Privacy Policy
This Privacy Policy describes how Mocha Analytics ("we", "us", or "our") collects, uses, and protects your information when you use our analytics dashboard service.
Information We Collect
We collect information from the following sources when you connect your accounts:
- Shopify: Order data, product information, customer information (name, email, purchase history), inventory levels, and return/refund data.
- Google Analytics 4: Session data, traffic sources, user behavior, conversion events, and page performance metrics.
- Google Ads: Campaign performance, ad spend, clicks, impressions, conversions, and ROAS metrics.
- Klaviyo: Email campaign metrics, flow performance, subscriber data, and engagement metrics.
- HubSpot: Marketing email campaign performance (sends, opens, clicks, bounces, unsubscribes) and email campaign metadata (name, subject line, send date, type).
- Meta Ads: Campaign performance, ad spend, impressions, clicks, and ROAS metrics from your Facebook and Instagram advertising.
- Snapchat Ads: Ad campaign performance data (spend, impressions, swipes/clicks, conversions, ROAS) and campaign metadata (name, status, dates).
- Pinterest Ads: Ad campaign performance data (spend, impressions, clicks, conversions, ROAS) and campaign metadata (name, status, dates). Pinterest returns spend in USD regardless of account currency.
- Gorgias: Support ticket data (ticket count, response times, satisfaction scores), individual ticket metadata (subject, status, channel, assignee), and customer email addresses from tickets for matching to store customers.
- Recharge: Subscription data (product, price, billing interval, status), charge/billing data (amounts, success/failure status), customer email addresses from subscriptions, and computed metrics such as MRR, churn rate, and subscriber counts.
We also collect account information you provide directly, including your name and email address.
How We Use Your Information
We use your information to:
- Display analytics dashboards showing your ecommerce performance
- Generate and deliver scheduled email reports to you and your team
- Provide insights and recommendations based on your data
- Display Google Ads campaign performance, spend efficiency, and ROAS metrics alongside your other ecommerce data
- Display Meta Ads campaign performance, spend efficiency, and ROAS metrics alongside your other ecommerce data
- Display Snapchat Ads campaign performance, spend efficiency, and ROAS metrics alongside your other ecommerce data
- Display Pinterest Ads campaign performance, spend efficiency, and ROAS metrics alongside your other ecommerce data
- Display Gorgias support ticket statistics and response metrics alongside your other ecommerce data
- Display Recharge subscription metrics, MRR, churn rate, and billing data alongside your other ecommerce data
- Display HubSpot email campaign performance and engagement metrics alongside your other ecommerce data
- Improve our service and develop new features
- Communicate with you about your account and service updates
Data Storage and Security
Your data is stored in secure, encrypted databases hosted on reputable cloud infrastructure. We implement industry-standard security measures including:
- Encryption in transit (TLS/SSL) for all data transfers
- Encryption at rest for stored data
- Secure authentication with JWT tokens and httpOnly cookies
- Regular security audits and monitoring
In the event of a data breach affecting your data from any connected integration (including Google Ads, Google Analytics, Meta Ads, Snapchat Ads, Pinterest Ads, Gorgias, or Recharge), we will notify affected users and relevant platform providers within 24 hours in accordance with applicable regulations.
Third-Party Services
We use the following third-party services to operate Mocha Analytics:
- Google Analytics API and Google Ads API: To retrieve your analytics and advertising data
- Shopify API: To retrieve your store, order, and product data
- Klaviyo API: To retrieve your email marketing data
- HubSpot API: To retrieve your email marketing campaign data
- Meta Marketing API: To retrieve your Facebook and Instagram advertising data
- Snapchat Marketing API: To retrieve your Snapchat advertising data
- Pinterest Ads API: To retrieve your Pinterest advertising data
- Gorgias API: To retrieve your customer support ticket data
- Recharge API: To retrieve your subscription and billing data
- SendGrid: To deliver email reports and notifications
- Stripe: To process subscription payments
- Sentry: For error monitoring and performance tracking
Google Ads Data Usage
Mocha Analytics accesses your Google Ads account data via the Google Ads API using read-only OAuth 2.0 authorization. For full details on our Google Ads integration, see our Google Ads Integration page.
Data types accessed:
- Campaign performance metrics (impressions, clicks, conversions, cost)
- Keyword and search term performance
- Shopping campaign and product group performance
- ROAS, CPC, and CPM calculations
This data is used solely to display analytics and performance insights within your Mocha Analytics dashboard and scheduled email reports. We do NOT:
- Use your Google Ads data for profiling, advertising, or targeting
- Sell, share, or transfer your Google Ads data to any third party
- Modify your campaigns, budgets, bids, or ad content
- Use your data for any purpose other than displaying analytics to you
All Google Ads data is subject to the same security and data retention policies described in this Privacy Policy. Mocha Analytics' use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
You may revoke Mocha Analytics's access to your Google Ads data at any time by disconnecting the integration in your Mocha Analytics account settings, or by removing access at myaccount.google.com/permissions.
Meta Ads Data Usage
Mocha Analytics accesses your Meta Ads account data via the Meta Marketing API using read-only OAuth 2.0 authorization. For full details on our Meta Ads integration, see our Meta Ads Integration page.
Data types accessed:
- Campaign performance metrics (impressions, clicks, spend, CPM, CPC)
- Ad set and ad creative performance
- Account-level spend and return on ad spend
This data is used solely to display analytics and performance insights within your Mocha Analytics dashboard and scheduled email reports. We do NOT:
- Use your Meta Ads data for profiling, advertising, or targeting
- Sell, share, or transfer your Meta Ads data to any third party
- Modify your campaigns, budgets, audiences, or ad creative
- Use your data for any purpose other than displaying analytics to you
You may revoke Mocha Analytics's access to your Meta Ads data at any time by disconnecting the integration in your Mocha Analytics account settings, or by removing access from your Meta Business Settings.
HubSpot Data Usage
Mocha Analytics accesses your HubSpot account data via the HubSpot API using OAuth 2.0 authorization. We store encrypted access and refresh tokens to maintain your connection.
Data types accessed:
- Marketing email campaign performance metrics (sends, opens, clicks, bounces, unsubscribes)
- Email campaign metadata (name, subject line, send date, type)
This data is used solely to display analytics and performance insights within your Mocha Analytics dashboard and scheduled email reports. We do NOT:
- Use your HubSpot data for profiling, advertising, or targeting
- Sell, share, or transfer your HubSpot data to any third party
- Modify your campaigns, contacts, or email content
- Use your data for any purpose other than displaying analytics to you
You may revoke Mocha Analytics's access to your HubSpot data at any time by disconnecting the integration in your Mocha Analytics account settings, or by removing the app from your HubSpot account under Settings > Integrations > Connected Apps.
Snapchat Ads Data Usage
Mocha Analytics accesses your Snapchat Ads account data via the Snapchat Marketing API using OAuth 2.0 authorization. We store encrypted access and refresh tokens to maintain your connection.
Data types accessed:
- Campaign performance metrics (spend, impressions, swipes/clicks, conversions)
- Campaign metadata (name, status, start and end dates)
- ROAS and cost-per-action calculations
Data stored: Campaign-level daily performance metrics.
This data is used solely to display analytics and performance insights within your Mocha Analytics dashboard and scheduled email reports. We do NOT:
- Use your Snapchat Ads data for profiling, advertising, or targeting
- Sell, share, or transfer your Snapchat Ads data to any third party
- Modify your campaigns, budgets, audiences, or ad creative
- Use your data for any purpose other than displaying analytics to you
You may revoke Mocha Analytics's access to your Snapchat Ads data at any time by disconnecting the integration in your Mocha Analytics account settings, or by removing the app from your Snapchat Ads Manager under Manage Connections.
Pinterest Ads Data Usage
Mocha Analytics accesses your Pinterest Ads account data via the Pinterest Ads API using OAuth 2.0 authorization. We store encrypted access and refresh tokens to maintain your connection.
Data types accessed:
- Campaign performance metrics (spend, impressions, clicks, conversions)
- Campaign metadata (name, status, start and end dates)
- ROAS and cost-per-action calculations
Data stored: Campaign-level daily performance metrics. Note that Pinterest returns spend values in USD regardless of your account currency.
This data is used solely to display analytics and performance insights within your Mocha Analytics dashboard and scheduled email reports. We do NOT:
- Use your Pinterest Ads data for profiling, advertising, or targeting
- Sell, share, or transfer your Pinterest Ads data to any third party
- Modify your campaigns, budgets, audiences, or pin creative
- Use your data for any purpose other than displaying analytics to you
You may revoke Mocha Analytics's access to your Pinterest Ads data at any time by disconnecting the integration in your Mocha Analytics account settings, or by removing the app from your Pinterest Business account under Apps settings.
Gorgias Data Usage
Mocha Analytics accesses your Gorgias helpdesk data via the Gorgias API using an encrypted API key. The API key is stored with AES encryption and is never exposed in logs or client-side code.
Data types accessed:
- Support ticket statistics (ticket count, response times, satisfaction scores)
- Individual ticket metadata (subject, status, channel, assignee)
- Customer email addresses from tickets (used solely for matching to your store customers)
Data stored: Daily support statistics and recent ticket details.
This data is used solely to display support performance insights within your Mocha Analytics dashboard and scheduled email reports. We do NOT:
- Use your Gorgias data for profiling, advertising, or targeting
- Sell, share, or transfer your Gorgias data to any third party
- Create, modify, or respond to support tickets on your behalf
- Contact your customers using email addresses obtained from tickets
- Use your data for any purpose other than displaying analytics to you
You may revoke Mocha Analytics's access to your Gorgias data at any time by disconnecting the integration in your Mocha Analytics account settings, or by revoking the API key from your Gorgias account under Settings > REST API.
Recharge Data Usage
Mocha Analytics accesses your Recharge subscription data via the Recharge API using an encrypted API key. The API key is stored with AES encryption and is never exposed in logs or client-side code.
Data types accessed:
- Subscription details (product, price, billing interval, status)
- Charge and billing data (amounts, success/failure status)
- Customer email addresses from subscriptions (used solely for matching to your store customers)
- Computed metrics such as MRR, churn rate, and subscriber counts
Data stored: Subscription details, charge history, and daily subscription metrics.
This data is used solely to display subscription analytics and performance insights within your Mocha Analytics dashboard and scheduled email reports. We do NOT:
- Use your Recharge data for profiling, advertising, or targeting
- Sell, share, or transfer your Recharge data to any third party
- Create, modify, cancel, or pause subscriptions on your behalf
- Process charges or modify billing settings
- Contact your customers using email addresses obtained from subscriptions
- Use your data for any purpose other than displaying analytics to you
You may revoke Mocha Analytics's access to your Recharge data at any time by disconnecting the integration in your Mocha Analytics account settings, or by revoking the API key from your Recharge account under Settings > API tokens.
Data Retention
We retain your data for as long as your account is active. When you delete your account or uninstall the Shopify app, we will delete your data within 30 days, unless we are required to retain it for legal or regulatory purposes.
Your Rights
You have the right to:
- Access: Request a copy of the data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Request your data in a portable format
- Revocation: Disconnect any integration (Shopify, GA4, Google Ads, Meta Ads, Klaviyo, HubSpot, Snapchat Ads, Pinterest Ads, Gorgias, Recharge) from your Mocha Analytics account settings. Google services can also be revoked at myaccount.google.com/permissions
To exercise these rights, please contact us using the information below.
Cookies
We use essential cookies for authentication (session cookies). These cookies are necessary for the service to function and cannot be disabled. We do not use tracking cookies or advertising cookies.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.
Contact Us
If you have questions about this Privacy Policy or your data, please contact us at privacy@mochadash.com.