Legal

Privacy Policy

Effective date: March 17, 2026

Passo AI, Inc. ("Passo," "we," "us," or "our") operates the Passo platform and website at passo.co. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our services.

1. Information We Collect

Information you provide

  • Account information— name, email address, company name, and role when you create an account or request a demo.
  • Payment information— billing details processed by our third-party payment processor. We do not store full payment card numbers.
  • Communications— messages you send us through support channels or email.

Information from connected services

When you connect third-party services (such as DocuSign, email providers, or social media platforms), we may receive data necessary to provide our services, including:

  • DocuSign— envelope metadata, document status, and signer information to automate contract workflows within your influencer program.
  • Social media platforms — public profile data and content performance metrics to support influencer discovery and campaign reporting.
  • Shopify— when a brand merchant installs the Passo app on their Shopify store, we receive product and variant catalog data (titles, prices, inventory state), order data for orders we create on the merchant's behalf, discount code data and usage state, and basic shop metadata (shop domain, owner email, plan) provided during OAuth authorization. We request only the following scopes: read_products, read_orders, write_orders, write_draft_orders, read_discounts, write_discounts, and write_content.

Creator information

When a brand uses Passo to partner with a creator, we collect the creator's name, email address, and shipping address. This information is provided by the creator and is used to facilitate product shipments and partnership communications. We transmit creator name, shipping address, and email to the merchant's Shopify store as part of order and draft-order creation so the merchant can fulfill the shipment. We do not collect or store the merchant's general Shopify customer list or any customer PII beyond the creators the brand explicitly partners with through Passo.

Information collected automatically

  • Device type, browser type, IP address, and operating system.
  • Usage data such as pages visited, features used, and interaction patterns.
  • Cookies and similar tracking technologies (see Section 6).
  • When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or mailing address. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR by visiting https://www.rb2b.com/rb2b-gdpr-opt-out.

2. How We Use Your Information

  • Provide, maintain, and improve our services.
  • Process transactions and send related notifications.
  • Automate influencer program workflows, including contract management and campaign tracking.
  • Create zero-cost, auto-fulfilled orders and draft orders on a merchant's Shopify store to ship products to creators on the brand's behalf.
  • Create and manage discount codes on a merchant's Shopify store for creator partnerships and affiliate links.
  • Write to a merchant's Shopify content surfaces as part of campaign workflows.
  • Communicate with you about products, services, and updates.
  • Detect, prevent, and address security issues and abuse.
  • Comply with legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share data with:

  • Service providers— third parties that help us operate our platform (hosting, analytics, payment processing, e-signature services).
  • Connected integrations — when you authorize a third-party integration, data necessary for that integration is shared per your instructions.
  • Shopify (sub-processor) — when a brand merchant installs our app, we act as a data processor on the merchant's behalf. We transmit creator names, shipping addresses, and email addresses to the merchant's Shopify store to create orders and draft orders for product shipments. We also transmit product variant IDs, quantities, and discount code details (names, values, and scopes) as directed by the brand. Shopify processes this data under its own Privacy Policy.
  • Legal requirements— when required by law, regulation, or legal process.
  • Business transfers— in connection with a merger, acquisition, or sale of assets.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide services. You may request deletion of your data at any time by contacting us. We will delete or anonymize your data within 30 days of a verified request, unless retention is required by law.

Shopify-specific retention and deletion

We subscribe to Shopify's mandatory compliance webhooks as required by the Shopify Partner Program:

  • customers/data_request — when Shopify forwards a data-subject access request, we respond with any creator data tied to the corresponding Shopify customer record.
  • customers/redact— when Shopify requests erasure of a customer record, we delete the corresponding creator-facing data on our side within Shopify's required timeframe.
  • shop/redact— when a merchant requests full data erasure, we delete all data associated with that merchant's workspace within 48 hours of receiving the webhook, per Shopify's Partner Program requirements.

When a merchant uninstalls the Passo app, we immediately revoke the stored OAuth access token and stop all data synchronization with that store.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security assessments. Shopify OAuth access tokens are stored encrypted at rest and are scoped to the minimum permissions required. No method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Cookies and Tracking

We use cookies and similar technologies to remember preferences, analyze usage, and improve our services. You can control cookies through your browser settings.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data.
  • Object to or restrict certain processing.
  • Data portability.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at privacy@passo.co.

8. Third-Party Services and Sub-Processors

Our platform integrates with third-party services that act as sub-processors. Each service has its own privacy policy, and we encourage you to review them. We only access data from these services that you explicitly authorize, and we use it solely to provide the features you have enabled.

  • Shopify— e-commerce platform. Passo installs as a Custom Distribution app on each merchant's store. We read product catalogs and write orders, draft orders, discounts, and content on the merchant's behalf. Shopify also provides shop metadata during OAuth. See Shopify's Privacy Policy.
  • Supabase— database and backend infrastructure. Merchant catalog data, order records, discount data, and creator information are stored in Supabase, scoped to each merchant's workspace. See Supabase's Privacy Policy.
  • Vercel— hosting and infrastructure provider for the Passo web application. See Vercel's Privacy Policy.
  • DocuSign— e-signature and contract management for influencer program workflows. See DocuSign's Privacy Policy.
  • RB2B— website visitor identification. RB2B uses cookies and similar technologies to associate website visits with publicly available contact information for marketing purposes. See RB2B's Privacy Policy.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Passo AI, Inc.
privacy@passo.co