Privacy Policy
Last updated: March 19, 2026
1. Identity and Contact Details
- Company: Gezar / Magnus Bo Nielsen
- CVR: 42476226
- Email: magnus@gezar.dk
- Location: Denmark
- Data Protection Authority: Datatilsynet (Denmark)
2. Our Role — Controller vs. Processor
As Data Processor: When Merchants use Teamco, we process employee personal data (names, emails, orders, budgets) on behalf of the Merchant. The Merchant is the Data Controller and determines the purposes and means of processing. We process this data solely to provide the Service according to the Merchant's instructions.
As Data Controller: For data collected through this website (getteamco.com), such as visitor analytics and contact form submissions, Gezar is the Data Controller.
3. What Data We Collect
From Merchants (via Shopify OAuth)
- Shopify store name and domain
- Store currency and locale settings
- API access tokens (granted through Shopify's OAuth flow)
- Contact email address
From Employees (as Processor, on Merchant's behalf)
- Name (first name, last name)
- Email address
- Phone number and country
- Role within the company (Employee, Buyer, Admin)
- Language preference
- Order history and order details
- Budget allocation and usage
- Size preferences
- Group membership
From Website Visitors (as Controller)
- IP address (anonymised where possible)
- Browser type and version
- Pages visited and interaction data
From Company Applicants
- Company name and VAT number
- Contact person name and email
- Shipping and billing addresses
4. Legal Basis for Processing
| Data Category | Legal Basis (GDPR Art. 6) |
|---|---|
| Employee data (as Processor) | Merchant's legitimate interest in B2B operations + Merchant's instructions as Controller |
| Merchant account data | Performance of contract (providing the Service) |
| Website analytics | Legitimate interest (improving our website) |
| Contact form submissions | Consent |
5. How Long We Store Data
| Data Type | Retention Period |
|---|---|
| Employee and company data | Duration of Merchant's subscription + 30 days after termination |
| Website analytics | 26 months |
| Email logs | 90 days |
| Shopify session tokens | Duration of active session |
6. Sub-Processors
We use the following third-party services to provide and operate Teamco:
| Service | Purpose | Location |
|---|---|---|
| Shopify | E-commerce platform, app hosting | Canada / US |
| Railway | Application and database hosting | US / EU |
| PostgreSQL (Railway) | Primary database | EU |
| Redis (Railway) | Caching and rate limiting | EU |
| Resend | Transactional email delivery | US |
7. International Data Transfers
Some of our sub-processors are located in the United States. For these transfers, we rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as approved by the European Commission to ensure an adequate level of data protection.
8. Cookies
Teamco uses minimal cookies for essential functionality only:
- Session cookies: Required for authentication and app functionality
- Shopify cookies: Set by Shopify for store operation
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required as we only use strictly necessary cookies.
9. Your Rights Under GDPR
If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:
- Right of access — Request a copy of your personal data
- Right to rectification — Request correction of inaccurate data
- Right to erasure — Request deletion of your data ("right to be forgotten")
- Right to data portability — Request your data in a machine-readable format
- Right to object — Object to processing based on legitimate interest
- Right to restrict processing — Request limitation of processing
- Right to withdraw consent — Where processing is based on consent
- Right to lodge a complaint — File a complaint with Datatilsynet (Danish Data Protection Agency) at datatilsynet.dk
For employees: If you are an employee accessing Teamco through your employer's portal, please contact your employer (the Data Controller) first. We will assist them in fulfilling your rights.
10. Shopify GDPR Webhooks
We implement all of Shopify's mandatory GDPR compliance webhooks:
- customers/data_request — We respond with all stored customer data
- customers/redact — We delete all customer data upon request
- shop/redact — We delete all shop data upon app uninstallation
11. Data Breach Notification
In the event of a confirmed personal data breach, we will notify affected Merchants within 72 hours of becoming aware of the breach, as required by GDPR Article 33. The notification will include the nature of the breach, categories of data affected, and measures taken to address it.
12. Children
Teamco is a business-to-business service and is not directed at children under the age of 16. We do not knowingly collect personal data from children.
13. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know — What personal information we collect and how it is used
- Right to delete — Request deletion of your personal information
- Right to opt-out of sale — We do not sell personal information to third parties
14. Data Sharing
We do not sell, trade, or rent personal data to third parties. We share data only with the sub-processors listed above and only as necessary to provide the Service. We may also disclose data when required by law or to protect our legal rights.
15. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will provide notice through the Service or by email. The "Last updated" date at the top of this page indicates when the policy was last revised.
16. Contact
For privacy-related questions or to exercise your data rights, contact us:
- Email: magnus@gezar.dk
- Company: Gezar / Magnus Bo Nielsen (CVR 42476226)
- Location: Denmark