top of page

Privacy Policy

Retailogists Inc. (“we”, “us”, “our”) is a retail growth partner that helps merchants scale revenue, improve margins, and improve operational performance. We provide services through two complementary arms:

  • A managed services arm delivering growth partnerships across marketing, engineering, operations, design, data science, and executive functions.

  • A technology products arm, currently comprising: Avia (in-store analytics), Orca (LLM-powered order management), and Kora (data warehouse and business intelligence for retail).

This Privacy Policy applies to all Retailogists services, platforms, and websites (collectively, our “Services”), unless a specific product or engagement is covered by a separate agreement.

Scope

This policy explains what personal information we collect, how we use and share it, how long we retain it, and the rights available to individuals in Canada and the United States. It applies to:

  • Merchants and their staff who use our technology products.

  • Clients who engage Retailogists for managed services.

  • Visitors to our websites and users of our marketing and sales tools.

  • End customers of merchants whose data is processed through our technology products.

Data Roles

Merchant and Client Data

Where Retailogists processes personal data on behalf of a merchant or client — including customer order data, employee data, or operational data — the merchant or client is the controller/business and Retailogists acts as the processor/service provider, operating under that party's documented instructions.

Retailogists-Controlled Data

For our websites, product user accounts, billing, sales and marketing activities, and support, Retailogists is the controller/business and this policy applies in full.

1. Information We Collect

From Merchants and Clients (as configured)

  • Business and contact information: company name, addresses, billing details, and authorized contacts.

  • Operational data: orders, inventory, fulfillment records, returns, product catalogues, and logistics information sourced from connected systems (e.g., Shopify, WMS, 3PL, ERP, carriers).

  • Customer data attached to merchant operations: names, shipping/billing addresses, email addresses, phone numbers, order history, and related transactional records. We do not store full payment card numbers — payment is handled by the merchant's payment processor.

  • Financial and reporting data: revenue, cost, and margin data where provided for analytics and performance reporting.

From Users of Our Products and Services

  • Account and login details: name, work email, role, and authentication credentials.

  • Usage logs: features used, API calls, actions taken within our products.

  • Support tickets and related correspondence.

  • Billing information, processed via our payment processor.

  • Technical data: IP address, device and browser type, and session cookies.

From Our Website and Marketing Activities

  • Contact form submissions, demo requests, and newsletter sign-ups.

  • Cookies, analytics identifiers, and browsing behaviour on our websites.

  • Information exchanged during sales conversations or prospect engagement.

2. How We Use Information

  • Provide, secure, monitor, and improve our Services.

  • Deliver managed services engagements under the scope agreed with each client.

  • Operate our technology products: processing orders, synchronizing inventory, generating analytics, and supporting fulfillment workflows for merchants.

  • Communicate about the Services, respond to support and sales inquiries, and send relevant product updates.

  • Process billing and manage our commercial relationships.

  • Conduct internal analytics and product development, using aggregated or de-identified data where possible.

  • Comply with applicable laws and prevent fraud or abuse.

We do not sell personal information and do not use it for third-party targeted advertising.

3. Data Sharing

We share information only with:

  • Service providers (cloud hosting, logging, analytics, email, billing) under contracts restricting their use of data to providing services to us.

  • Connected platforms a merchant has authorized — warehouses, 3PLs, ERPs, carriers, returns platforms — strictly to execute the operations the merchant has configured.

  • Third-party tools used in managed services engagements, subject to appropriate data handling obligations.

  • Parties involved in a business transfer (merger, acquisition, financing), with appropriate protections.

  • Law enforcement and regulators where legally required.

4. Security

We apply layered security controls across all Services:

  • Encryption in transit (TLS) and at rest for all merchant and client data.

  • Tenant isolation: each merchant's data is logically segregated within our platforms.

  • Least-privilege access controls, SSO and MFA for internal systems, and regular access reviews.

  • Continuous monitoring, audit logging, and incident response procedures.

  • Secrets management for API keys, credentials, and connected system tokens.

  • No system is perfectly secure, but we work to align our controls with industry standards for SaaS and managed services providers operating in retail.

5. Data Retention

  • We retain merchant and client data for as long as the engagement or subscription is active and as required to provide the Services.

  • After termination, merchant and client data held in our technology products is scheduled for deletion within 90 days, subject to any written retention request.

  • Operational and security logs may be retained for up to 12 months for legal, security, and compliance purposes.

  • Aggregated and de-identified data that no longer identifies any individual or entity may be retained for benchmarking and product improvement.

  • Data processed in connection with managed services engagements is retained per the terms of the relevant service agreement.

6. International Data Transfers

​Retailogists operates primarily in North America. Data from merchants, clients, and their customers may be processed in Canada and the United States. Where required by applicable law, we rely on appropriate transfer mechanisms — such as standard contractual clauses — to protect personal data in cross-border transfers.

7. Your Rights

Canada (PIPEDA and Provincial Laws)

  • Request access to your personal information.

  • Request correction of inaccurate data.

  • Withdraw consent where applicable.

United States (State Privacy Laws)

Depending on your state, you may have rights to:

  • Access your personal information.

  • Correct inaccurate data.

  • Delete your information.

  • Obtain a portable copy of your data.

  • Opt out of targeted advertising, sale, or profiling (as defined by applicable law).

Retailogists does not sell or “share” personal information for cross-context behavioural advertising.

For End Customers of Merchants

If you are a shopper or end customer whose data was processed through a Retailogists-powered merchant, that merchant is the controller of your data. Please direct access, correction, and deletion requests to the merchant first. We will assist the merchant in fulfilling requests within the timelines required by law.

How to Exercise Your Rights

Email support@retailogists.com or use our web form. We will verify your identity and respond as required by applicable law. You may designate an authorized agent where permitted.

8. Children

Our Services are B2B products and services directed to retail merchants, their staff, and professional clients. They are not directed to children under 13, and we do not knowingly collect personal information from children.

9. Compliance Standards

Retailogists designs its Services to support merchants and clients in meeting major data protection regimes, including:

  • EU GDPR (General Data Protection Regulation)

  • US CCPA/CPRA (California) and other applicable US state privacy laws

  • Canadian PIPEDA and provincial privacy laws

  • Other applicable data protection laws

We offer a Data Processing Addendum (DPA) to merchants and clients on request.

10. Sub-Processors

Retailogists uses a limited set of sub-processors for cloud hosting, logging, analytics, email delivery, and billing. An up-to-date list is available on request by emailing support@retailogists.com. Merchants and clients on paid plans are notified of material sub-processor changes in advance.

11. Changes to This Policy

We may update this policy from time to time. We will update the “Last updated” date at the top of this document and provide additional notice where required by applicable law.

12. Contact

Retailogists Inc.

Privacy Officer: Vincent Younan, COO

Email: vincent.younan@retailogists.com

General inquiries: support@retailogists.com

bottom of page