Privacy Policy

WebInnovator ApS

CVR: 44574187

Venusvej 7, 4040 Jyllinge, Denmark

Phone: (+45) 42 74 59 54

Email: support@webinnovator.dk

This Privacy Policy applies to:

• visitors to the Money Leak website
• customers using the Money Leak platform
• authorized users accessing customer accounts
• communications with us
• integrations with ecommerce platforms and related systems

This policy does not apply to third-party services or websites not operated by WebInnovator ApS.

For customer ecommerce data processed through the platform:

• the customer is generally the Data Controller
• Money Leak / WebInnovator ApS acts as a Data Processor or service provider on behalf of the customer

Customers are responsible for ensuring they have the legal right to upload, transfer, or otherwise provide data to the platform.

For certain operational data relating to our own website, support, account administration, security, and service delivery, WebInnovator ApS may act as an independent Data Controller.

Depending on how the platform is used, Money Leak may process the following categories of data:

Account & Authentication Data

• user names
• email addresses
• organization/shop access mappings
• authentication/session identifiers

Passwords are handled through third-party authentication providers and are not stored directly by Money Leak.

Ecommerce & Operational Data

• order information
• order line items
• product information
• SKU identifiers
• pricing and discount information
• shipping and billing country information
• customer account identifiers
• customer email addresses
• customer company information
• customer role/group information
• operational metadata relevant to ecommerce analysis

Technical & Usage Data

• IP addresses
• device/browser metadata
• access logs
• platform diagnostics
• API and request metadata
• performance and reliability telemetry

Communication Data

• support requests
• emails
• operational notifications
• onboarding communications

We process data for the following purposes:

• providing and operating the Money Leak platform
• importing and synchronizing ecommerce data
• generating operational insights and anomaly detection
• maintaining account access and authentication
• providing customer support
• improving platform stability, security, and performance
• detecting abuse, fraud, or unauthorized access
• generating reports and operational summaries
• enabling AI-assisted explanatory functionality
• complying with legal obligations

Depending on the context, processing may be based on:

• performance of a contract
• legitimate interests
• legal obligations
• consent, where required

Where Money Leak acts as a processor, the customer is responsible for establishing the lawful basis for processing customer data.

Authentication and session management are handled through Clerk authentication services.

Money Leak implements role-based access controls designed to restrict users to authorized organizations and shops only.

Customers cannot access data belonging to other customers or organizations.

Administrative access by authorized WebInnovator ApS personnel may occur when necessary for:

• support
• maintenance
• troubleshooting
• operational security
• legal compliance

Money Leak may provide AI-assisted summaries and explanatory functionality using third-party AI providers, including OpenAI API services.

Important limitations apply:

• AI functionality is assistive only
• AI does not autonomously execute actions or make operational decisions
• AI functionality operates in read-only mode
• AI responses may contain inaccuracies or incomplete information
• customers remain responsible for reviewing and validating all operational decisions

Money Leak does not use customer data submitted through OpenAI API integrations to train proprietary AI models.

AI functionality is designed to operate on scoped contextual information relevant to the user request.

Money Leak uses trusted third-party providers to operate the service, including providers for:

• cloud hosting
• databases
• authentication
• email delivery
• infrastructure monitoring
• AI functionality

These providers may include:

• Render
• Vercel
• Clerk
• OpenAI
• Simply.com
• other operational infrastructure providers as necessary

Core backend and database infrastructure are currently hosted within the EU. Some subprocessors, including AI providers, may involve international data transfers outside the EU/EEA.

Certain data processing activities may involve transfers outside the European Economic Area (EEA), including through trusted subprocessors and infrastructure providers.

Where applicable, we rely on appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)
• contractual protections
• security and access limitations

We retain data only for as long as reasonably necessary for:

• providing the service
• fulfilling contractual obligations
• maintaining operational integrity
• complying with legal requirements
• resolving disputes
• enforcing agreements

General retention principles include:

• active customer data is retained while accounts remain active
• operational logs are retained for limited periods
• backup retention is limited and infrastructure-dependent
• AI interaction data is not intentionally maintained as a separate persistent chat history

Customers may request deletion of customer data, subject to contractual, legal, security, or operational obligations.

Money Leak implements reasonable technical and organizational measures intended to protect data, including:

• authenticated access controls
• role-based permissions
• encrypted transport (HTTPS/TLS)
• infrastructure access restrictions
• shop isolation controls
• controlled administrative access
• operational monitoring
• backup and recovery mechanisms

No system can guarantee absolute security, and customers acknowledge that use of online services inherently involves some degree of risk.

Customers are responsible for:

• ensuring they have legal rights to the data submitted to the platform
• maintaining appropriate internal privacy notices
• managing lawful processing obligations toward their own customers/users
• configuring integrations securely
• safeguarding their own credentials and access rights
• reviewing outputs and operational decisions generated through the platform

Customers must not:

• attempt unauthorized access
• reverse engineer the platform
• scrape or extract platform functionality
• interfere with platform security
• misuse AI-assisted features

Subject to applicable law, individuals may have rights including:

• access
• rectification
• deletion
• restriction
• objection
• portability
• withdrawal of consent where applicable

Requests may be directed to: support@webinnovator.dk

Where Money Leak acts as a processor, requests may be referred to the relevant customer acting as controller.

Money Leak may use:

• essential cookies
• authentication/session cookies
• performance and reliability analytics
• operational telemetry

The platform may use Vercel Analytics and Speed Insights to improve:

• stability
• performance
• reliability
• operational diagnostics

Money Leak does not currently use aggressive advertising tracking or behavioral profiling technologies.

Additional information is available in the Cookie Policy.

We may update this Privacy Policy from time to time.

Material changes may be communicated through:

• the platform
• email
• website notices
• updated documentation

Continued use of the service after updates constitutes acceptance of the revised policy.

Questions regarding this Privacy Policy may be directed to:

WebInnovator ApS

support@webinnovator.dk

(+45) 42 74 59 54