Privacy Policy

Last updated: May 10, 2026

1. Who we are

BreakevenHQ(the “Service”) is operated by Hustle Marketers (“we”, “us”). The Service helps DTC brands calculate their break-even ROAS by combining store data (orders, products) with ad-platform data (campaigns, spend).

2. Data we collect

When a merchant connects their store and ad accounts to BreakevenHQ, we receive and store:

• Store data: orders, line items, refunds, products, variants, customer first/last name and email, order timestamps and totals. We use this to compute revenue, COGS, and break-even.
• Ad-platform data: campaigns, ad groups, keywords, and daily spend / impressions / clicks / conversions. We use this for campaign-level break-even and ROAS attribution.
• OAuth tokens: encrypted at rest with AES-256-GCM and accessible only to our backend service role.
• User data: email of the person who connected the store; their name and avatar if provided by the auth provider.

We do not store payment card numbers, government IDs, or any data not strictly needed for break-even computation.

3. How we use it

Data is used solely to (a) compute and display break-even and profitability metrics inside the Service, (b) send the alerts and reports the merchant subscribes to, and (c) operate the Service (debugging, support, security). We do not sell, rent, or share data with third parties for advertising.

4. Sub-processors

The Service runs on the following sub-processors:

• Vercel — application hosting
• Supabase — database, authentication, storage
• Resend — transactional email delivery
• Slack (only when a workspace connects Slack) — alerts

5. Retention

We keep merchant data for as long as the integration is active. When a store is disconnected or the app is uninstalled, we delete the store and all associated orders, line items, refunds, customers, products, and OAuth tokens. Shopify merchants additionally have the GDPR shop redaction webhook fired 48 hours after uninstall, which triggers a full purge; see Section 7.

6. Customer (end-shopper) data

We receive customer first/last name, email, and aggregate order counts/spend per store. We use this only for cohort analysis and attribution — never to contact the customer directly. Customers can request deletion of their personal data via their store's normal channels; we will redact within 10 days of receiving a redaction request.

7. Shopify GDPR compliance

For Shopify merchants, we honor Shopify's mandatory privacy webhooks:

• customers/data_request: we collect what data we hold for a specified customer and respond within 30 days.
• customers/redact: we anonymize the customer's email, first/last name, and any direct PII for the specified customer ID.
• shop/redact: we delete the entire store record and all associated orders, products, and OAuth tokens.

8. Security

Access tokens for connected platforms are encrypted with AES-256-GCM using a key never exposed outside our backend. Database access is scoped via Postgres Row-Level Security: every row is restricted to the workspace it belongs to. Service-role keys are used only by scheduled ETL and webhook workers.

9. Your rights

You may export, correct, or delete your data at any time by emailing us at privacy@breakevenhq.com or by uninstalling the app from your store admin. We respond within 10 business days.

10. Changes

We will update this policy as the Service evolves. Material changes will be notified by email at least 14 days in advance.

Contact

Hustle Marketers
privacy@breakevenhq.com