winback.io
Log InSign Up

Privacy Policy

Last updated: March 9, 2026

1. Introduction

UnDigital, LLC ("we", "us", "our") operates the winback.io platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

We collect information in the following ways:

  • Account information — name, email address, and organization details you provide when registering.
  • Platform connection data — when you connect Shopify, Commerce7, Klaviyo, or upload CSV files, we access customer segments and audience data as authorized by you.
  • Campaign data — campaign configurations, design assets, mailing lists, and analytics results.
  • Payment information — processed securely by Stripe. We do not store your credit card numbers.
  • Usage data — pages visited, features used, and technical information such as browser type and IP address.

3. How We Use Your Information

  • To provide, operate, and maintain the winback.io platform.
  • To process and fulfill direct mail campaigns, including printing and mailing.
  • To process payments and send transactional communications (receipts, status updates).
  • To improve our service and develop new features.
  • To communicate with you about your account, campaigns, and service updates.
  • To comply with legal obligations.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Print and mail partners — recipient name and address data necessary to fulfill your campaigns.
  • Payment processors — Stripe, for payment processing.
  • Cloud infrastructure — Amazon Web Services, for hosting and data storage.
  • AI providers — OpenAI, for AI image generation features (prompts only, no customer data).
  • Data providers — Data Axle, for acquisition audience targeting (query parameters only).

5. Data Security

We use industry-standard security measures including encryption at rest (AES-256) and in transit (TLS), AWS Key Management Service for sensitive credentials, and access controls to protect your data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account data for as long as your account is active. Campaign data (including mailing lists and analytics) is retained for the duration of your account. You may request deletion of your account and associated data by contacting us.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict processing of your data.
  • Data portability — receive your data in a structured format.

To exercise these rights, contact us at privacy@winback.io.

8. GDPR Compliance

For users in the European Economic Area, we process personal data under lawful bases including contract performance, legitimate interest, and consent. We honor data erasure requests received through platform webhooks (e.g., Shopify GDPR webhooks) and direct requests.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at privacy@winback.io.