Execenta Sign in

Privacy Policy

Last updated: 2026. Execenta is committed to GDPR compliance and to security practices aligned with ISO/IEC 27001.

1. Who we are

Execenta (“we”) provides a revenue and commerce intelligence platform. We process personal and business data as necessary to operate the service. For the Execenta application we act as data controller for account and usage data; where we process data on your behalf as part of the service, we do so under your instructions and applicable data processing terms.

2. Connected platforms and their privacy policies

Our platform can connect to third-party services (e.g. Shopify, Salesforce) to pull revenue, pipeline, or other business metrics. Those platforms have their own privacy policies and GDPR or other data-protection commitments.

  • You are responsible for complying with each platform’s terms and privacy policies when you connect them to Execenta.
  • We process data received from those platforms only as necessary to provide the Execenta service (e.g. to compute and display aggregated KPIs). We do not use it for advertising or other purposes unrelated to the service.

3. What data we store and what we do not store

We store the following:

  • Account data: Organisation name, user email addresses, role, and password hashes (for authentication).
  • Aggregated business data: KPI values (e.g. revenue, pipeline, profit totals by date), the date of the snapshot, and the source (e.g. Shopify, Salesforce, or manual). We do not store raw transaction data, individual orders, or opportunity records from connected platforms.
  • Connection data: Encrypted OAuth tokens and minimal provider metadata (e.g. store hostname or instance URL) so we can maintain the connection and sync data. We do not store customer lists, contact details, or other personal data from those platforms beyond what is strictly necessary for the integration.
  • Alerts: Alert rule configuration and in-app alert events (e.g. “revenue dropped below X”).
  • Audit data: Logs of actions (e.g. access to the service) for security and compliance.

We do not store: Raw order or opportunity records, end-customer PII from your Shopify or Salesforce data, or any personal data from connected platforms beyond what is needed to compute and store the aggregated metrics above.

4. Legal basis and purposes

We process your data on the basis of contract (performance of the service), legitimate interest (security, fraud prevention, improvement of the service), and where applicable with your consent. We use the data only to provide and operate Execenta, enforce our terms, and meet legal obligations.

5. Retention

We retain account and connection data for as long as your account is active and thereafter as required by law or for legitimate purposes (e.g. disputes, legal hold). Aggregated metric and alert data are retained for the period needed to operate the service; you can request deletion of your data (see your rights below).

6. Your rights (GDPR)

If you are in the EEA or UK, you have the right to:

  • Access your personal data and receive a copy.
  • Rectification of inaccurate data.
  • Erasure (“right to be forgotten”) where applicable.
  • Restriction of processing in certain cases.
  • Data portability (e.g. receive your data in a machine-readable format).
  • Object to processing based on legitimate interest.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority (e.g. in your country of residence).

To exercise these rights or for any privacy request, contact us at privacy@execenta.com. We will respond within the timeframes required by applicable law.

7. Security and ISO 27001

We implement technical and organisational measures to protect your data. Our security practices are designed to align with ISO/IEC 27001 principles, including:

  • Encryption of credentials and sensitive data at rest and in transit (TLS).
  • Access control and tenant isolation so customers only access their own data.
  • Secure authentication (e.g. strong passwords, session and CSRF protection).
  • Monitoring, logging, and incident management.

We do not claim a certified ISO 27001 status unless we explicitly state that we hold a valid certificate. Our documentation (e.g. Data Processing Agreement, subprocessor list) is available to customers on request.

To report a security vulnerability or for security-related concerns, contact security@execenta.com.

8. Subprocessors and international transfers

We use subprocessors (e.g. hosting, database) to run the service. We choose them with regard to GDPR and data residency requirements. Details and any international transfer mechanisms (e.g. Standard Contractual Clauses) are set out in our Data Processing Agreement, available on request.

9. Changes

We may update this policy from time to time. We will post the updated version on this page and indicate the last updated date. Continued use of the service after changes constitutes acceptance of the updated policy where permitted by law.

10. Contact

For privacy requests, data protection questions, or to exercise your rights, contact:

privacy@execenta.com

For security issues or to report a vulnerability:

security@execenta.com

← Back to login