Skip to content

Legal

Privacy policy

This policy explains how CommercePulse handles personal data under UK GDPR and related UK privacy law while supporting storefront operations worldwide.

Last updated: 4 May 2026.

1. Who we are

CommercePulse is operated by Interlink Digital Group Limited (we, us, our), a company registered in the United Kingdom. For the purposes of UK data-protection law, we act as controller for website and account data, and as controller or processor for platform data depending on the service context and contractual arrangements with merchants.

In most storefront operations, the merchant decides why and how buyer personal data is processed and acts as controller. In those cases, we act as processor when we process buyer personal data on the merchant's documented instructions.

Privacy contact: privacy@commercepulse.io.

2. Scope of this policy

This policy applies to personal data processed through:

  • the public website and marketing pages;
  • merchant and partner onboarding;
  • the CommercePulse platform, including integrations and support workflows;
  • communications with us, including legal and privacy requests.

3. Categories of personal data we process

Depending on how you use the Services, we process:

  • Identity and contact data - name, business name, email address, telephone number, role.
  • Account and security data - login events, authentication details, API keys metadata, audit logs.
  • Commercial and transaction data - order details, pricing interactions, fulfilment and returns metadata.
  • Technical and usage data - IP address, device/browser details, session events, diagnostic logs.
  • Support and communication data - messages, tickets, call notes, and records of requests.
  • Preference and consent data - consent states, communication preferences, and policy acknowledgements.

We do not sell personal data to data brokers. We do not use third-party advertising cookies on the public site.

4. How we collect personal data

We collect personal data:

  • directly from you when you register, contact us, or use the Services;
  • from your organisation and authorised users;
  • from integrations and service providers you connect to your account;
  • automatically from devices and systems when Services are accessed.

5. Our legal bases (UK GDPR)

We process personal data under one or more of these legal bases:

  • Contract - to provide the Services, support, billing, and account administration.
  • Legitimate interests - to secure, monitor, improve, and develop the Services, and prevent fraud or abuse.
  • Legal obligation - to comply with tax, accounting, law-enforcement, and regulatory obligations.
  • Consent - where required, for specific communications or optional processing activities.

6. Why we use personal data

We use personal data to:

  • provide and operate the Services and connected workflows;
  • authenticate users and protect accounts;
  • process orders, fulfilment, and returns workflows configured by merchants;
  • respond to support, legal, and privacy requests;
  • maintain auditability, reliability, and service integrity;
  • generate aggregate analytics and service performance reporting;
  • meet legal and regulatory obligations.

7. Cookies and similar technologies

We use essential cookies and similar technologies needed for site operation, security, and session continuity. Where non-essential technologies are introduced, we will provide appropriate notice and consent controls in line with UK PECR and applicable local rules.

8. Worldwide storefront operations and international transfers

Our business is UK-based, but storefronts may serve customers worldwide and data may be processed in multiple jurisdictions by us and our subprocessors.

When personal data is transferred outside the UK, we use legally recognised safeguards, including adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to Standard Contractual Clauses, or other lawful transfer mechanisms as required.

Where we act as processor, cross-border transfer commitments are set out in our data processing addendum and applicable subprocessor terms.

9. Sharing personal data

We may share personal data with:

  • our group entities and authorised personnel on a need-to-know basis;
  • infrastructure, hosting, communications, analytics, payment, and support providers;
  • integration partners selected or enabled by merchants;
  • professional advisers, auditors, insurers, and regulators;
  • courts, law enforcement, or competent authorities where legally required.

We require service providers to protect personal data and process it only under documented instructions where applicable.

A current subprocessor list for platform services is available on request for customers under contract.

10. Data retention

We keep personal data only as long as necessary for the purposes described in this policy, including contractual, legal, accounting, dispute, and security requirements.

Retention periods vary by data type and context. When data is no longer required, we delete or anonymise it, or securely isolate it until deletion is possible.

11. Security measures

We use organisational and technical measures designed to protect personal data, including access controls, encryption in transit, tenant separation controls, audit logging, and incident response procedures. No internet service is fully risk-free, but we continuously improve our controls.

12. Automated processing and AI-supported workflows

Some CommercePulse functionality uses probabilistic models to support recommendations, classification, and workflow routing. These tools are designed to assist decision-making, not replace merchant accountability. Where legally significant decisions are made, human oversight remains required.

13. Your rights

Subject to applicable law, you may have rights to request access, correction, deletion, restriction, portability, and objection to processing, and to withdraw consent where processing is based on consent.

To exercise rights, email privacy@commercepulse.io. We may need to verify your identity before fulfilling your request. You also have the right to complain to the UK Information Commissioner's Office (ICO), or to your local supervisory authority where available.

14. Children's data

The Services are not directed to children, and we do not knowingly collect personal data from children under 16 without lawful basis and appropriate safeguards.

15. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated last-updated date. Where required, we will provide additional notice.

16. Contact us

For privacy questions or requests, email privacy@commercepulse.io or use /contact and mark your message "Legal - Privacy".