing, or acquisition.

5. Tracking Technologies and Cookies

We use cookies, web beacons, and pixels to gather information, ensure the security of our Services, prevent crashes, save your preferences, and perform basic site functions. We also allow selected service providers to use these technologies for advertising and analytics, such as tailoring ads to your interests or sending abandoned cart reminders.

Google Analytics & Ad Features: We utilize Google Analytics Advertising Features, including Remarketing and Demographics/Interests Reporting. You can opt out of Google Analytics tracking across all services by visiting the Google Analytics Opt-out page, or by adjusting your Ad Settings. You can also utilize opt-out tools provided by the Network Advertising Initiative.

6. International Data Transfers

While Elade is located in Poland (within the European Economic Area), we utilize infrastructure and service providers—such as Shopify, Google, and Meta—that are located in the United States. To ensure your data remains legally protected during these transfers, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as well as partners certified under the EU-U.S. Data Privacy Framework.

7. Data Retention

We retain your personal information only as long as you maintain an active account with us, unless a longer retention period is required or permitted by law (such as for tax or accounting purposes). Once we have no ongoing legitimate business need to process your data, we will either delete or anonymize it. If deletion is not immediately possible (for example, if data is stored in backup archives), we will securely isolate your information from any further processing until it can be safely erased.

Shopify App (Designy) Retention: In strict compliance with Shopify’s platform rules, our application uses Mandatory Webhooks. When you uninstall our app from your Shopify store, we automatically receive a notification. We will initiate the deletion of your store's personal data within 48 hours of uninstallation, barring any overriding legal obligations.

8. Data Security

We have implemented appropriate technical and organizational measures to secure your personal data. However, no electronic transmission over the internet or data storage technology can be guaranteed to be 100% secure. While we strive to protect your information, we cannot promise that hackers, cybercriminals, or unauthorized third parties will never be able to defeat our security. Transmission of personal data is at your own risk, and you should only access our Services within a secure network environment.

9. Children's Privacy

We do not knowingly collect data from or market to children under 18 years of age (or the equivalent age of majority in your jurisdiction). By using our Services, you represent that you are at least 18 or that you are the parent/guardian of a minor dependent using the Services. If we learn that personal data from a minor has been collected, we will deactivate the account and promptly delete the data. If you become aware of any such data collection, please contact us at privacy@elade.io.

10. Your Privacy Rights

Depending on your location (such as the EEA, UK, Switzerland, or Canada), applicable data protection laws grant you the following rights:

  • To request access to and obtain a copy of your personal data.
  • To request rectification of inaccuracies or erasure of your data.
  • To restrict the processing of your data.
  • To data portability.
  • To object to processing, including not being subject to automated decision-making. (If a decision producing significant legal effects is made solely by automated means, we will explain the main factors and offer a way to request human review).

If you are located in the EEA or UK, you have the right to complain to your Member State or UK data protection authority. Users in Switzerland may contact the Federal Data Protection and Information Commissioner.

Withdrawing Consent & Account Termination: You may withdraw your consent to data processing at any time, though this does not affect the lawfulness of processing conducted prior to withdrawal. You can also unsubscribe from marketing communications at any time. If you wish to review, change, or terminate your account, you may contact us directly. Upon termination, we will deactivate or delete your account, though some data may be retained to prevent fraud or comply with legal obligations.

11. Do-Not-Track Features

Many web browsers and mobile systems include a Do-Not-Track ("DNT") feature. Currently, there is no finalized uniform technology standard for recognizing DNT signals. Therefore, we do not respond to DNT browser signals at this time. Should a standard be adopted in the future, we will update this Privacy Policy accordingly. (Note: California law requires us to inform you of this practice).

12. Specific Rights for United States Residents

If you reside in California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have specific privacy rights under state law. These rights may be limited in some circumstances.

Categories of Personal Information Collected (Past 12 Months)

Category Examples of Data Collected?
A. Identifiers Real name, postal address, phone number, unique personal identifier, IP address, email address, account name. YES
B. Customer Records Name, contact info, financial information. YES
C. Protected Classifications Gender, age, race, national origin. NO
D. Commercial Information Purchase history, transaction details. NO
E. Biometric Info Fingerprints, voiceprints. NO
F. Internet/Network Activity Browsing/search history, interactions with websites and ads. YES
G. Geolocation Data Device location. YES
H-L. Other Categories Audio/visual data, employment info, student records, inferences, sensitive personal info. NO

Retention: Data in Categories A, B, F, and G is retained as long as the user maintains an active account with us.

We use this data for our own internal business purposes, such as technological development. We have not sold or shared personal information to third parties for a commercial purpose in the preceding 12 months.

Your Specific US Rights

Depending on your state, you may have the right to:

  • Know whether we process your data, access it, correct inaccuracies, or request deletion.
  • Obtain a copy of the personal data you previously shared with us.
  • Opt out of targeted advertising, the sale of personal data, or profiling that produces significant legal effects.
  • Access the categories of personal data being processed (e.g., in Minnesota).
  • Obtain a list of categories of third parties (California, Delaware, Maryland) or specific third parties (Minnesota, Oregon, Connecticut) to whom we have disclosed or sold data.
  • Review and question how data has been profiled (Connecticut, Minnesota).
  • Limit the use and disclosure of sensitive data (California) or opt out of its collection, including voice/facial recognition data (Florida).
  • Not face discrimination for exercising your privacy rights.

How to Exercise Your US Rights

You can make a request by visiting https://elade.io/contact or by emailing us at privacy@elade.io. Upon receiving your request, we will verify your identity using the information we currently maintain about you. If necessary for security, we may request additional information. You may designate an authorized agent to make a request on your behalf, provided you supply written, signed permission.

Appeals: If we decline your request, you may appeal our decision by emailing privacy@elade.io. We will explain our reasoning in writing. If denied, you may submit a complaint to your state attorney general.

California "Shine The Light" Law: California residents may request, once a year and free of charge, a list of third parties to whom we disclosed personal information for direct marketing purposes during the preceding calendar year.

13. Specific Rights for Other Regions

Australia and New Zealand: We comply with Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. Refusing to provide necessary data may affect our ability to provide services or verify your identity. You have the right to request access to or correction of your data. Complaints regarding breaches of privacy principles can be submitted to the Office of the Australian Information Commissioner or the New Zealand Privacy Commissioner.

Republic of South Africa: You have the right to request access to or correction of your information. If you are unsatisfied with how we handle a complaint regarding POPIA or PAIA, you may contact the Information Regulator at enquiries@inforegulator.org.za or submit specific complaints to PAIAComplaints@inforegulator.org.za and POPIAComplaints@inforegulator.org.za.

14. Updates to This Policy

We will update this Privacy Policy as necessary to stay compliant with relevant laws. When material changes occur, we will revise the "Effective Date" at the top of this document and may notify you directly or by prominently posting a notice. We encourage you to review this page frequently.

15. Contact Us & Managing Your Data

Based on the applicable laws in your jurisdiction, you have the right to review, update, correct, or delete the personal data we collect from you. To exercise these rights or manage your data, please visit our contact page at https://elade.io/contact or send us an email at privacy@elade.io.

If you have any questions, comments, or concerns about this policy, please reach out to us at privacy@elade.io or by mail at:

Elade
ul. 11 Listopada 6/8A
Lidzbark Warminski, Warminsko-mazurskie 11-100
Poland