Privacy Policy

Last updated: July 9, 2026 · Version 1.0

This policy applies to LiveProfit, operated by Luxi Horizon SNC — Rue Paul-Bouvier 9, 2000 Neuchâtel, Switzerland — UID CHE-339.578.990. Contact: support@liveprofit.io.

1. Who we are

LiveProfit is a Shopify app that shows dropshipping merchants their real net profit by pulling order, product, and ad-spend data from the platforms they connect. The service is operated by Luxi Horizon SNC, a Swiss company registered at Rue Paul-Bouvier 9, 2000 Neuchâtel, Switzerland (UID CHE-339.578.990). We are the data controller for merchant data and the data processor for the shop's business data on behalf of the merchant. Contact: support@liveprofit.io.

2. Data we process

We only process what is strictly necessary to compute and display your net profit and to support you. Concretely:

Data from your Shopify store

We do not collect buyer PII (buyer names, addresses, phone numbers). LiveProfit is a merchant-side analytics tool.

Data from advertising platforms you connect

When you connect Meta Ads, TikTok Ads, or Google Ads, we receive — read-only — daily ad spend and campaign metadata (campaign IDs, names, spend, currency). We do not read your creatives, audiences, or account settings. The Meta scopes we request are ads_read and read_insights; the Google Ads scope is https://www.googleapis.com/auth/adwords; TikTok scopes are the equivalent read-only reporting scopes.

Data you provide

Technical data

OAuth tokens

Access tokens and refresh tokens for Shopify, Meta, TikTok, and Google are encrypted with AES-256-GCM at rest in our database using an encryption key held only on our infrastructure.

3. Why we process it (purposes)

Your data is only ever visible to you. LiveProfit staff can access it only when strictly necessary to provide support you have requested, or to investigate a security incident.

4. Legal basis (GDPR Art. 6 / nLPD Art. 31)

5. Sub-processors we share data with

We use the following sub-processors to run the service. Each is bound by a data-processing agreement and receives only the data required for its function.

Sub-processor Purpose Data received Location
Railway Application hosting + PostgreSQL database All service data United States
OpenAI In-app AI chat responses The chat messages you send, only when you use the AI chat United States
Resend Transactional emails (install confirmation, digests, security) Recipient email, email subject and content United States
Sentry Application error monitoring Stack traces, request path, IP address; PII stripped where possible United States
Shopify Platform (auth, webhooks) + billing rail Install context, subscription events United States / Canada
Meta Platforms (Facebook Marketing API) Read ad spend for accounts you connect OAuth token; API is read-only United States / Ireland
TikTok (Marketing API) Read ad spend for accounts you connect OAuth token; API is read-only United States / Singapore
Google (Google Ads API) Read ad spend for accounts you connect OAuth token; API is read-only United States
Crisp Live-chat widget (support) Chat messages you send from the widget, contact email France (EU)

This list is authoritative and matches the services referenced in our production environment. We notify merchants by email when this list changes materially.

6. What we don't do

7. Retention & deletion

Your data is retained for as long as you have the app installed. On uninstall, a hard purge job runs after a 48-hour grace period and deletes all data associated with your shop, including OAuth tokens, cached spend rows, and product cost overrides. This 48-hour delay exists to protect you from accidental uninstalls — if you reinstall within 48 hours, your data is restored. After 48 hours it is unrecoverable.

Backups are encrypted, retained on a rolling 30-day window, and expire automatically. A shop uninstalled today is gone from live systems within 48 hours and gone from backups within 30 days.

Server logs are retained for 30 days for security and debugging, then rotated.

Support-related emails and chat messages are retained while your account is active and for up to 24 months after uninstall for support-history purposes, unless you request earlier deletion.

8. Your rights

Under GDPR (EU) and nLPD (Switzerland) you have the right to:

To exercise any of these rights, email support@liveprofit.io. We respond within 30 days.

9. International data transfers

Several of our sub-processors are located in the United States (Railway, OpenAI, Resend, Sentry, Meta, Google). Data transfers from the EU/EEA and Switzerland to the US are covered by the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, our sub-processors' certifications under the EU-US Data Privacy Framework and the Swiss-US Data Privacy Framework. We do not transfer data to countries without a lawful transfer mechanism.

10. Security

We do not currently hold SOC 2 or ISO 27001 certifications; we will disclose any change to this transparently.

11. Children

LiveProfit is a business tool for merchants. It is not directed at children, and we do not knowingly process personal data of anyone under the age of 16.

12. Changes to this policy

We update this policy when the service changes materially — a new sub-processor, a new data category, or a change to retention. You will be notified by email at least 15 days before a material change takes effect. Non-material clarifications may be made without notice; the "Last updated" date at the top will always reflect the most recent version.

13. Contact

Luxi Horizon SNC
Rue Paul-Bouvier 9, 2000 Neuchâtel, Switzerland
UID CHE-339.578.990
Email: support@liveprofit.io

This policy is provided in English. In case of translation, the English version prevails. Governed by Swiss law.