EN English
English
French
Arabic
EN English
English
Français
Arabic
Privacy

Privacy Policy

Last updated: April 30, 2026
~8 min read
Applies to Tunisian users
Your privacy matters to us. This Privacy Policy explains what personal data Shopium collects, why we collect it, how we use and protect it, and what rights you have over your information. By using the Shopium platform, you agree to the practices described in this policy.
01

Overview

Shopium ("we," "our," or "us") is an e-commerce platform headquartered in Tunisia. We operate the Shopium website, merchant dashboard, and associated services (collectively, the "Platform"). This Privacy Policy applies to all merchants, administrators, and visitors who interact with the Platform.

We collect and process personal data only as necessary to provide our services, improve the Platform, and comply with our legal obligations under Tunisian law, including the provisions of Organic Law No. 2004-63 of 27 July 2004 on the protection of personal data, as administered by the Instance Nationale de Protection des Données Personnelles (INPDP).

We do not sell your personal data to third parties. We do not use your data for purposes beyond what is described in this policy without first obtaining your explicit consent.

02

Information We Collect

We collect information in three ways: directly from you when you register or use the Platform, automatically as you interact with our services, and from third parties where applicable.

Category Data collected Purpose
Account info Full name, email address, phone number, store name Account creation, authentication, support
Profile data Profile photo, business address, preferred language Personalising your dashboard experience
Usage data Pages visited, features used, session duration, clicks Platform improvement, analytics
Device & technical IP address, browser type, OS, referral URL Security, fraud detection, diagnostics
Communications Support tickets, emails, chat messages Customer support, legal record-keeping
Merchant store data: When your customers place orders through your Shopium store, their personal data (name, address, contact info) is processed on your behalf. As a merchant, you are the data controller for your customers' data. Shopium acts as a data processor in this context and processes such data only on your instructions and in accordance with our Data Processing Agreement.
03

Payment & Billing Data

When you subscribe to a paid Shopium plan, we collect billing information necessary to process your subscription payment. This includes your name, billing address, and payment method details.

We never store raw card data. All payment transactions are processed by PCI-DSS compliant third-party payment processors. Shopium only retains a tokenized reference, the last four digits of your card, card type, and billing address for record-keeping and invoicing purposes.

We retain billing records and invoices for a minimum of 5 years in accordance with Tunisian accounting and tax regulations. Payment history is accessible at any time from your account dashboard under Settings → Billing.

  • Subscription invoices are emailed to your registered address automatically on each billing cycle.
  • We do not share your payment details with any party other than our payment processor and tax authorities where legally required.
  • In the event of a failed payment, we may contact you using your registered email or phone number to resolve the issue.
04

Cookies & Tracking

Shopium uses cookies and similar tracking technologies on both the Shopium platform and on merchant storefronts to ensure proper functionality, improve performance, and provide relevant analytics and marketing insights.

Type Purpose Retention
Essential Session management, authentication, CSRF protection, cart functionality Session / up to 30 days
Analytics Page views, traffic sources, user behaviour analysis (Google Analytics) Up to 26 months
Marketing Conversion tracking, retargeting ads (Facebook Pixel, Google Ads) Up to 90 days

Essential cookies are strictly necessary for the Platform to function and cannot be disabled. Analytics and marketing cookies are optional and activated only with your consent, which you can manage at any time through the cookie preferences banner displayed on first visit.

Merchant stores: If you have enabled Facebook Pixel or Google Analytics on your store, those third-party tracking tools may place cookies on your end-customers' browsers. You are responsible as a merchant for informing your customers about this and obtaining any consents required by applicable law.
05

Third-Party Integrations

The Shopium platform integrates with a number of third-party services to deliver its full feature set. Each of these third parties operates under their own privacy policies and data practices. We encourage you to review their policies.

Service Purpose Data shared
Google Analytics Platform & store traffic analytics Anonymised usage data, IP (anonymised)
Facebook Pixel Ad conversion tracking on merchant stores Hashed email, page events (if enabled by merchant)
Payment processor Subscription billing Name, billing address, tokenised card reference
Email service provider Transactional emails, notifications Email address, name
Cloud hosting provider Infrastructure & data storage All platform data (processed under strict DPA)

All third-party processors we engage are bound by data processing agreements (DPAs) that require them to handle your data securely, process it only for the purposes specified, and not transfer it to unauthorised parties.

06

Data Sharing with Third Parties

We do not sell, rent, or trade your personal data. We share your information only in the following limited circumstances:

  • Service providers: We share data with vetted third-party providers (hosting, payment, email, analytics) strictly to operate and improve the Platform, as described in Section 05.
  • Legal obligations: We may disclose your data when required to do so by Tunisian law, court order, or a competent governmental authority, including the INPDP.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to the same privacy protections.
  • With your consent: We will share your data with any other party only if you have given us explicit, informed consent to do so.
  • Aggregated analytics: We may share anonymised, aggregated statistical data (e.g. total number of active stores in a region) that cannot be used to identify any individual.
We never sell your data. Shopium's business model is based on subscription revenue . not advertising. Your data will never be sold to advertisers, data brokers, or any other commercial parties.
07

How We Store & Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration. Our key security practices include:

  • All data in transit is encrypted using TLS 1.2 or higher (HTTPS across all Platform endpoints).
  • Data at rest is encrypted using AES-256 encryption on all production databases and file storage.
  • Access to personal data is restricted to authorised Shopium personnel on a strict need-to-know basis, enforced through role-based access controls.
  • Regular automated backups are performed and stored in geographically redundant locations.
  • We conduct periodic security audits and vulnerability assessments of our infrastructure.
  • Passwords are hashed using a strong one-way algorithm (bcrypt) and are never stored in plaintext.
  • Two-factor authentication (2FA) is available and strongly recommended for all merchant accounts.
Data retention: We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we remove personal data within 30 days, except where retention is required by law (e.g. billing records retained for 5 years per Tunisian tax law).

In the event of a personal data breach that poses a risk to your rights, we will notify you and the INPDP without undue delay, and no later than 72 hours after becoming aware of the breach, in accordance with applicable law.

08

Your Rights

Under Tunisian law and our own commitment to transparency, you have the following rights regarding the personal data we hold about you. To exercise any of these rights, contact us at privacy@shopium.tn. We will respond within 30 days.

Right of Access
Request a copy of all personal data we hold about you at any time.
Right to Rectification
Ask us to correct any inaccurate or incomplete personal data we hold.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements.
Right to Restriction
Ask us to limit how we process your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format (JSON or CSV).
Right to Object
Object to processing of your data for marketing or analytics purposes at any time.

If you believe your privacy rights have been violated and we have not adequately addressed your concern, you have the right to lodge a complaint with the Instance Nationale de Protection des Données Personnelles (INPDP) at www.inpdp.nat.tn.

09

Contact & Data Controller

Shopium is the data controller for personal data collected through the Platform. For any privacy-related questions, data requests, or concerns, please contact our Privacy team:

  • Email: privacy@shopium.tn
  • Subject line: "Privacy Request. [Your Name]"
  • We aim to acknowledge all requests within 5 business days and resolve them within 30 days.

Questions about your data?

Reach our Privacy team at privacy@shopium.tn — we respond within 5 business days.

Contact Privacy Team