Cross-Sell Pro by Mira Commerce

Privacy Policy

This Privacy Policy governs the manner in which Cross-Sell Pro ("the App", "we", "us", or "our") collects, uses, maintains, and discloses information collected from users of the App. This Privacy Policy applies to the App and all products and services offered by the App provider.

We encourage you to read this Privacy Policy carefully to understand our practices regarding your personal data. If you have questions about this Privacy Policy or our privacy practices, please contact us at apps@miracommerce.com.

1. Definitions

1.1 Information Types

  • Account Information: Data about how and when your account is accessed and the features used, including subscription status and billing information.
  • Browser Information: Information provided by your browser, including IP address, the website visited, network connection, device information, and other technical data.
  • Contact Information: Basic personal details, including first and last name, company name, email address, and phone number.
  • Payment Information: Credit card or other payment information processed through BigCommerce's payment system.
  • Security Information: User ID, access tokens, and other security information used for authentication and account access.
  • Settings Information: Configuration data including product lists, display limits, styling preferences, and script anchor settings.
  • Store Information: Data related to your BigCommerce store, including store hash, store name, and store configuration.

1.2 Other Definitions

  • Merchant: An entity that is using Cross-Sell Pro Services for their BigCommerce store.
  • Personal Data: Any information relating to an identified or identifiable natural person under applicable data protection laws and regulations.
  • Processing: Any operation performed upon Personal Data, including collection, organization, storage, transmission, and use.
  • Shopper: A customer who interacts with a Merchant's storefront where the App is installed.

2. Information We Collect

2.1 Information Collected from Merchants

When you install and use Cross-Sell Pro, we collect and process the following information:

  • Account Information: Your BigCommerce account details, including user ID, email address, username, and account access information.
  • Store Information: Your store hash, store name, and store configuration necessary to provide the App's services.
  • Settings Information: Your app configuration including:
    • Product lists (product IDs for cross-sell recommendations)
    • Pinned product lists
    • Display limits (cart preview and checkout limits)
    • Custom styling preferences (CSS)
    • Script anchor configurations
    • App enable/disable status
  • Subscription Information: Subscription status, billing information, payment method (processed through BigCommerce), and subscription history.
  • Security Information: Access tokens and authentication data required to interact with your BigCommerce store via the API.
  • Browser Information: When you access the App's admin interface, we may collect browser information, IP address, and device information for security and support purposes.

2.2 Information Collected from Shoppers (Your Customers)

Important: Cross-Sell Pro does not collect any personally identifiable information (PII) such as names, email addresses, or contact information from your customers or shoppers.

The App operates on your storefront through scripts that collect the following non-personally identifiable information in real-time:

  • Cart Product IDs: Product IDs of items currently in the customer's shopping cart. This information is collected temporarily to determine which products to exclude from cross-sell recommendations (to avoid showing products already in the cart).

How this data is used:

  • Cart product IDs are sent to our backend API in real-time to generate personalized cross-sell recommendations
  • This data is used immediately to filter and display relevant products and is not stored, logged, or retained
  • The data is not linked to customer identities or personal information
  • The data is not used for tracking, analytics, or any purpose other than displaying cross-sell recommendations

The App does not collect, store, or transmit:

  • Customer names, email addresses, or contact information
  • Customer payment information
  • Customer browsing history beyond the current cart session
  • Any personally identifiable information about your customers
  • Any data that can be used to identify individual customers

All other customer data remains within your BigCommerce store and is subject to your store's privacy policy and BigCommerce's privacy practices.

2.3 Information Collected from Website Visitors

When you visit our website or contact us for support, we may collect:

  • Contact Information: Information you provide when contacting us, such as name, email address, and message content.
  • Browser Information: IP address, browser type, device information, and pages visited on our website.
  • Support Information: Technical information, error reports, and communication data when you request support.

3. How We Use Your Information

3.1 To Provide Our Services

We use the information we collect to:

  • Provide, maintain, and improve the Cross-Sell Pro App
  • Process and manage your subscription
  • Store and apply your app settings and configurations
  • Enable the App to display cross-sell products on your storefront
  • Authenticate and authorize access to your BigCommerce store via API
  • Provide customer support and respond to your inquiries
  • Send you important account-related communications

2.2 To Improve Our Services

We may use aggregated, anonymized data to:

  • Analyze app usage patterns and performance
  • Identify and fix technical issues
  • Develop new features and improvements
  • Understand how merchants use the App

3.3 Legal Compliance

We may use your information to:

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Protect our rights and prevent fraud or abuse
  • Enforce our Terms and Conditions

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 BigCommerce

We share necessary information with BigCommerce to:

  • Authenticate and authorize API access to your store
  • Process subscription payments through BigCommerce's billing system
  • Install and manage scripts on your storefront
  • Provide the App's core functionality

Your use of the App is subject to BigCommerce's privacy policy and terms of service.

4.2 Payment Processors

Payment information is processed through BigCommerce's payment system. We do not directly process or store your payment card information. All payment processing is handled by BigCommerce and their payment partners in accordance with PCI DSS standards.

4.3 Service Providers

We may share information with trusted service providers who assist us in operating the App, such as:

  • Cloud hosting providers (for data storage)
  • Database providers (Firebase or MySQL, depending on app configuration)
  • Analytics services (for app performance monitoring)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.4 Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal process, including subpoenas, court orders, or government requests
  • Protection of our rights, property, or safety
  • Prevention of fraud or abuse
  • Compliance with applicable laws and regulations

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5. Data Storage and Security

5.1 Data Storage

Your information is stored securely using industry-standard databases (Firebase Firestore or MySQL, depending on app configuration). Both database systems provide enterprise-grade security and encryption capabilities.

5.2 Database Encryption

We implement encryption at multiple levels to protect your data:

  • Encryption at Rest: All data stored in our databases is encrypted at rest:
    • Firebase Firestore: Google Cloud Firestore automatically encrypts all data at rest using AES-256 encryption. Data is encrypted before being written to disk and decrypted when read.
    • MySQL: Database encryption at rest depends on the hosting provider. We use MySQL databases with encryption capabilities enabled, typically through Transparent Data Encryption (TDE) or provider-managed encryption services.
  • Encryption in Transit: All data transmitted between your browser, our servers, and our databases is encrypted using TLS/SSL protocols (minimum TLS 1.2). This includes:
    • API communications with BigCommerce
    • Database connections and queries
    • Admin interface access
    • All network communications
  • Access Token Security: Access tokens and authentication credentials are stored in encrypted format and are never transmitted or logged in plain text.

5.3 Additional Security Measures

We implement additional technical and organizational security measures to protect your personal information, including:

  • Access Controls: Role-based access controls and authentication mechanisms to ensure only authorized personnel can access your data
  • Database Access Restrictions: Database access is restricted to authorized application servers only, with IP whitelisting and network isolation
  • Regular Security Assessments: Periodic security audits and vulnerability assessments
  • Secure API Communication: All API communications with BigCommerce use OAuth 2.0 and encrypted connections
  • Network Security: Firewall protection, intrusion detection systems, and DDoS mitigation
  • Backup Encryption: All database backups are encrypted using the same encryption standards as the primary database
  • Monitoring and Logging: Continuous monitoring of database access and security events for anomaly detection

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information using industry-standard security practices, we cannot guarantee absolute security.

5.3 Your Responsibility

You are responsible for maintaining the security of your account credentials and access tokens. Do not share your BigCommerce API credentials or access tokens with unauthorized parties.

6. Cookies and Tracking Technologies

The App's admin interface may use cookies and similar tracking technologies to:

  • Maintain your session when using the App
  • Remember your preferences and settings
  • Analyze app usage and performance
  • Provide security and prevent fraud

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of the App.

Note: The App installs scripts on your storefront that do not use cookies or tracking technologies to collect customer information.

7. Your Rights and Choices

7.1 Access and Correction

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Update your account settings and preferences
  • Request a copy of your data

You can update most of your information directly through the App's interface. For other requests, please contact us at apps@miracommerce.com.

7.2 Data Deletion

You may request deletion of your personal information by:

  • Uninstalling the App from your BigCommerce store (this will delete your app settings and data)
  • Contacting us directly at apps@miracommerce.com

Please note that we may retain certain information as required by law or for legitimate business purposes, such as:

  • Billing and payment records
  • Legal compliance requirements
  • Fraud prevention

7.3 Subscription Management

You can manage your subscription, including cancellation, through the Subscription Management page in the App. Cancelling your subscription will disable the App, but your data will be retained until you uninstall the App.

7.4 Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. To request your data, please contact us at apps@miracommerce.com.

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide you with the App's services
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

When you uninstall the App, we will delete your app settings and configuration data. We may retain certain information (such as billing records) as required by law or for legitimate business purposes.

9. Children's Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using the App, you consent to the transfer of your information to these countries.

We take appropriate measures to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on this page
  • Updating the "Last Updated" date at the bottom of this page
  • Sending you an email notification (for significant changes)

Your continued use of the App after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Your Responsibilities as a Merchant

As a merchant using Cross-Sell Pro, you are responsible for:

  • Customer Privacy: Ensuring your store has an accurate privacy policy that complies with applicable laws and regulations
  • Customer Consent: Obtaining appropriate consent from your customers for the use of the App on your storefront
  • Data Protection: Complying with all applicable data protection laws regarding customer data in your store
  • Product Compliance: Ensuring that products displayed through the App comply with all applicable laws and regulations

While Cross-Sell Pro does not collect customer PII, you remain responsible for your customers' data as collected and stored by your BigCommerce store.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiries within a reasonable timeframe, typically within 24-48 hours during business days.

Last Updated: 2/26/2026
App Version: 1.0.1