All data in transit is secured using recommended TLS protocol versions and all applications enforce SSL traffic.


Personal/sensitive data at rest is encrypted using industry-standard encryption algorithms. At Shopalyst, we recognize that PII data is highly sensitive and must be treated with the utmost respect for individual privacy. To ensure compliance and respect for our users' privacy, we strictly adhere to Standard Operating Procedures.

The Standard Operating Procedure for handling PII Data follows:

  • To request the collection of PII data, please send an email specifying the required information to be collected. At Shopalyst, we only collect PII data that is strictly necessary for our business needs. For example, if the objective of the campaign is to send email communications, we will only collect email addresses from users.

  • Secure channel to be used for data transfer. We recommend in the order of channel preference: 
    1. Brand/Agency managed forms (Like gigya forms)
    2. Brand/Agency provides an S3 bucket for file drop
    3. Brand/Agency provides POST API endpoint


  • Duration of the campaign to be communicated to Shopalyst
  • If Shopalyst is to store data in the system, data is to be transferred within 30 from of the data collection date
  • Agency/Brand to acknowledge upon collecting the data PII data

PII data will be deleted from the Shopalyst system as soon as the data is successfully transferred to the customer ecosystem. 

At our company, we take privacy very seriously and have implemented stringent internal privacy controls that have been verified and regulated by reputable third-party entities. To learn more about our privacy policies and procedures, please visit our Security & Compliance