Privacy Policy
This English version is a convenience translation. The legally binding version is the German version.
Last updated: June 2026
With this Privacy Policy, we inform you about the processing of personal data when you visit this website (getshoploop.com) and when you use the Shoploop application. We treat your data confidentially and in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Controller
The controller responsible for data processing within the meaning of Art. 4(7) GDPR is:
MH Onlinehandel GmbHHauptstraße 28, 15806 Zossen, Deutschland
E-Mail: kontakt@getshoploop.com
For questions regarding data protection, you can reach us at kontakt@getshoploop.com.
2. Hosting and Server Log Files
This website is operated on servers of a hosting provider located in Germany or the European Union. A data processing agreement pursuant to Art. 28 GDPR is in place with the provider.
When you access the website, the web server automatically collects so-called server log files that your browser transmits. These are generally:
- anonymized or truncated IP address,
- date and time of access,
- page/file accessed and amount of data transferred,
- notification of successful retrieval (HTTP status code),
- browser type and operating system used,
- referrer URL (previously visited page).
This data is technically necessary to deliver the website, to ensure its stability and security and to prevent misuse. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in secure and trouble-free operation). The log files are deleted after a short period, unless they are needed to investigate a specific security incident.
3. Fonts
This website uses the font "Inter", which is embedded locally on our server. There is no connection to third-party servers (e.g. Google Fonts); your IP address is not transmitted to third parties for this purpose.
4. Cookies and Tracking
This website does not set any cookies for analytics or marketing purposes and uses no tracking or analytics services (no Google Analytics or similar). No usage profiles are created. For this reason, no cookie consent banner is required.
5. Contacting Us
If you contact us by email, we process the data you provide (e.g. email address, name, content of the inquiry) to handle your request. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries). The data is deleted as soon as it is no longer required to achieve the purpose and no statutory retention obligations prevent its deletion.
6. Processing within the Shoploop Application
Shoploop is a SaaS platform for optimizing Google Shopping product data and campaigns. The following information concerns processing in the context of an active usage relationship (customer account). The legal basis is Art. 6(1)(b) GDPR (performance of a contract) as well as Art. 6(1)(f) GDPR (legitimate interest in the operation, security and further development of the service).
6.1 Account Data
For the registration and management of an account, we process master and contact data (e.g. name, email address, company data) as well as data required for processing payments via our payment service provider.
6.2 Connected Google Accounts and Data
Following your explicit authorization, Shoploop accesses data from your Google accounts via the official Google interfaces in order to provide the service. For this purpose – depending on the booked features – the following permissions (scopes) are used, predominantly read-only:
- Google Ads (campaign and performance data),
- Google Merchant Center / Content API (product and feed data),
- Google Analytics (read-only),
- Google Search Console (read-only),
- Google Business Profile (management, where booked).
The connection is established via Google's OAuth procedure. The access tokens granted in this process are stored in encrypted form and used exclusively to provide the services you have commissioned. Optimizations are delivered via a supplementary feed stored by you in your Merchant Center; Shoploop makes no write changes to your primary feed. You can revoke granted access at any time in your Google account or in Shoploop.
7. Google API Services – Limited Use
Shoploop's use of information received from Google APIs and the transfer of that information to other applications adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular, we use the data received via Google interfaces exclusively to provide and improve the features you use. We do not use this data for advertising purposes, do not sell it and do not pass it on to third parties, except where this is necessary to provide the service, for security reasons or to comply with legal obligations. Human access to this data only takes place in the exceptional cases permitted by the policy.
8. Processors and Services Used
To provide our services, we use carefully selected service providers with whom – where necessary – data processing agreements pursuant to Art. 28 GDPR are in place:
| Service provider | Purpose |
|---|---|
| Hetzner Online GmbH (DE) | Server hosting of the application, EU data storage |
| Cloudflare, Inc. (US/EU) | Content delivery, DNS, security/DDoS protection |
| Microsoft Ireland Operations Ltd. (Microsoft 365) | Email communication |
| Resend (US) | Sending transactional emails |
| Stripe Payments Europe, Ltd. | Payment processing |
| Google Ireland Ltd. | Google Ads, Merchant Center, Analytics, Search Console (API access) |
| Anthropic, PBC (US) | AI-assisted text and data optimization |
| OpenAI, L.L.C. (US) | AI-assisted text and data optimization |
| Sentry (Functional Software, Inc.) | Error and stability monitoring |
| 1Password (AgileBits Inc.) | Secure management of credentials (internal) |
If a CSS aggregator (Comparison Shopping Service) is integrated for individual features, we will inform you about this separately. The list is updated as required.
9. Data Transfers to Third Countries
Some of the aforementioned service providers are based or process data in the USA or other third countries. Where no adequacy decision of the EU Commission applies, we base the transfer on appropriate safeguards pursuant to Art. 46 GDPR – in particular the EU Standard Contractual Clauses – as well as, where applicable, on a certification under the EU-US Data Privacy Framework.
10. Storage Period
We process personal data only for as long as it is required for the respective purposes or as statutory retention periods (e.g. under commercial and tax law) require. The data is subsequently deleted or restricted from further processing.
11. Your Rights
Subject to the statutory requirements, you have the following rights:
- access to the processed data (Art. 15 GDPR),
- rectification of inaccurate data (Art. 16 GDPR),
- erasure (Art. 17 GDPR),
- restriction of processing (Art. 18 GDPR),
- data portability (Art. 20 GDPR),
- objection to processing (Art. 21 GDPR),
- withdrawal of consent granted, with effect for the future (Art. 7(3) GDPR).
To exercise your rights, a message to kontakt@getshoploop.com is sufficient.
12. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the State Commissioner for Data Protection and the Right to Access Files of Brandenburg (LDA Brandenburg). You may also contact the supervisory authority of your usual place of residence.
13. Currency and Changes
This Privacy Policy will be adapted as soon as changes to the processing or to the legal framework make this necessary. The version published on this page applies in each case.
← Back to homepage