Privacy Policy
Last updated July 2026.
This Privacy Policy explains how Compass (“Compass”, “we”, “us”) collects, uses, and shares personal data when you visit our website, request a demo, or use the Compass customer intelligence platform (the “Service”). It also describes the choices available to you. Compass provides features designed to support your own privacy and compliance obligations, but this policy describes our practices — not legal advice.
Who this policy covers
This policy applies to two groups. First, people who interact directly with Compass — for example, visitors to our website and representatives of merchants who administer a Compass workspace. Second, the end customers of our merchant customers, whose data a merchant chooses to bring into Compass. For that second group, the merchant is the controller of the data and Compass acts as a processor on their behalf; those relationships are governed by our Data Processing Addendum.
Data we collect
- Account and contact data — name, work email, company, and role when you request a demo or create a workspace.
- Merchant customer data — profile, commerce, engagement, consent, and ecosystem activity that a merchant connects from sources such as Shopify, Surveys, and VendorStreet.
- Usage data — how you interact with the Service, including features used and actions taken, so we can operate and improve the product.
- Device and log data — IP address, browser type, and similar technical information collected automatically when you use the Service.
How we use data
- To provide, maintain, and secure the Service, including unified profiles, audiences, campaigns, and journeys.
- To respond to requests, provide support, and communicate about your account.
- To improve product quality, reliability, and performance.
- To detect, prevent, and address abuse, security incidents, and technical issues.
We do not sell personal data. We do not use merchant customer data to train foundation models, and we process it only to provide the Service under our agreement with the merchant.
Consent
Marketing sent through Compass depends on the consent captured and maintained by the merchant. Compass includes consent tracking and suppression features designed to support lawful, permission-based sending. Where we rely on your consent for our own communications, you may withdraw it at any time, for example by using the unsubscribe link in an email.
Your rights
Depending on where you live, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing. To exercise a right relating to data we control, contact us at privacy@compass.st. If your request concerns data a merchant brought into Compass, we will refer you to the relevant merchant, who acts as the controller, and support them in responding.
Retention
We retain personal data for as long as needed to provide the Service and for legitimate business or legal purposes. Merchant customer data is retained according to the merchant’s configuration and instructions; on termination it is deleted or returned as described in our Data Processing Addendum.
Subprocessors
We use a limited set of vendors to help operate the Service, such as infrastructure, email delivery, billing, error monitoring, and analytics providers. Our current list is available on our Subprocessors page, which we update as our vendors change.
Security
Compass runs on Cloudflare infrastructure and uses tenant isolation, encryption in transit and at rest, and access controls to protect data. No system is perfectly secure, but we maintain safeguards designed to protect personal data against unauthorized access, alteration, and loss. You can learn more on our Security page.
International transfers
Compass operates on globally distributed infrastructure, and data may be processed in countries other than your own. Where required, we use appropriate safeguards designed to protect data transferred across borders.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the “last updated” date above and, where appropriate, provide additional notice.
Contact us
Questions about this policy or your data can be sent to privacy@compass.st. You can also reach us through our contact page.