StabilitiBack to Green Margin

Privacy Policy

Last updated: 24 March 2025

1. Introduction

This Privacy Policy explains how Stabiliti Ltd (“Stabiliti”, “we”, “us”, “our”), a company registered in England & Wales, collects, uses, shares, and protects information in connection with the Green Margin Shopify application (“the App”, “the Service”).

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

Stabiliti Ltd is the data controller for information processed through the Green Margin App. For any data protection enquiries, please contact us at hello@stabiliti.io.

3. What Data We Collect

When you install and use Green Margin, we may collect and process the following categories of data:

3.1 Shopify Store Data

  • Store name, URL, and contact information
  • Store owner name and email address
  • Product catalogue data (titles, prices, variants) necessary to calculate and apply contributions
  • Store settings and configuration relevant to the App’s operation

3.2 Transaction Data

  • Order identifiers and timestamps
  • Order amounts and applicable contribution calculations
  • Product identifiers associated with contributions
  • Aggregated sales data for contribution reporting

3.3 Merchant Account Data

  • Name, email address, and contact details provided during setup
  • Contribution preferences and project selections
  • Billing and invoicing information

3.4 Technical Data

  • Browser type, IP address, and device information when accessing the Green Margin dashboard
  • Usage logs and analytics related to App interactions

Important: Green Margin does not collect or store end-customer payment card details, passwords, or sensitive financial data. All payment processing is handled by Shopify and your chosen payment gateway.

4. How We Use Your Data

We process your data for the following purposes:

  • Service delivery: To calculate, apply, and track micro-contributions on your transactions
  • Project allocation: To route collected contributions to verified nature restoration projects based on your preferences
  • Reporting & impact tracking: To provide you with dashboards, reports, and insights on your contribution activity and environmental impact
  • Billing: To invoice you for collected contributions and manage your account
  • Communication: To send service-related notifications, updates, and support correspondence
  • Improvement: To analyse usage patterns and improve the App’s functionality and performance
  • Legal compliance: To comply with applicable legal obligations, resolve disputes, and enforce our Terms of Service

5. Legal Basis for Processing

We process your data under the following legal bases (UK GDPR Article 6):

  • Contract performance: Processing necessary to provide the Green Margin service you have signed up for
  • Legitimate interests: Improving and securing our Service, analysing usage patterns, and preventing fraud
  • Legal obligation: Complying with accounting, tax, and regulatory requirements
  • Consent: Where specifically requested, such as for optional marketing communications

6. Data Sharing & Third Parties

We may share your data with the following categories of third parties:

  • Shopify: As the platform on which the App operates, Shopify processes store and transaction data in accordance with their own privacy policy
  • Payment processors: Your chosen payment gateway handles all customer payment processing; we do not share data with them directly
  • Nature restoration project partners: We share aggregated contribution data (not personal merchant data) with verified project partners to facilitate fund allocation and impact reporting
  • Infrastructure providers: Cloud hosting, analytics, and security services that help us operate the App, all bound by data processing agreements
  • Professional advisers: Accountants, lawyers, and auditors where necessary for business operations
  • Legal authorities: Where required by law, regulation, or legal process

We do not sell your personal data to third parties. We do not share your data with third parties for their own marketing purposes.

7. International Data Transfers

Your data may be processed in countries outside the United Kingdom, including where our infrastructure providers and Shopify operate. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions, in compliance with UK GDPR.

8. Data Retention

We retain your data for as long as necessary to provide the Service and fulfil the purposes described in this policy. Specifically:

  • Account data: Retained for the duration of your use of the App, plus up to 12 months after uninstallation for administrative and support purposes
  • Transaction and contribution data: Retained for up to 7 years to comply with accounting and tax obligations
  • Technical logs: Retained for up to 12 months for security and performance analysis

Upon request, we will delete or anonymise your personal data in accordance with your rights under applicable law, subject to any legal retention obligations.

9. Your Rights (UK GDPR)

Under UK data protection law, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to restrict processing: Request that we limit our use of your data in certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making: We do not make solely automated decisions with legal or significant effects about you

To exercise any of these rights, please contact us at hello@stabiliti.io. We will respond within one month, as required by law.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk if you believe your data protection rights have been infringed.

10. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and secure development practices.

While we strive to protect your data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

11. Cookies & Tracking

The Green Margin dashboard may use essential cookies required for the App to function correctly (e.g., session authentication). We do not use third-party advertising or tracking cookies within the App.

12. Children’s Privacy

Green Margin is a business-to-business service intended for use by Shopify merchants. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. Material changes will be communicated via email or through the App dashboard. The “Last updated” date at the top of this page indicates when the policy was last revised.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: