Privacy Policy
Last updated: March 30, 2026
EmilIA by Milimetrix ("we", "us", "our") is an e-commerce analytics platform that connects to third-party services on your behalf. This Privacy Policy explains how we collect, use, and protect your information when you use our application.
What We Collect
- Account information: Name, email address, and organization details provided during sign-up via Google OAuth.
- OAuth tokens: Access and refresh tokens for connected platforms (Google Analytics 4, Google Ads, Google Tag Manager, Google Search Console, Google Merchant Center, Meta Ads, TikTok Ads, Shopify).
- Analytics and advertising data: Sessions, page views, ad performance metrics, orders, and other data synced from your connected platforms via their official APIs.
- Customer email hashes: Hashed representations of customer emails (HMAC-SHA256) for analytics matching. Emails are never stored in plain text.
How We Use Data
- Aggregate and analyze e-commerce performance across your connected platforms.
- Generate reports, dashboards, and AI-powered insights.
- Match customer journeys across channels using hashed identifiers.
- Improve and maintain the functionality of our service.
We do not sell your data to third parties. We do not use your data for advertising purposes.
Google API Services — Limited Use Disclosure
EmilIA's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only request access to the data necessary to provide our analytics service (read-only access to Google Analytics, Google Ads, Google Tag Manager, Google Search Console, and Google Merchant Center).
- We do not use Google user data for serving advertisements.
- We do not allow humans to read your data unless you give affirmative consent, it is necessary for security purposes, to comply with law, or the data is aggregated and anonymized for internal operations.
- We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, with user consent, or for security/legal purposes.
Data Security
We implement industry-standard measures to protect your data:
- Credential encryption: All OAuth tokens and platform credentials are encrypted at rest using AES-256-GCM.
- Email hashing: Customer emails are hashed with HMAC-SHA256 before storage.
- Transport security: All data in transit is protected with TLS 1.2+.
- Row-Level Security: Database access is enforced per-tenant using PostgreSQL RLS policies.
- Infrastructure: Hosted on Vercel with Supabase (PostgreSQL), both SOC 2 compliant.
Data Retention
We retain your data for as long as your account is active. Upon disconnection or account deletion:
- OAuth tokens for disconnected platforms are deleted immediately.
- Synced analytics data is retained for up to 30 days, then permanently deleted.
- Account data is deleted within 30 days of a deletion request.
Your Rights
You have the right to:
- Request a copy of the personal data we hold about you.
- Request correction of inaccurate personal data.
- Request deletion of your personal data.
- Request your data in a structured, machine-readable format.
- Object to or restrict our processing of your data.
- Revoke access to any connected platform at any time from within the application.
To exercise any of these rights, contact us at privacy@milimetrix.com.
Third-Party Sharing
We do not sell, rent, or trade your personal information. We share data only with:
- Infrastructure providers: Vercel (hosting), Supabase (database), Cloudflare (storage), Upstash (Redis cache).
- AI providers: Google Gemini API for generating analytics insights. Only aggregated, non-personally-identifiable data is sent.
- Connected platforms: Data flows back to platforms only when you explicitly initiate an action.
Contact
If you have questions about this Privacy Policy or want to exercise your data rights:
Milimetrix SpA — Santiago, Chile