We use cookies
Essential cookies keep the site running. Analytics help us improve. Marketing cookies support relevant offers. You can change preferences anytime.
View cookie policyLegal & Privacy
This page explains what personal data ilanoShop collects, how we use it, how integrations such as Google Calendar and TikTok Shop work, and what choices merchants, customers, and end users have over their information.
Account data, order and booking data, support communications, analytics, and integration data needed to run the service.
Authentication, storefront and checkout operations, bookings, merchant tools, customer support, and authorized integrations.
Merchant-authorized Google Calendar access is used only to check availability and create, update, or delete booking events.
You can request access, correction, export, or deletion of your data. Merchants can also revoke connected integrations such as Google Calendar.
We do not sell personal data. We share it only with service providers, merchant-authorized integrations, or where required by law.
Company: Paradigm Shift Multimedia LTD (trading as ilanoShop).
Company No.: 17048990.
Document Type: Privacy Policy.
Applies To: ilanoShop website visitors, customers, merchant users, and platform integrations including Google and TikTok Shop.
Effective Date: 20 March 2026.
Last Reviewed: 20 March 2026.
Next Review: 1 March 2027.
This Privacy Policy explains how ilanoShop collects, uses, stores, shares, and protects personal data when you use our websites, merchant tools, storefronts, checkout flows, booking tools, customer accounts, and third-party integrations.
This policy is intended to satisfy the disclosure requirements of the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), the California Privacy Rights Act (CPRA), and platform review requirements for integrations such as Google and TikTok Shop.
This policy specifically covers:
• How ilanoShop processes data received via Google sign-in and Google Calendar integrations.
• How ilanoShop processes data received via the TikTok Shop API integration.
• Data retention periods for all categories of personal data.
• The rights available to data subjects (merchants, buyers, and end users).
• International data transfers and the safeguards we apply.
• How to contact our designated privacy contact.
ilanoShop (operated by Paradigm Shift Multimedia LTD) acts as the data controller for personal data processed on the ilanoShop platform.
Data Controller: Paradigm Shift Multimedia LTD (trading as ilanoShop).
Registration: Company No. 17048990, registered in England & Wales.
Privacy Contact: privacy@ilanoshop.com.
Postal Address: United Kingdom.
For queries related to data protection, including exercising your rights or raising a complaint, please contact us at privacy@ilanoshop.com. We will respond within 30 days.
Note: Depending on the scale of processing, ilanoShop may be required to appoint a formal Data Protection Officer (DPO) under UK GDPR Article 37. This will be reviewed as the platform scales.
ilanoShop collects and processes the following categories of personal data:
Merchant Account Data: Name, email, business name, billing address. Purpose: Contract performance (UK GDPR Art. 6(1)(b)).
Google Account Data: Basic profile details such as name, email address, and profile image when a user chooses to sign in with Google. Purpose: Authentication, account linking, and account security (Art. 6(1)(b), 6(1)(f)).
Google Calendar Integration Data: Calendar event metadata, event identifiers, availability information, and OAuth tokens for connected merchant calendars. Purpose: Booking synchronization, event creation, event updates, and event cancellation after explicit merchant authorization (Art. 6(1)(b), 6(1)(f)).
TikTok Shop Data: Order data, product listings, buyer info received via TikTok API. Purpose: Contract performance; legitimate interests (Art. 6(1)(b), 6(1)(f)).
Buyer/Customer Data: Name, delivery address, order history. Purpose: Fulfilling merchant orders (Art. 6(1)(b)).
Usage & Analytics: Page views, feature usage, session data. Purpose: Legitimate interests — platform improvement (Art. 6(1)(f)).
Payment Data: Processed by Stripe/Square; ilanoShop does not store card details. Purpose: Contract performance; processed by PCI-DSS compliant processors.
Communications: Support tickets, emails. Purpose: Legitimate interests — customer support (Art. 6(1)(f)).
Where a user chooses to sign in with Google or a merchant connects Google Calendar, the following commitments apply:
• Google sign-in is optional. Users may choose another sign-in method where available.
• ilanoShop requests only the minimum Google scopes required for the enabled feature. For booking calendar sync, this currently includes Google Calendar read access for availability checks and event access to create, update, and delete booking events.
• Google Calendar data is used only to power merchant-authorized booking workflows. We use it to read availability, create events for confirmed appointments, update those events when appointments are rescheduled, and remove or cancel those events when appointments are cancelled.
• We do not use Google user data for advertising, profiling, data sale, or any unrelated analytics purpose.
• OAuth tokens are stored securely and scoped to the merchant tenant that connected the integration.
• Merchants can revoke Google Calendar access at any time. When the integration is disconnected, stored tokens and synchronization identifiers are deleted within 30 days unless a longer retention period is required by law or for security incident investigation.
Where ilanoShop integrates with the TikTok Shop API as a partner, the following specific commitments apply:
• Data minimisation: ilanoShop requests only the minimum API scopes necessary to deliver the service (order management, product syncing, inventory updates).
• Purpose limitation: TikTok Shop data received via the API is used solely to provide the ilanoShop platform service to the merchant. It is not used for advertising, sold to third parties, or processed for any purpose beyond the agreed service.
• Deletion on termination: When a merchant revokes ilanoShop's access to their TikTok Shop account, all associated TikTok-sourced personal data is deleted within 30 days.
• Sub-processors: TikTok-sourced data may pass through ilanoShop's cloud infrastructure provider. All sub-processors are bound by appropriate data processing agreements.
• No sharing: ilanoShop does not share TikTok Shop data with any third party except where required by law or to deliver the core service (e.g. payment processors for order fulfilment).
Personal data is retained only for as long as necessary to fulfil the original purpose of collection, or as required by applicable law.
Merchant account data: Duration of account + 6 years. Basis: Legal obligation (UK tax/contract law).
Google sign-in account data: Duration of account + 30 days after account deletion request, subject to fraud and security retention requirements.
Google Calendar tokens and booking sync metadata: Duration of connection + 30 days after disconnect or merchant account termination, unless a longer retention period is required by law or for security investigation.
TikTok Shop order data: Duration of integration + 30 days after revocation. Basis: Contract performance; deleted on disconnection.
Buyer/customer data: Duration of merchant account + 6 years. Basis: Legal obligation (transaction records).
Support communications: 3 years from last contact. Basis: Legitimate interests.
Analytics/usage data: 13 months (rolling). Basis: Legitimate interests; industry standard.
Payment records: 7 years. Basis: UK HMRC legal requirement.
Security/audit logs: 12 months. Basis: Security monitoring, incident investigation.
After the relevant retention period expires, data is securely deleted or anonymised so that it can no longer be attributed to an individual.
ilanoShop does not sell personal data. We share personal data only where necessary to operate the service, comply with the law, or protect our rights.
Service providers and sub-processors: Hosting, authentication, analytics, payment processing, email delivery, and infrastructure providers may process data on our behalf under appropriate contractual safeguards.
Merchant-authorized integrations: When a merchant connects third-party services such as Google Calendar or TikTok Shop, data is exchanged only to provide the feature the merchant enabled.
Legal and safety disclosures: We may disclose personal data where required by law, regulation, court order, or where necessary to investigate fraud, abuse, or security incidents.
Under UK GDPR, EU GDPR, and CPRA (where applicable), individuals have the following rights regarding their personal data:
Right to Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure: Request deletion of your data where there is no legitimate reason to continue processing it.
Right to Portability: Receive your data in a structured, machine-readable format.
Right to Restrict Processing: Ask us to pause processing your data in certain circumstances.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
CPRA Rights (California): California residents also have the right to know, correct, delete, opt-out of sale/sharing, and limit use of sensitive personal information.
To exercise any of these rights, please contact: privacy@ilanoshop.com.
We will respond within 30 days. In complex cases, we may extend this by a further 60 days, in which case we will notify you. There is no charge for submitting a request.
ilanoShop is a UK-registered company. Data may be transferred to and processed in countries outside the UK and EEA, including the United States, in the following circumstances:
• Cloud infrastructure and hosting: ilanoShop uses cloud service providers whose infrastructure may be located outside the UK/EEA.
• Google services: Where merchants choose to use Google sign-in or Google Calendar, data exchanged with Google's systems is subject to Google's own infrastructure and transfer mechanisms.
• Payment processing: Stripe Inc. (US) and Square (US) process payment data under their own privacy policies and are certified under applicable data transfer frameworks.
• TikTok Shop API: Data exchanged with TikTok's systems is subject to TikTok's own privacy policy and data transfer mechanisms.
For all international transfers, ilanoShop ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) adopted by the UK ICO (International Data Transfer Agreements — IDTAs) or equivalent mechanisms recognised under UK GDPR.
ilanoShop implements appropriate technical and organisational security measures including:
• Encryption of personal data in transit using TLS 1.2 or higher.
• Encryption of personal data at rest using AES-256.
• Tenant isolation ensuring each merchant's data is logically separated.
• Role-based access control (RBAC) restricting data access to authorised personnel only.
• Audit logging of all access to sensitive data.
• Multi-factor authentication (MFA) for administrative accounts.
• Regular vulnerability scanning and security reviews.
Full details of our security measures are available on our Security page at ilanoshop.com/security.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the relevant supervisory authority:
• UK: Information Commissioner's Office (ICO) — ico.org.uk.
• EU: Your local data protection authority.
• California: California Privacy Protection Agency (CPPA) — cppa.ca.gov.
We would appreciate the opportunity to address your concerns directly before you contact a regulator. Please email privacy@ilanoshop.com in the first instance.
This policy is reviewed at least annually, or whenever there is a material change to our data processing activities. The effective date at the top of this document indicates when it was last updated.
We will notify merchants of significant changes via email or a notice on the ilanoShop dashboard.
For privacy requests, contact privacy@ilanoshop.com. For general enquiries, please use the contact page.
You can request access to, correction of, or deletion of your personal data at any time. We provide self‑service data exports for signed‑in users and a request form for rectification or deletion.