CommerceBase
Sign in

Effective 29 May 2026

Privacy Policy

This Privacy Policy describes how The Realry Group Inc. ("TRG", "CommerceBase", "we") collects, uses, and shares personal data when you use the CommerceBase platform, our marketing site, or our conversion pixel. For processing carried out on behalf of an advertiser Customer, the Data Processing Addendum applies in addition to this Policy.

1. Who we are

CommerceBase ("we", "us") is operated by The Realry Group. We act as data controller for advertiser-account data and as data processor for end-user behavioural data captured on partner sites via our pixel.

2. Data we collect

  • Advertiser account data — name, business email, billing identity, Stripe customer reference. Used to operate your account and meet legal/tax obligations.
  • Product catalog data — connected via Shopify, Google Merchant Center, or file upload. Stored in our offsite_products collection. Used to serve ads and reconcile spend.
  • Campaign + spend telemetry — channel-reported impressions, clicks, conversions, and CommerceBase-side bid/spend events.
  • Pixel (cb.js) events — page-view, add-to-cart, and purchase signals from partner sites carrying our pixel. Used for attribution and conversion forwarding. Personal data is not collected by the pixel; pseudonymous click identifiers only.

3. How we use data

  • Operate the platform (campaign serving, billing, reporting).
  • Forward conversion events to upstream networks (e.g. Google Ads, DailyClicks) per advertiser configuration.
  • Improve model quality (bid pricing, predicted conversion rate). Training data is aggregated and de-identified.
  • Comply with legal obligations and respond to regulator/lawful requests.

4. Legal bases (GDPR)

For UK/EU partners and end-users, we rely on the following bases:

  • Contract — to operate the Service for paying advertisers.
  • Legitimate interest — fraud prevention, security, model quality.
  • Consent — for non-essential cookies and analytics on the marketing site (see Cookie Policy).

5. Sharing

We share data with sub-processors that operate the platform: AWS (compute/storage), MongoDB Atlas (database), Cloudflare (edge routing), Stripe (payments), Google (Ads/CSS), DailyClicks (DSP). A current sub-processor list is available on request.

6. Retention

Advertiser account data is retained for the duration of the relationship and up to 7 years after termination to satisfy tax and accounting obligations. Pixel event records are retained for 24 months and then aggregated; click identifiers are pruned after 90 days.

7. Your rights

Subject to applicable law (PIPA, GDPR, UK GDPR, CCPA), you may request access, correction, deletion, or export of your personal data. Email privacy@realry.com.

8. International transfers

Our infrastructure is hosted in the United States and the European Union. Where personal data leaves the EEA, we rely on Standard Contractual Clauses with sub-processors.

9. Security

Credentials and payment instruments are tokenized via Stripe and never touch our servers. Partner OAuth tokens are encrypted at rest. Access to production data is restricted to named TRG employees with multi-factor authentication.

10. Children

The Service is intended for business users 18 years or older. We do not knowingly collect personal data from children.

11. Changes

We will notify you of material changes by email or in-product notice at least 30 days before they take effect.

12. Contact

Data Protection Officer: privacy@realry.com. For complaints, you may also lodge a complaint with your local supervisory authority (in the UK, the ICO; in the EU, your national data-protection authority).