dominate

Legal

Privacy Policy

Last updated: April 2, 2026

Dominate (“Dominate,” “we,” “us,” or “our”) operates the website at dominate.co and provides eCommerce integration and checkout optimization software (collectively, the “Services”). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.

By using our Services, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of our Services.

1. Who We Are

Dominate is the data controller for personal data collected through dominate.co and our software applications. For questions or requests related to your personal data, contact us at:

  • Email: privacy@dominate.co
  • Address: Dominate, Baton Rouge, Louisiana, United States

2. Data We Collect

2.1 Data You Provide Directly

  • Account registration: Name, email address, company name, phone number, and password when you create an account or sign up for a plan.
  • Payment information: Billing name, address, and payment card details. Card numbers are processed and stored exclusively by our payment processor (Stripe) and are never stored on our servers.
  • Contact and support requests: Messages, inquiries, and attachments you send through our contact forms or support channels.
  • Integration credentials: API keys, store URLs, and authentication tokens you provide to connect your eCommerce platforms and NetSuite instance to our Services. These are encrypted at rest.
  • Communications: Email correspondence, demo booking information, and survey responses.

2.2 Data We Collect Automatically

  • Usage data: Pages visited, features used, clicks, session duration, and interaction patterns within the Services.
  • Device and technical data: IP address, browser type, operating system, screen resolution, referring URL, and device identifiers.
  • Log data: Server logs including access times, error logs, and API request logs.
  • Cookies and similar technologies: See Section 7 for full details.

2.3 Data From Third Parties

  • eCommerce platform data: Order records, customer data, inventory levels, and product data transmitted from Shopify, Magento, Adobe Commerce, BigCommerce, or WooCommerce as part of the integration Services you configure. This data is processed on your behalf as a data processor.
  • NetSuite data: Financial records, order data, and inventory data transmitted from your NetSuite account as part of the integration Services. Processed on your behalf as a data processor.
  • Analytics providers: Aggregated and anonymized analytics data from providers listed in Section 5.

3. How We Use Your Data

We use personal data for the following purposes and on the following legal bases:

3.1 To Provide and Operate the Services (Contractual Necessity)

  • Create and manage your account
  • Process payments and subscriptions
  • Authenticate access to your connected integrations
  • Sync data between your eCommerce platforms and NetSuite
  • Deliver support, respond to inquiries, and resolve technical issues
  • Send transactional emails (receipts, sync alerts, error notifications)

3.2 To Improve the Services (Legitimate Interests)

  • Analyze usage patterns to identify bugs and improve features
  • Monitor performance and reliability of integrations
  • Conduct internal analytics and product research
  • Develop new features based on usage data

3.3 Marketing Communications (Consent or Legitimate Interests)

  • Send product updates, newsletters, and promotional offers where you have opted in or where permitted by law
  • Retarget website visitors via advertising platforms (with your consent where required)
  • You may opt out of marketing emails at any time via the unsubscribe link in any email

3.4 Legal Compliance (Legal Obligation)

  • Comply with applicable laws, regulations, and legal processes
  • Respond to valid legal requests from law enforcement or regulators
  • Enforce our Terms and Conditions and protect against fraud or abuse

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following circumstances:

4.1 Service Providers (Data Processors)

We use trusted third-party vendors to operate our Services. These vendors process data only on our instructions and are bound by data processing agreements:

  • Stripe — Payment processing
  • Google Analytics / Google Tag Manager — Website analytics
  • Netlify — Website hosting and deployment
  • Sanity — Content management
  • Amazon Web Services (AWS) / equivalent cloud provider — Infrastructure and data storage
  • Postmark / SendGrid or equivalent — Transactional email delivery
  • Intercom or equivalent — Customer support and live chat

4.2 Business Transfers

If Dominate undergoes a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your data becomes subject to a different privacy policy.

4.3 Legal Requirements

We may disclose your data when required by law or in good-faith belief that such action is necessary to comply with a legal obligation, protect rights and safety, investigate fraud, or respond to a government request.

5. Cookies and Tracking Technologies

We use the following categories of cookies:

  • Strictly necessary cookies: Required to operate the website and Services (session management, authentication, security). These cannot be disabled.
  • Analytics cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). These collect anonymized data about page views, session duration, and traffic sources.
  • Marketing and retargeting cookies: Used to serve relevant advertising. Only deployed where consent is obtained (e.g., EU/UK visitors).
  • Preference cookies: Remember your settings and choices (e.g., language, UI preferences).

You can manage or withdraw cookie consent at any time via your browser settings or our cookie preference center. Note that disabling certain cookies may affect functionality.

6. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained for the duration of your active subscription plus 3 years after account closure, unless a longer period is required by law.
  • Payment records: Retained for 7 years to comply with financial record-keeping requirements.
  • Integration sync data: Retained for 90 days after sync, then automatically purged unless you request extended retention.
  • Support communications: Retained for 3 years from last contact.
  • Marketing data: Retained until you opt out or withdraw consent, then deleted within 30 days.
  • Analytics data: Retained in anonymized or aggregated form indefinitely; identifiable data deleted within 26 months.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted via TLS 1.2 or higher (HTTPS)
  • Integration credentials and API keys are encrypted at rest using AES-256
  • Access to production data is restricted to authorized personnel on a need-to-know basis
  • We conduct regular security reviews and vulnerability assessments
  • Payment card data is never stored on our servers; all card processing is handled by Stripe (PCI-DSS Level 1 certified)

No method of transmission or storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by law within 72 hours of becoming aware.

8. Your Rights

8.1 Rights Under GDPR (EU/UK Residents)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format and transfer it to another controller.
  • Objection: Object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
  • Lodge a complaint: File a complaint with your local data protection authority (e.g., the ICO in the UK or your national DPA in the EU).

8.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and any third parties we share it with.
  • Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Opt-Out: Opt out of the sale of personal information. We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: Request correction of inaccurate personal information.

To exercise any of these rights, contact us at privacy@dominate.co. We will respond within 30 days (CCPA) or within one month (GDPR), with extensions available where permitted by law. We may need to verify your identity before processing certain requests.

9. International Data Transfers

Dominate is headquartered in the United States. If you access our Services from outside the US, your data may be transferred to and processed in the United States, which may not have the same data protection laws as your country.

For transfers from the EU/UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK ICO, or other lawful transfer mechanisms. You may request a copy of the applicable SCCs by contacting privacy@dominate.co.

10. Children’s Privacy

Our Services are designed for business use and are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us personal data, we will delete it promptly. If you believe a child has provided us data, contact privacy@dominate.co.

11. Third-Party Links

Our website may contain links to third-party sites (e.g., Shopify, NetSuite documentation, partner sites). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or a prominent notice on our website. Continued use of the Services after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

For any privacy-related questions, requests, or complaints, contact us:

  • Email: privacy@dominate.co
  • General inquiries: dominate.co/contact
  • Mailing address: Dominate, Baton Rouge, Louisiana, United States

We aim to respond to all privacy requests within 5 business days and to resolve them within the timeframes required by applicable law.