Insper Logo
Insper Privacy Policy

1. Introduction

Insper (hereinafter referred to as "the Company" or "we") is a SaaS plugin designed specifically for Shopify merchants to provide store decoration diagnosis services, owned by DESIGN RIVER LIMITED. We respect and protect the privacy of all merchants (hereinafter referred to as "you") who use Insper plugin services (hereinafter referred to as "the Services") and are committed to safeguarding the security and legitimate rights of your information.

This Privacy Policy (hereinafter referred to as "the Policy") details how we collect, use, disclose, store, and protect information provided or generated by you when using the Services, including but not limited to merchant information, product information, and product category information. This Policy applies to all scenarios where you use the Services through the Insper plugin, the official website (www.insper.cc), and other related channels.

Please read and understand this Policy carefully before using the Services. By using the Services, you fully understand and agree to all provisions of this Policy, including our information processing methods and the rights you are entitled to. If you do not agree to this Policy, please do not use the Services.

2. How We Collect, Use, and Share Your Information

To provide you with accurate and efficient Shopify store decoration diagnosis services, we will collect necessary information in accordance with the law and use and share it only within the scope specified in this Policy.

2.1 Types of Information We Collect

(1) Merchant Information

  • Registration and Account Information: When you register an Insper account or install the Plugin via Shopify, we will collect your basic merchant information, including but not limited to your Shopify store domain, store name, contact person name, email address, and phone number (if proactively provided by you). This information is a prerequisite for using the Services and is used to verify account identity, bind your Shopify store, and provide customer support.
  • Operation-Related Information: If you use advanced features of the Services (e.g., multi-store management, Black Friday exclusive diagnosis), we may collect information such as your store operation scale (e.g., order volume range), main product categories, and target market regions to enhance the relevance of diagnosis solutions.

(2) Product Information and Product Category Information

  • Necessary Diagnosis Information: To conduct Shopify store decoration diagnosis (e.g., analyzing the rationality of product displays and the visual adaptability of category pages), we will obtain product information and product category information from your store via Shopify APIs, including but not limited to product names, main product images/detail images, product price ranges, product category structures (e.g., names and hierarchical relationships of primary and secondary categories), and category page layout settings. This information is only used to analyze decoration effectiveness (e.g., the matching degree between product images and store theme colors, and the usability of category navigation) and will not be used for other unrelated purposes.
  • Proactively Provided Information: If you proactively supplement special product-related requirements when submitting a diagnosis request (e.g., "Prioritize the display of Black Friday promotional products" or "Highlight labels on new product category pages"), we will collect and store such information to generate customized diagnosis reports.

(3) Usage History Information

  • When you use the Services, we will automatically record your plugin operation behaviors, including but not limited to the time of initiating a diagnosis request, records of viewing/downloading diagnosis reports, click records of decoration optimization suggestions, and the frequency of using plugin features (e.g., the number of times the "Product Category Page Diagnosis" feature is used). This information is used to optimize plugin performance and improve user experience (e.g., prioritizing the display of features you frequently use).

(4) User Content Information

  • We will retain communication content you send through the Services, including but not limited to customer service inquiries (e.g., "How to adjust product category pages based on diagnosis reports"), feedback, and descriptions of diagnosis needs. This information is used to respond to your requests, resolve issues, and improve the Services.

(5) Information Obtained from the Shopify Platform

  • When you install the Insper Plugin via Shopify, we will obtain basic associated information about your store (e.g., store launch time, current Shopify theme type) in accordance with Shopify platform rules and service necessity. The collection of this information has been authorized by you during the Shopify installation process; for details, please refer to Shopify’s official privacy policy.

(6) Information Obtained from Third Parties

  • If you register for or use the Services through a third-party platform (e.g., Shopify App Store, cross-border e-commerce service platforms cooperating with the Company), we may obtain your account-associated information (e.g., third-party platform user ID, authorization identifier) from the third party. This information is only used for account binding and identity verification, and we will require the third party to provide only necessary information.

2.2 Purposes of Information Use

We use the collected information only for the following legitimate purposes and in compliance with the "minimum necessity" principle":

  • Providing Core Diagnosis Services: Generate Shopify store decoration diagnosis reports (e.g., identifying issues such as confusing navigation on product category pages and inconsistent product image sizes) and provide optimization suggestions (e.g., adjusting category hierarchies, standardizing product image proportions) based on merchant information, product information, and product category information.
  • Optimizing the Services: Analyze user behavior patterns through usage history information to improve plugin features (e.g., adding a product promotion label analysis module for the frequently used "Black Friday Decoration Diagnosis" feature) and enhance service stability and usability.
  • Customer Service and Technical Support: Communicate with you using merchant information (e.g., email address, store domain) to respond to your inquiries, resolve plugin usage issues (e.g., failure to load diagnosis reports), and notify you of service-related matters (e.g., plugin version updates, scheduled maintenance).
  • Compliance and Risk Prevention: Provide relevant information to cooperate with law enforcement investigations, resolve disputes, or prevent fraud and abuse of the Services (e.g., identifying abnormal repeated diagnosis requests across multiple stores) in accordance with legal requirements or legitimate claims.
  • Marketing and Service Notifications: With your consent, send you marketing information related to the Services (e.g., "Black Friday exclusive decoration diagnosis package discounts"). You can unsubscribe from such notifications through plugin settings or the "unsubscribe" function in emails.

2.3 Information Sharing and Disclosure

We strictly control the scope of information sharing and will disclose your information only in the following circumstances, ensuring that the recipient complies with privacy protection obligations:

  • Third-Party Service Providers: We will share necessary information with third-party partners that provide us with technical support, payment processing, data analysis, and other services (e.g., using Google Analytics to analyze plugin usage data for feature optimization, or using third-party payment institutions to process membership subscription fees). We will sign agreements with these third parties, prohibiting them from using the information for their own marketing or other unrelated purposes and allowing them only to assist us in providing the Services.
  • Legal and Compliance Requirements: We may disclose necessary information (e.g., providing store information suspected of abusing the Services to law enforcement agencies) when required by laws, regulations, administrative orders, or judicial judgments, or to protect the legitimate rights and interests of the Company, you, and other users.
  • Corporate Business Changes: In the event of corporate mergers, acquisitions, asset transfers, or other business changes, your information may be transferred to a new entity as part of business assets. However, the new entity must continue to comply with the privacy protection obligations specified in this Policy; otherwise, we will require it to obtain your re-authorization.
  • Your Explicit Authorization: With your explicit authorization (e.g., requesting us to sync the diagnosis report to the email of your designated Shopify operation agency), we will share information in accordance with your instructions.

Please Note: We will not sell, rent, or lend any of your information (including merchant information, product information, and product category information) to unrelated third parties, nor will we use such information for purposes not specified in this Policy.

2.4 Use of Cookies and Other Tracking Technologies

We use Cookies, web beacons, pixel tags, and other tracking technologies in the Services (including the plugin interface and the official website www.insper.cc) for the following specific purposes:

  • Remember your account login status to avoid repeated logins;
  • Record your plugin feature preferences (e.g., default display of the "Product Category Page Diagnosis" module);
  • Analyze user operation behaviors to optimize service experience (e.g., calculating the average viewing time of diagnosis reports).

You can disable Cookies through browser settings (the specific path varies by browser, e.g., "Settings > Privacy and Security > Site Settings > Cookies" in Chrome). However, disabling certain Cookies may prevent some features of the Services (e.g., automatic saving of diagnosis progress) from functioning properly.

2.5 Application Integration and Information Storage

To enable data interaction with the Shopify platform and other third-party SaaS tools (e.g., product management plugins used by your store), we may store necessary "application credentials" (e.g., access tokens authorized by your Shopify store) and use encrypted storage to ensure credential security.

When we access third-party applications on your behalf (e.g., obtaining product category information from Shopify), the third-party applications will provide us with relevant data, which we will process in accordance with this Policy. Meanwhile, we are not responsible for the privacy policies or data processing practices of third-party applications; we recommend that you review the privacy policies of third-party applications to understand their information processing rules.

3. Your Rights (Pursuant to Applicable Laws)

You are entitled to the following rights regarding your information, and we will provide necessary assistance for you to exercise these rights:

  • Right of Access and Correction: You can view your merchant information and usage history through the "Account Settings" in the Insper plugin or the account center on the official website (www.insper.cc). If you find any inaccurate information (e.g., incorrect contact phone number), you can submit a correction request, and we will process it within 7 business days after verifying your identity.
  • Right of Restriction and Deletion: You can request us to restrict the processing of certain information (e.g., suspending the use of your product information for diagnosis) or delete your account and associated information. However, please note that after account deletion, you will no longer be able to use the Services, and necessary parts of the generated diagnosis reports may be retained in compliance with regulatory requirements. Please submit your request through the contact information in Section 12 of this Policy, and we will provide feedback on the processing result within 15 business days.
  • Right to Withdraw Consent: You can withdraw your consent to information processing at any time (e.g., withdrawing authorization for marketing information pushes). Specific operations can be completed through the "Notification Management" in plugin settings, the "Notification Settings" on the official website (www.insper.cc), or the unsubscribe link in emails. Withdrawal of consent will not affect the legality of information processing conducted based on your prior consent.
  • Right to Data Portability: If technically feasible, you can request us to provide your merchant information, diagnosis reports, and other data in exportable formats (e.g., CSV, PDF) or directly transmit them to another compliant platform designated by you. We will assist with this after verifying your identity.
  • Right to Object and Complain: If you have objections to our information processing practices, you can provide feedback through the contact information in Section 12 of this Policy. You also have the right to file a complaint with the data protection authority in your jurisdiction (e.g., the Data Protection Authority in the EU, or the cyberspace administration in China).
  • Right to Unsubscribe: If you do not wish to receive our marketing emails or notifications, you can click the "unsubscribe" link in the email or disable the relevant toggle through the "Notification Management" in plugin settings or the "Notification Settings" on the official website (www.insper.cc). After unsubscribing, we will no longer send similar marketing information.

Please Note: To ensure information security, before you exercise the above rights, we may require you to provide identity verification information (e.g., store domain, registration email verification code) to confirm that the request is initiated by you.

4. Data Retention

We retain your information in accordance with the principles of "legitimacy, necessity, and minimum retention period."

  • During Account Activity: When your Insper account is active (i.e., not canceled), we will retain your merchant information, product information, usage history, and other data to ensure you can use the Services normally.
  • After Account Cancellation: If you cancel your account, we will delete or anonymize most of your information (e.g., merchant contact phone number, product detail images) within 30 business days after cancellation. However, to comply with legal obligations (e.g., tax record retention requirements) and resolve unresolved disputes, we may retain necessary information (e.g., store domain, transaction records) until the relevant obligations are fulfilled or the dispute is resolved.
  • Retention of Specific Information: We will retain your customer service inquiry records, feedback, and other user content for 2 years (counting from the date of the last interaction). After that, the information will be anonymized and used only for service improvement analysis, no longer associated with your identity information.

5. Information Security

We adopt commercially reasonable technical, physical, and administrative measures to protect the security of your information and prevent unauthorized access, use, disclosure, or tampering:

  • Technical Security: Sensitive information collected (e.g., application credentials, payment information) is stored using encryption (e.g., AES-256 encryption algorithm). Communication between the plugin, the official website (www.insper.cc), and servers is encrypted using the HTTPS protocol to prevent interception during data transmission.
  • Physical Security: Our servers and data storage facilities are hosted by professional third-party service providers that have industry-standard physical security protection measures (e.g., access control systems, monitoring equipment, disaster recovery plans).
  • Administrative Security: We strictly restrict internal personnel's access to information, authorizing only necessary personnel to access it. We provide regular privacy protection training to employees to clarify information processing standards and establish emergency response plans for information security incidents. In the event of a data breach or other security incident, we will promptly notify you and regulatory authorities in accordance with legal requirements and publish a relevant announcement on the official website (www.insper.cc).

Please Note: The Internet and electronic transmission technologies inherently carry risks. Even if we adopt the above security measures, we cannot guarantee absolute security of information. Please properly keep your Shopify account password and Insper login credentials and avoid disclosing them to others to jointly ensure information security.

6. Rights Under the California Consumer Privacy Act (CCPA) (Applicable to California Residents)

If you are a resident of the State of California, USA, pursuant to the California Consumer Privacy Act (CCPA), you are entitled to the following additional rights in addition to those specified in Section 3 of this Policy:

  • Right to Know: You have the right to request us to disclose the categories, sources, and purposes of personal information collected about you in the past 12 months, as well as the third parties with whom such information has been shared.
  • Right to Delete: You have the right to request us to delete personal information collected about you in the course of business, except in cases exempted by law (e.g., information that must be retained to fulfill contractual obligations).
  • Right Against Discrimination: When you exercise the above privacy rights, we will not discriminate against you by reducing service quality, increasing service prices, or refusing to provide services.

To exercise the above rights, please submit your request through the contact information in Section 12 of this Policy. We will respond within 45 calendar days. If an extension is reasonably necessary, we may extend the response period by an additional 45 calendar days (for a total of no more than 90 calendar days) and will notify you of the reason for the extension via email or the official website (www.insper.cc) within the first 45-day period.

7. Children's Policy

The Services are designed specifically for Shopify merchants (i.e., corporate users or adult individual operators) and are not intended for children under the age of 13. We will not knowingly collect, use, or disclose personal information of children under the age of 13.

If it is discovered that a child under the age of 13 has used the Services and submitted information without the consent of their guardian, the guardian may notify us through the contact information in Section 12 of this Policy. We will delete the child’s relevant information and cancel the associated account within 10 business days after verification, and record the anonymized processing result on the official website (www.insper.cc).

8. Data Hosting and Cross-Border Data Transfer

Our servers are located in the United States. We may also store and process your information (including merchant information and product information) in other countries or regions through third-party service providers.

By using the Services, you agree to the transfer of your information to countries or regions outside your jurisdiction (where privacy laws may differ from those in your jurisdiction). We will ensure that such cross-border data transfers comply with applicable legal requirements. For example, when transferring data to regions outside the EU, we will use "EU Standard Contractual Clauses" or rely on other legal data transfer mechanisms to ensure the security and compliance of your information during transmission.

9. Links to Other Websites

The Services (e.g., plugin interface, diagnosis reports, official website www.insper.cc) may contain links to third-party websites (e.g., Shopify’s official help center, cross-border e-commerce information platforms cooperating with the Company). The privacy policies of these third-party websites are formulated independently by the third parties and are unrelated to this Policy.

We are not responsible for the privacy practices, content, or service quality of third-party websites. We recommend that you carefully read the privacy policies of third-party websites to understand their information processing rules before accessing them.

10. Affiliate Disclosure

Insper may participate in Shopify App Store’s affiliate promotion programs or other third-party affiliate collaborations. If you install the Services or purchase a membership package through our affiliate referral links (which may be displayed on the plugin interface or the official website www.insper.cc), we may receive a small commission from the relevant collaborators. However, this will not affect the quality of services we provide to you or increase your usage costs. Our recommendations and evaluations are always based on the value of the Services themselves and are not influenced by affiliate commissions.

11. Policy Updates

We may revise this Policy in accordance with changes in laws and regulations, updates to the Services’ features, or business adjustments.

After the Policy is revised, we will publish the revised version on the "About > Privacy Policy" page of the Insper plugin and the "Legal Compliance" section of the official website (www.insper.cc), and mark the "Last Updated" date at the top of the page. If the revision involves core privacy rights (e.g., expansion of information collection scope, changes to sharing rules), we will notify you via your registered email, in-plugin pop-ups, and a homepage announcement on the official website (www.insper.cc) to ensure you are aware of the changes.

By continuing to use the Services after the Policy is revised, you agree to the revised Privacy Policy. If you do not agree, please stop using the Services immediately.

12. Contact Us

If you have any questions about this Privacy Policy, need to exercise your information rights, or report issues related to information processing, please contact us through the following methods:

  • Email: support@insper.cc
  • Official Website Inquiry: Visit www.insper.cc and submit a form through the "Contact Us" section
  • Mailing Address: RM 1001, 10/F, THE CLOUD, 111 TUNG CHAU ST, TAI KOK TSUI, HONG KONG
  • In-Plugin Support: Open the Insper plugin, go to "My > Customer Service Center," and submit an inquiry or feedback directly.

We will provide an initial response within 10 business days of receiving your request and complete the processing and provide feedback within a reasonable period.

Effective Date: 2025-10-17

Last Updated: 2025-10-17