NothingSell
Start free

Privacy Policy

Last revised: May 2026 — Pursuant to EU Regulation 2016/679 (GDPR)

Courtesy translation. In case of discrepancies, the Italian version prevails.

1. Data controller

The controller of personal data is:

ECM di Tacchi Alessandro

Via Yuri Gagarin, 169 — 61122 Pesaro (PU), Italy

VAT: IT02646670410

Email: info@ecommerce-manager.it

Phone: +39 0721 581919

Hours: Monday–Friday, 8:00–17:00 (CET)

For privacy-specific requests: privacy@nothingsell.com

2. Data we collect

We collect the following categories of data:

  • • Registration data: name, email address, password (hashed).
  • • Usage data: access logs, actions in the platform, configured preferences.
  • • Third-party data (delegated): e-commerce, analytics and advertising data connected via OAuth integrations. This data belongs to your accounts and is processed on your behalf.
  • • Payment data: handled exclusively by Stripe Inc. (PCI-DSS certified provider). ECM di Tacchi Alessandro does not store credit card or bank data.

3. Purposes of processing

Your data is processed for the following purposes:

  • • Service provision (performance of the contract — art. 6.1.b GDPR)
  • • Transactional communications (confirmations, alerts, system notifications)
  • • Service improvement through aggregated, anonymized analysis
  • • Legal and tax obligations (art. 6.1.c GDPR)
  • • Marketing communications (only with explicit consent — art. 6.1.a GDPR)

4. Your e-commerce data (processor role)

When you connect PrestaShop, GA4, Google Ads and other services, the business data we synchronize (orders, products, traffic metrics, etc.) belongs to you or your clients. ECM di Tacchi Alessandro acts as data processor pursuant to art. 28 GDPR. This data is never sold to third parties or used for purposes other than the service you requested.

5. Third-party integrations — data accessed and access revocation

NothingSell connects to the following third-party services to read business data and display it in your dashboards. All integrations operate in read-only mode.

Google services (OAuth 2.0)

  • • Google Analytics 4 (analytics.readonly) — traffic metrics: sessions, users, conversions, revenue.
  • • Google Search Console (webmasters.readonly) — organic queries, impressions, clicks, average position.
  • • Google Ads (adwords) — campaign data: impressions, clicks, cost, ROAS. No campaigns or accounts are modified.
  • • Google Merchant Center (content) — product feed status, issues and disapprovals. No products are modified.

How to revoke Google access: disconnect NothingSell from your Google accounts at any time at myaccount.google.com/permissions.

Other integrations

  • • PrestaShop (API key) — orders, products, customers, shipping data. Read-only via WebService or Admin API.
  • • Meta Ads (OAuth) — campaign data: impressions, clicks, spend, ROAS. No campaigns are modified.
  • • Microsoft Clarity (project token) — session metrics: sessions, pages visited, bounce rate. Read-only.
  • • Google PageSpeed (public API) — page performance scores. No user data is transmitted.

All integration data is used exclusively to populate the platform dashboards and is never shared with third parties or used for other purposes. You can disconnect any integration at any time from the Integrations section in the platform.

6. Processors (sub-processors)

To deliver the service we rely on the following third-party providers, appointed as data processors pursuant to art. 28 GDPR:

  • • Stripe Inc. — payment processing (USA, SCCs)
  • • Anthropic PBC — AI processing via API (USA, SCCs) — only for users with MCP enabled
  • • Hosting provider — server infrastructure in the EU

7. Data retention

Account data is retained for the duration of the contract and for the following 12 months, unless legal obligations apply. Synchronized e-commerce data is retained according to the active plan (from 30 days for the Free plan to unlimited for Agency). You can request early deletion at any time by writing to privacy@nothingsell.com.

8. Your rights

Under the GDPR, you have the right to:

  • • Access: request a copy of the data we process about you.
  • • Rectification: correct inaccurate or incomplete data.
  • • Erasure: request deletion of your data ("right to be forgotten").
  • • Portability: receive your data in a structured, machine-readable format.
  • • Objection and restriction: object to processing or request its restriction.
  • • Complaint: lodge a complaint with the competent data protection authority (in Italy, the Garante per la Protezione dei Dati Personali).

To exercise your rights, write to privacy@nothingsell.com. We will reply within 30 days.

9. Cookies and tracking

The website www.nothingsell.com uses technical cookies necessary for operation and, with your consent, analytics cookies (Microsoft Clarity) to improve the service. We do not use profiling cookies for advertising. You can manage cookie preferences at any time via the banner on your first visit.

10. Changes to this policy

We reserve the right to update this policy. In case of substantial changes, we will inform you by email at least 30 days before they take effect. The date of the last revision is shown at the top of this document.