Privacy Policy

This policy explains how EcomPulse AS collects, uses, and protects your personal data when you use the EcomHero platform.

Last updated: April 14, 2026 · Applies to: app.ecomhero.io · Governed by: GDPR / Norwegian law

1. Who We Are

EcomHero is a profit-focused analytics platform for e-commerce businesses, operated by:

EcomPulse AS Sofienberggata 3D, 0551 Oslo, Norway Organisation number: 936 175 678 Contact: henrik@ecomhero.io

EcomPulse AS is the data controller for all personal data processed through the EcomHero platform. We are subject to the General Data Protection Regulation (GDPR) as implemented in Norwegian law via the EEA Agreement.

2. Data We Collect

When you create an account and use EcomHero, we collect the following categories of personal data:

Account information

Full name
Email address
Business name and relevant business details you provide

Payment information

EcomHero uses a third-party payment processor (such as Stripe or a similar industry-standard provider) to handle subscription billing. We do not store any credit card numbers, bank account details, or other payment card data on our servers. All payment data is processed and stored directly by the payment processor under their own privacy policy and PCI-DSS compliance programme.

Usage data

Login timestamps and IP addresses
Platform usage patterns (pages visited, features used)
Technical diagnostics and error logs

3. Meta / Facebook Advertising Data

EcomHero connects to Meta’s Marketing API using the following permissions, which you explicitly grant when linking your ad account:

ads_management — allows EcomHero to create, edit, pause, resume, and update budgets for your ad campaigns on your behalf
ads_read — allows EcomHero to retrieve ad performance data, including impressions, spend, clicks, and results

What we store: Ad performance data retrieved through these permissions (campaign names, spend, results, audience data) is stored in our production database hosted on Hetzner servers located in the European Union. This data is linked to your EcomHero account and is used exclusively to provide you with the analytics and management features of the platform.

What we do with this access: EcomHero uses your granted permissions only to display your ad performance data within the platform, and to execute actions you explicitly trigger — such as pausing or enabling campaigns, adjusting budgets, or submitting ad drafts to your Meta ad account. We do not perform any actions on your ad account without your instruction.

We do not sell, share, or transfer your Meta ad data to any third party, except as described in Section 5 (Third Parties) below.

You may revoke EcomHero’s access to your Meta ad account at any time through your Meta Business Settings. Revoking access will prevent EcomHero from retrieving updated data, but will not automatically delete data already stored in our system. See Section 7 for your deletion rights.

4. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases under GDPR:

To provide the EcomHero service (legal basis: performance of a contract) — account management, displaying your analytics, executing ad management actions you request
To process payments (legal basis: performance of a contract) — billing for your subscription via our payment processor
To communicate with you (legal basis: legitimate interest) — service notifications, product updates, and support responses
To improve the platform (legal basis: legitimate interest) — aggregated, anonymised usage analytics to understand how the platform is used
To comply with legal obligations (legal basis: legal obligation) — accounting, tax records, and other statutory requirements under Norwegian law

5. Third Parties & Subprocessors

EcomHero shares data with the following categories of third-party service providers, solely to operate the platform:

Hetzner Online GmbH — infrastructure and database hosting (EU-based servers). Your account data and ad performance data is stored here.
Anthropic PBC — AI analysis features. We send aggregated, non-personally-identifiable business metrics (such as ad performance summaries and sales aggregates) to Anthropic’s API to generate insights. We do not send your name, email, or any directly identifying information to Anthropic.
Payment processor (Stripe or equivalent, to be confirmed) — subscription billing. Only the data necessary to process payment is shared.
Meta Platforms, Inc. — we communicate with Meta’s Marketing API to retrieve and act on your ad account data, as described in Section 3.

We do not sell your personal data to any third party. We do not use your data for advertising purposes.

All subprocessors are subject to data processing agreements and are required to handle your data in compliance with GDPR.

6. Data Retention

We retain your personal data and associated ad performance data for as long as your EcomHero account is active. When you cancel your subscription or request account deletion:

Your account and associated data will be permanently deleted within 30 days of your request or subscription end date
Certain records (such as billing and transaction history) may be retained for up to 5 years to comply with Norwegian accounting and tax legislation

Backups containing your data may persist for up to 30 additional days following deletion before being purged from backup storage.

As a data subject under GDPR, you have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate or incomplete data
Right to erasure — request deletion of your personal data (“right to be forgotten”)
Right to restriction — request that we restrict processing of your data in certain circumstances
Right to data portability — request your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interest

How to exercise your rights: Send your request by email to henrik@ecomhero.io with the subject line “Data Request — [your name]”. We will respond within 30 days. We may ask you to verify your identity before processing the request.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Norwegian data protection authority:

Datatilsynet Postboks 458 Sentrum, 0105 Oslo www.datatilsynet.no

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These measures include:

Encrypted data transmission (TLS/HTTPS) for all communications with the platform
Access controls limiting data access to authorised personnel only
Regular security reviews of our infrastructure and code
EU-based hosting infrastructure through Hetzner

No method of transmission over the internet or electronic storage is 100% secure. If you believe your account security has been compromised, please contact us immediately at henrik@ecomhero.io.

9. Cookies

EcomHero uses cookies and similar technologies to maintain your session (keeping you logged in) and to understand how the platform is used. We do not use third-party advertising cookies or tracking pixels.

You can control cookie settings through your browser. Note that disabling session cookies will prevent you from logging in to the platform.

10. Contact Us

For any questions, requests, or concerns regarding this privacy policy or how we handle your data, please contact us:

EcomPulse AS — Data Controller

Company: EcomPulse AS
Org. number: 936 175 678
Address: Sofienberggata 3D, 0551 Oslo, Norway
Email: henrik@ecomhero.io
Response time: Within 30 days of receipt

This policy is governed by Norwegian law and the General Data Protection Regulation (GDPR).

Take back control of your store

Try EcomHero free for 14 days.

Get Started