Privacy Notice for ExpandFi LLC

Last updated: August 21, 2025

This Privacy Notice for ExpandFi LLC ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

• Visit our website at https://expandfi.com or any website of ours that links to this Privacy Notice.
• Use ExpandFi, an analytics platform for e-commerce companies, including Amazon and Shopify sellers, with potential future integrations from additional sources (e.g., Meta, Google Ads, or other platforms).
• Engage with us in other related ways, including sales, marketing, or events.

Our Services are intended for users aged 18 and older. By using our Services, you confirm you are at least 18 years old. If you have questions or concerns, contact us at hey@expandfi.com.

SUMMARY OF KEY POINTS

This summary provides key points from our Privacy Notice. You can find more details in the sections below.

• What personal information do we process? We may process personal information depending on your interaction with our Services, including data from Amazon and Shopify APIs, user uploads, and potentially future third-party sources with your authorization (see Section 1).
• Do we process sensitive personal information? We process sensitive information, such as sales and order data or Shopify customer addresses, with your consent or as permitted by law (see Section 1).
• Do we collect information from third parties? We collect data from Amazon and Shopify APIs with your authorization, and may collect data from additional third-party platforms (e.g., Meta, Google Ads) in the future with your explicit consent (see Section 1).
• How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, ensure security, and comply with law (see Section 2).
• With whom do we share personal information? We share information with third-party service providers (e.g., Stripe, Google Analytics, Pingdom) and may share with future providers (e.g., advertising platforms) under strict contracts (see Section 4).
• How do we keep your information safe? We use a multi-tenant database to segregate user data and implement security measures, but no system is 100% secure (see Section 9).
• What are your rights? You may have rights to access, correct, or delete your personal information, depending on your location (see Section 11).
• How do you exercise your rights? Contact us at hey@expandfi.com to exercise your rights (see Section 16).

TABLE OF CONTENTS

1. What Information Do We Collect?
2. How Do We Process Your Information?
3. What Legal Bases Do We Rely On to Process Your Information?
4. When and With Whom Do We Share Your Personal Information?
5. Do We Use Cookies and Other Tracking Technologies?
6. Do We Offer Artificial Intelligence-Based Products?
7. Is Your Information Transferred Internationally?
8. How Long Do We Keep Your Information?
9. How Do We Keep Your Information Safe?
10. Do We Collect Information from Minors?
11. What Are Your Privacy Rights?
12. Controls for Do-Not-Track Features
13. Do United States Residents Have Specific Privacy Rights?
14. Do We Make Updates to This Notice?
15. How Can You Contact Us About This Notice?
16. How Can You Review, Update, or Delete the Data We Collect from You?

1. WHAT INFORMATION DO WE COLLECT?

Personal Information You Disclose to Us

In Short: We collect personal information you provide to us.

We collect personal information you voluntarily provide when you register, express interest in our Services, participate in activities, or contact us. This includes:

• Identifiers: Names, email addresses, usernames, passwords, contact preferences, billing/mailing addresses, phone numbers, job titles.
• Payment Data: Payment instrument numbers and security codes, handled by Stripe (see https://stripe.com/privacy).
• Sensitive Information: With your consent or as permitted by law, we process:
  • Sales and Order Information: Sales history, products purchased, purchase dates, and related metrics from Amazon and Shopify, and potentially future sources (e.g., Meta, Google Ads).
  • Customer Data: Shopify customer addresses (personal identifiable information) and anonymized Amazon customer data (obfuscated by Amazon to protect privacy).

All personal information you provide must be true, complete, and accurate, and you must notify us of changes at hey@expandfi.com.

Information Collected from Third-Party Platforms

We collect data from Amazon (via Seller Central/Vendor Central APIs) and Shopify (via Shopify APIs) with your explicit authorization through their respective authentication processes (e.g., OAuth). This includes:

• Amazon sales and advertising data (e.g., order details, product performance, ad metrics).
• Shopify sales data and customer addresses.

We may collect data from additional third-party platforms (e.g., Meta, Google Ads, or other e-commerce/advertising services) in the future, but only with your explicit consent and compliance with their respective policies. We comply with Amazon's and Shopify's API policies, including their rights to audit or terminate access for non-compliance. We do not collect data from other third-party sources unless explicitly authorized by you.

Information Automatically Collected

In Short: We collect device and usage information automatically when you use our Services.

We collect:

• Log and Usage Data: IP address, browser type, device information, operating system, usage patterns (e.g., pages viewed, features used), and date/time stamps.
• Device Data: Information about your device (e.g., computer, phone), including IP address, browser type, and system configuration.
• Location Data: Imprecise location data based on IP address. You can opt out by disabling location settings, but this may limit some features.

We use on-site cookies and monitoring technologies, including Pingdom and Google Analytics, to analyze how users interact with our website. Future integrations with third-party platforms (e.g., Meta, Google Ads) may involve additional tracking technologies (e.g., pixels, tags), subject to your consent. We recommend implementing a cookie consent banner to comply with GDPR and CCPA. For details, see our Cookie Notice: https://app.termly.io/policy-viewer/policy.html?policyUUID=aabf6e24-fa56-4252-a181-3ca422e2aedc.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, ensure security, and comply with law.

We process your information to:

• Facilitate account creation and authentication.
• Deliver analytics services for Amazon and Shopify sellers, and potentially future platforms (e.g., Meta, Google Ads).
• Respond to inquiries and provide support.
• Send administrative and marketing communications (with opt-out options).
• Fulfill orders and manage payments.
• Request feedback and analyze usage trends.
• Deliver targeted advertising (subject to your preferences).
• Ensure security and prevent fraud.
• Comply with legal obligations or protect vital interests.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?

In Short: We process your information based on consent, contractual obligations, legitimate interests, legal obligations, or vital interests.

For EU/UK Residents (GDPR/UK GDPR):

• Consent: For specific purposes (e.g., marketing, sensitive data processing, new third-party data integration).
• Contract: To provide Services or fulfill agreements.
• Legitimate Interests: For analytics, advertising, fraud prevention, and service improvement, where your rights are not overridden.
• Legal Obligations: To comply with laws or regulations.
• Vital Interests: To protect safety in emergencies.

For Canadian Residents:

• We process with express or implied consent, or where permitted by law (e.g., for fraud prevention, legal compliance).

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We share information with third-party service providers under strict contracts.

We share data with:

• Payment Processors: Stripe for payment processing.
• Analytics Providers: Google Analytics and Pingdom for usage tracking (opt-out at https://tools.google.com/dlpage/gaoptout or https://www.pingdom.com/legal/privacy-policy).
• AI Service Providers: Anthropic, Google Cloud AI, OpenAI for AI-driven analytics (data not shared across users).
• Cloud Storage: Google Cloud and its subprocessors for data storage. Contact us at hey@expandfi.com for subprocessor details.
• Future Providers: We may share data with additional third-party platforms (e.g., Meta, Google Ads, or other advertising/e-commerce services) for analytics or advertising purposes, but only with your consent and under strict contractual safeguards.

We may share data during business transfers (e.g., mergers) or with business partners for promotions. Data is segregated in a multi-tenant database to prevent sharing across users. We comply with Amazon and Shopify's API policies, including their audit/termination rights, and will adhere to future platform policies.

5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We use on-site cookies for analytics and may use additional technologies from future platforms.

We use cookies and monitoring technologies (Pingdom, Google Analytics) to analyze user behavior on our website (e.g., page views, feature usage). Future integrations with third-party platforms (e.g., Meta, Google Ads) may involve additional tracking technologies (e.g., pixels, tags) for advertising or analytics, subject to your consent. We recommend implementing a cookie consent banner to comply with GDPR and CCPA. You can manage cookies via browser settings, but this may affect functionality. For details, see our Cookie Notice: https://app.termly.io/policy-viewer/policy.html?policyUUID=aabf6e24-fa56-4252-a181-3ca422e2aedc.

6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?

In Short: We offer AI-driven analytics powered by third-party providers.

Our AI products (e.g., predictive analytics, insights) are provided through Anthropic, Google Cloud AI, and OpenAI. These process your data only for your account, not shared across users. You may opt out of AI processing by emailing hey@expandfi.com or, in the future, via account settings. Data is not used to train third-party AI models without your consent, including for future platform integrations.

7. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?

In Short: Your data may be stored globally via Google Cloud, with safeguards for international transfers.

Our servers are hosted on Google Cloud, which may store data in the U.S. or other regions. For EEA/UK residents, we use Standard Contractual Clauses (SCCs) to ensure compliance with GDPR/UK GDPR. Contact us at hey@expandfi.com for SCC details. Future third-party integrations may involve additional international transfers, subject to similar safeguards.

8. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We retain personal information for one month after account termination unless required by law.

We delete personal data within one month of account termination. Data may be retained longer under legal holds (e.g., litigation, audits) as required by law or for compliance with future platform policies.

9. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We use a multi-tenant database and security measures to protect your data.

We implement technical and organizational measures, including a multi-tenant database to segregate user data. However, no system is 100% secure, and transmission is at your risk. In case of a data breach, we will notify affected users and authorities within 72 hours as required by law. We disclaim liability for unauthorized access beyond our reasonable control. Access our Services in a secure environment.

10. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from users under 18.

By using our Services, you confirm you are at least 18 years old. If we learn data from users under 18 has been collected, we will deactivate the account and delete the data. Contact us at hey@expandfi.com if you suspect minor data collection.

11. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: You have rights to access, correct, or delete your personal information, depending on your location.

EEA/UK/Switzerland/Canada Residents:

• Request access to or a copy of your data.
• Request rectification, erasure, or restriction of processing.
• Request data portability or object to processing.
• Withdraw consent at hey@expandfi.com (does not affect prior processing).

All Users:

• Opt out of marketing by clicking "unsubscribe" or emailing hey@expandfi.com.
• Opt out of targeted advertising or AI processing at hey@expandfi.com.
• Review or update account information via account settings or by contacting us.

Contact your data protection authority if you believe we are unlawfully processing your data.

12. CONTROLS FOR DO-NOT-TRACK FEATURES

We do not currently respond to Do-Not-Track (DNT) signals due to the lack of a uniform standard. We will update this policy if a standard is adopted.

13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Residents of certain U.S. states have rights to access, correct, or delete their data.

We have collected the following personal information in the past 12 months:

• Category A (Identifiers): Name, email, IP address, etc. (retained while account is active).
• Category B (Personal Information): Contact information, financial details (retained while account is active).
• Category C (Protected Classifications): Demographic data (retained while account is active).
• Category D (Commercial Information): Sales history, purchase details (retained while account is active).
• Category F (Internet Activity): Browsing behavior, usage data (retained while account is active).
• Category K (Inferences): User preferences, analytics profiles (retained while account is active).

We share Categories A, B, D, F, and K with Stripe (payment processing), Google Analytics, and Pingdom (analytics). Future integrations (e.g., Meta, Google Ads) may involve sharing for advertising or analytics, which may be considered "sharing" under CCPA. Opt out via our "Do Not Sell/Share My Info" link at https://expandfi.com/do-not-sell or email hey@expandfi.com.

Your Rights (e.g., California, Colorado, Virginia, etc.):

• Know, access, correct, or delete your data.
• Opt out of targeted advertising, selling, or profiling.
• Non-discrimination for exercising rights.
• Obtain a list of third parties receiving your data (where required).

Contact us at hey@expandfi.com to exercise rights. We verify requests using account information. Appeals can be made to hey@expandfi.com, and complaints can be filed with your state attorney general.

California "Shine The Light" Law: California residents may request information about data shared for direct marketing (none in the past 12 months). Contact us at hey@expandfi.com.

14. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: We update this notice to stay compliant with laws.

We may update this notice, indicated by a revised date. Material changes will be notified via email or website posting. Review this notice regularly.

15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

Email us at hey@expandfi.com or mail us at:

ExpandFi LLC
30 N Gould St Ste R, Sheridan, WY 82801, USA

16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

To review, update, or delete your data, log in to your account settings or email hey@expandfi.com. We will process requests in accordance with applicable laws.

Accessibility: We strive to make our website accessible. If you encounter barriers, contact us at hey@expandfi.com.