Welcome to Madewithinter. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how Madewithinter ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you visit our website at madewithinter.com, use our AI-powered e-commerce personalization platform, or engage with any of our related services (collectively, the "Services").
Please read this policy carefully. If you disagree with any terms in this Privacy Policy, please discontinue use of our Services. This policy applies to all information collected through our Services and any related communications, including sales, marketing, and events.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.
The data controller responsible for your personal data is:
Madewithinter LtdOur Chief Executive Officer is David Mannheim. For questions relating to data protection, please contact us at the address above or via email.
Where we act as a data processor on behalf of our business customers (merchants and e-commerce operators), those customers are the data controllers for the personal data of their end-users. In such cases, our processing activities are governed by a Data Processing Agreement ("DPA") entered into between us and our customers.
We collect several types of information in connection with the Services we provide. The categories of data we collect include:
When you register for an account, request a demo, subscribe to a plan, or otherwise interact with us, we may collect:
Our platform is specifically designed to collect, analyse, and act upon shopper behavioral data on behalf of our merchant customers. This data includes:
When you or end-users interact with our platform, we automatically collect technical information, including:
For customers using our dashboard and APIs, we collect:
If you contact us by email, phone, or through forms on our website, we may retain a record of that correspondence, including your contact details and the content of your message.
Our primary data collection mechanism for behavioral analytics is a lightweight JavaScript SDK ("inter.js") that merchant customers embed on their e-commerce storefronts. This SDK observes shopper interactions in real time and transmits event data to our processing infrastructure. Data is transmitted over encrypted HTTPS connections.
We and our partners use cookies, pixel tags, web beacons, and similar technologies to collect information about your browsing activity. Please see our Cookie Policy for detailed information about the specific cookies we use, their purposes, and how to manage your preferences.
We collect information when you complete registration forms, subscription sign-ups, contact forms, demo request forms, and similar web forms on our site.
When customers connect our platform to third-party services (such as Shopify, Magento, WooCommerce, or Google Analytics), we may receive data from those platforms pursuant to the relevant integration permissions. We may also receive business contact data from third-party lead generation services and publicly available sources.
Our servers automatically record log data when you use our Services. This server-side logging occurs as a standard part of delivering the Service and cannot be disabled without affecting functionality.
We process personal data only where we have a valid legal basis to do so under applicable data protection law, including the UK GDPR and EU GDPR. The legal bases we rely upon include:
Processing is necessary to perform our contract with you, including to operate your account, deliver the Services you have subscribed to, process payments, and provide customer support.
We process certain data based on our legitimate interests or those of third parties, provided those interests are not overridden by your data protection rights. Our legitimate interests include:
Where required by law, we obtain your explicit consent before processing your data for specific purposes, such as placing non-essential cookies, sending marketing emails to new contacts, or processing sensitive personal data. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
We may process personal data where necessary to comply with a legal obligation, such as tax recordkeeping requirements, responding to lawful requests from public authorities, or complying with applicable financial regulations.
In rare circumstances, we may process data to protect the vital interests of you or another person, such as in emergency safety situations.
We use your information to provide, operate, and maintain the Madewithinter platform, including account management, subscription billing, API access, and technical support.
Behavioral and technical data collected through our SDK is used to power real-time product recommendations, dynamic content rendering, and predictive merchandising on merchant storefronts. Our AI models process this data to identify patterns, preferences, and intent signals at the individual and cohort level.
We use aggregated and anonymized data to generate performance dashboards, conversion reports, and A/B testing results for our merchant customers. We also conduct internal analytics to measure platform performance and identify areas for improvement.
We may use de-identified behavioral data to train, validate, and improve our machine learning models. Where such training uses data derived from merchant customers' end-users, we do so only in accordance with our DPA and applicable data protection obligations.
We use your contact information to send transactional communications (account confirmations, invoices, password resets), product updates, security notices, and, where you have opted in or where we have a legitimate interest, marketing communications about our Services.
We monitor usage of our platform to detect, prevent, and respond to fraudulent activity, abuse of our terms, security vulnerabilities, and other threats to the integrity of our Services.
We use your data to comply with applicable laws, regulations, and legal processes, including responding to court orders, regulatory inquiries, and law enforcement requests.
We share data with carefully selected third-party service providers who assist us in operating our business and delivering our Services. These include cloud infrastructure providers, payment processors, customer relationship management platforms, email delivery services, and analytics tools. All sub-processors are bound by contractual data protection obligations and are permitted to use your data only to the extent necessary to perform services on our behalf.
When we act as a data processor for merchant customers, we share processed analytics, recommendation outputs, and event data with those customers through our platform dashboard and API. Such sharing is governed by the DPA and the merchant's own privacy policy with respect to their end-users.
In the event of a merger, acquisition, reorganisation, sale of assets, or similar corporate transaction, personal data held by us may be transferred as part of that transaction. We will notify affected individuals in advance of any such transfer and ensure that the acquiring entity is bound by appropriate data protection obligations.
We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to: (a) comply with a legal obligation or judicial process; (b) protect and defend the rights or property of Madewithinter; (c) prevent or investigate possible wrongdoing in connection with the Service; or (d) protect the personal safety of users of the Service or the public.
We may share aggregated, anonymised, or de-identified data with third parties for industry research, benchmarking, and business development purposes. Such data cannot reasonably be used to identify any individual.
Madewithinter is headquartered in the United Kingdom. However, some of our service providers and sub-processors are located in countries outside the UK and European Economic Area ("EEA"), including the United States. Where we transfer personal data to countries that have not been found to provide an adequate level of data protection, we implement appropriate safeguards, including:
You may request a copy of the transfer mechanisms we have in place by contacting us at legal@madewithinter.com.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Our retention periods by data category are as follows:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account and registration data | Duration of contract + 3 years | Contract performance, legal obligation |
| Billing and financial records | 7 years from transaction date | Legal obligation (UK tax law) |
| Behavioral event data (end-user) | 24 months from collection (default) | Legitimate interest; configurable per merchant DPA |
| Marketing preferences and consent records | Until withdrawal of consent + 1 year | Consent; legal obligation |
| Support and correspondence records | 3 years from last interaction | Legitimate interest |
| Security and access logs | 12 months | Legitimate interest |
| Anonymised/aggregated analytics | Indefinite (no personal data) | No personal data; not subject to GDPR |
When data is no longer required, we securely delete or anonymise it in accordance with our data disposal procedures.
Depending on your location and applicable law, you may have the following rights with respect to your personal data:
You have the right to request a copy of the personal data we hold about you, along with information about how it is processed. We will respond to access requests within one calendar month of receipt.
You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
You have the right to request deletion of your personal data where: it is no longer necessary for the purposes for which it was collected; you withdraw consent and there is no other legal basis; you object and there is no overriding legitimate interest; the data has been unlawfully processed; or deletion is required by law. This right is subject to certain exceptions, including where processing is necessary for legal claims or compliance.
Where processing is based on consent or contract performance and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to request that we transmit that data to another controller where technically feasible.
You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis. You also have an unconditional right to object to processing for direct marketing purposes.
You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of disputed data or assess an objection you have raised.
You have the right not to be subject to decisions based solely on automated processing — including profiling — that produce legal or similarly significant effects. Where we engage in automated decision-making, you have the right to request human review, to express your point of view, and to contest the decision.
California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, the right to correct inaccurate personal information, the right to limit use and disclosure of sensitive personal information, and the right to non-discrimination for exercising privacy rights. We do not sell personal information as defined under the CCPA. To exercise CCPA rights, please use the contact methods below.
To exercise any of the rights described above, please contact our data protection team using one of the following methods:
We will acknowledge your request within 5 business days and respond substantively within one calendar month. In complex cases or where we receive a high volume of requests, we may extend this period by a further two months, in which case we will notify you of the extension and the reasons for it.
We may need to verify your identity before processing your request. We will not charge a fee for reasonable requests, but reserve the right to charge an administrative fee for manifestly unfounded or excessive requests.
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO), which can be reached at ico.org.uk. If you are in the EU, you may contact your local data protection authority.
We use cookies and similar tracking technologies to enhance your experience on our platform and website. Cookies are small text files placed on your device that allow us to recognise your browser and capture certain information.
We use the following categories of cookies:
For full details of the cookies we use, including their names, purposes, durations, and instructions for managing your cookie preferences, please refer to our Cookie Policy.
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at legal@madewithinter.com. Upon receiving such notification, we will take prompt steps to verify the information and, if confirmed, delete any such data from our records.
Our merchant customers are responsible for ensuring that their use of our platform complies with applicable laws regarding children's privacy, including COPPA (in the United States) and equivalent legislation in other jurisdictions. Where a merchant's storefront is directed to children, they must notify us and obtain appropriate consents before deploying our SDK.
We take the security of your personal data seriously and implement a range of technical and organisational measures designed to protect your information against unauthorised access, accidental loss, destruction, or disclosure. Our security measures include:
Notwithstanding these measures, no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
Our website and platform may contain links to third-party websites, integrations, or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of every site you visit. This Privacy Policy does not apply to any third-party website or service.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will provide more prominent notice — such as an email notification to registered users or a banner on our website — at least 14 days before the change takes effect. We encourage you to review this policy periodically.
Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of those changes, to the extent permitted by applicable law.
If you have questions, concerns, or complaints about this Privacy Policy or our data processing practices, please contact us:
Madewithinter Ltd — Data Protection EnquiriesWe aim to resolve all privacy-related queries promptly and fairly. If you remain dissatisfied after contacting us, you have the right to escalate your complaint to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint or by calling 0303 123 1113.