InWren
How It Works
Deliverability & Intelligence
Reputation Protection
Journey Intelligence
AI Automation
Developer Engine
Pricing
Log in to accountGet Started

InWren Privacy Policy

Last Updated: February 7, 2026

This Privacy Policy ("Policy") explains how InWren, Inc. ("InWren," "we," "us," or "our"), a Delaware corporation, collects, uses, processes, and protects your personal information ("Personal Data").

We are committed to protecting your privacy and ensuring the security of your data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

By using InWren's services, platform, website, or integrations, you agree to the terms outlined in this Policy.

If you do not agree with these terms, please do not use our services.

1. DEFINITIONS

  • "Controller" means the entity that determines the purposes and means of processing Personal Data.
  • "Customer" means any individual or entity that subscribes to or uses InWren's Services.
  • "Data Subject" means an identified or identifiable natural person whose Personal Data is processed.
  • "End-User" means any person or entity with whom the Customer interacts using InWren's Services.
  • "Merchant" means a Customer who operates an e-commerce store or business and uses InWren's Services in connection with that business.
  • "Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to: name, email address, phone number, IP address, location data, device identifiers, payment information, or any other information that can directly or indirectly identify an individual.
  • "Process" or "Processing" means any operation performed on Personal Data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, alignment, combination, restriction, erasure, or destruction.
  • "Processor" means an entity that processes Personal Data on behalf of the Controller.
  • "Services" means all products, services, platforms, applications, APIs, integrations, and tools provided by InWren, accessible at www.inwren.com and through our mobile applications and third-party integrations.
  • "Third-Party Integrations" means external platforms and services that integrate with InWren, including but not limited to Shopify, Google Workspace, Stripe, PayPal, and other e-commerce, payment, analytics, and marketing platforms.

2. WHO WE ARE

Company Information:

  • Legal Name: InWren, Inc.
  • State of Incorporation: Delaware, United States
  • Address: 8 The Green, Ste A, Dover, DE 19901
  • Website: www.inwren.com
  • Contact Email: privacy@inwren.com

Data Controller and Processor Roles: InWren acts as a Data Controller when we determine how and why Personal Data is processed (e.g., for account management, service provision, and marketing).

We act as a Data Processor when processing Personal Data on behalf of our Customers in accordance with their instructions and our Data Processing Agreement (DPA).

3. PERSONAL DATA WE COLLECT

We collect Personal Data in the following ways:

3.1 Information You Provide Directly

  • Account Registration: When you create an account, we collect your name, email address, phone number, company name, job title, billing address, and payment information.
  • Service Usage: Information you provide while using our Services, including content, files, messages, campaign data, customer lists, and preferences.
  • Customer Support: When you contact us for support, we collect your inquiry details, correspondence, and any information necessary to resolve your issue.
  • Surveys and Feedback: Information you provide when participating in surveys, webinars, contests, or providing testimonials.

3.2 Information Collected Automatically

  • Device and Usage Information: IP address, browser type and version, operating system, device identifiers, time zone settings, pages visited, time spent on pages, referral sources, and clickstream data.
  • Location Data: General location information derived from your IP address or GPS data (with your consent for mobile applications).
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see Section 10 for details).

3.3 Information from Third-Party Sources

  • Third-Party Integrations: When you connect InWren with third-party platforms (Shopify, Google, Stripe, etc.), we receive information from those platforms in accordance with their privacy policies and your authorization settings.
  • This may include customer data, order information, payment details, analytics data, and account information.
  • Social Media: If you register through or link social media accounts (Facebook, Google, LinkedIn), we may receive profile information, email address, and other data you authorize.
  • Business Partners: Information from marketing partners, data providers, and publicly available sources, only where legally permitted.
  • Payment Processors: Transaction confirmations and payment status from Stripe, PayPal, and other payment service providers.

4. HOW WE USE YOUR PERSONAL DATA

We process your Personal Data for the following purposes and legal bases:

4.1 Service Provision and Performance

  • To create and manage your account
  • To provide, maintain, and improve our Services
  • To process payments and transactions
  • To provide customer support and respond to inquiries
  • To send service-related communications (account notifications, updates, security alerts)
  • To enable Third-Party Integrations you authorize

Legal Basis: Performance of contract, legitimate interests, consent (where applicable)

Data Retention: Duration of your account plus 5 years after account closure or last login, unless longer retention is required by law

4.2 Analytics and Improvement

  • To analyze service usage and user behavior
  • To develop new features and improve existing functionality
  • To personalize your experience
  • To conduct research and testing

Legal Basis: Legitimate interests, consent

Data Retention: Analytics data stored for up to 2 years

4.3 Marketing and Communications

  • To send newsletters, promotional offers, and product updates
  • To conduct surveys and gather feedback
  • To promote webinars, events, and special offers

Legal Basis: Consent, legitimate interests (where permitted by law)

Data Retention: Marketing data retained for 5 years from consent or until consent is withdrawn

Note: You can opt out of marketing communications at any time by clicking "unsubscribe" in our emails or contacting privacy@inwren.com

4.4 Security and Fraud Prevention

  • To detect, prevent, and investigate fraud, abuse, and security incidents
  • To protect the rights, property, and safety of InWren, our users, and the public
  • To verify identity and prevent unauthorized access

Legal Basis: Legitimate interests, legal obligations

Data Retention: Security logs retained for up to 3 years

4.5 Legal Compliance

  • To comply with legal obligations, court orders, and law enforcement requests
  • To enforce our Terms of Service and other agreements
  • To resolve disputes and defend legal claims

Legal Basis: Legal obligations, legitimate interests

Data Retention: Financial records retained for 10 years; other legal records for 7 years or as required by law

5. THIRD-PARTY INTEGRATIONS AND DATA SHARING

InWren integrates with various third-party platforms to enhance our Services. When you authorize these integrations, we may share and receive Personal Data with/from these platforms. We never sell your Personal Data to third parties.

5.1 E-Commerce Platforms

Shopify: When you connect your Shopify store, we request access only to the data necessary for app functionality, including customer data, order information, product catalogs, and analytics as authorized by you. This enables us to provide marketing automation, customer insights, and order management features. Data sharing is governed by Shopify's API terms and their privacy policy.

Other E-Commerce Platforms: Similar integrations with WooCommerce, BigCommerce, Magento, and other platforms operate under their respective terms and privacy policies, with access limited to data necessary for functionality.

5.2 Payment Processors

Stripe: We use Stripe for payment processing. InWren does not store complete credit card numbers. Stripe collects and processes payment information in accordance with PCI DSS standards. See Stripe's privacy policy at stripe.com/privacy.

PayPal and Other Processors: Payment data is processed directly by these providers. We receive transaction confirmations and may store payment method types (e.g., "Visa ending in 1234") for your reference.

5.3 Google Services

Google Workspace Integration: When you connect Google Workspace, we may access your Google account information, contacts, calendar, and Drive files as you authorize. We request access only to data necessary for app functionality. We comply with Google's API Services User Data Policy, including Limited Use requirements.

Google Analytics: We use Google Analytics to analyze website and service usage. You can opt out using Google's opt-out tools.

Google Ads: For advertising and remarketing purposes, subject to your consent and advertising preferences.

5.4 Other Service Providers

We share Personal Data with the following categories of service providers:

  • Infrastructure and Hosting: Cloud service providers (AWS, Google Cloud, Azure) for data storage and computing
  • Email and Communication: Email service providers for sending transactional and marketing emails
  • Analytics and Monitoring: Analytics platforms for usage tracking and performance monitoring
  • Customer Support: Help desk and customer relationship management platforms
  • Marketing Partners: Marketing automation and advertising platforms (with your consent)
  • Professional Services: Legal, accounting, consulting, and audit firms

Note: All service providers are contractually bound to process Personal Data only as instructed by InWren and to maintain appropriate security measures.

We conduct due diligence on all processors to ensure compliance with applicable privacy laws.

6. INTERNATIONAL DATA TRANSFERS

InWren is based in the United States. Personal Data may be transferred to, stored, and processed in the United States and other countries where InWren or its service providers operate.

For data transfers from the European Economic Area (EEA), United Kingdom, or Switzerland to the United States or other countries not deemed to provide adequate protection, we implement appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, which are incorporated into our Data Processing Agreement (DPA)
  • Data Processing Agreements with security and privacy commitments
  • Supplementary measures to ensure data protection equivalent to EEA standards

Our DPA, which includes Standard Contractual Clauses, is available at www.inwren.com/dpa and governs all processing of Personal Data on behalf of our Customers, including international transfers.

You may request a copy of the safeguards we have implemented for international transfers by contacting privacy@inwren.com.

7. DATA SECURITY

InWren implements comprehensive technical and organizational security measures to protect Personal Data against unauthorized access, loss, destruction, alteration, or disclosure.

Our security measures include:

  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) with principle of least privilege
  • Authentication: Multi-factor authentication (MFA) for administrative access
  • Monitoring: Continuous security monitoring, intrusion detection, and event logging
  • Incident Response: Documented incident response procedures and breach notification protocols
  • Vulnerability Management: Regular security assessments, penetration testing, and vulnerability scanning
  • Employee Training: Mandatory security and privacy training for all employees
  • Compliance: SOC 2 Type II certification and regular third-party security audits

Access to Personal Data is limited to authorized employees, contractors, and service providers who require access to perform their job functions and are bound by confidentiality obligations.

While we implement robust security measures, no system is completely secure.

If you have questions or concerns about data security, please contact us at security@inwren.com.

In the event of a data breach, we will notify affected individuals and relevant authorities as required by applicable law.

8. YOUR PRIVACY RIGHTS

Subject to applicable law, you have the following rights regarding your Personal Data:

  • Right to Access: You can request information about the Personal Data we hold about you, including categories of data, sources, purposes, and recipients.
  • Right to Rectification: You can request correction of inaccurate or incomplete Personal Data.
  • Right to Erasure ("Right to be Forgotten"): You can request deletion of your Personal Data, subject to legal retention requirements and legitimate business needs.
  • Right to Restrict Processing: You can request that we limit how we process your Personal Data in certain circumstances.
  • Right to Data Portability: You can request a copy of your Personal Data in a structured, commonly used, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
  • Right to Lodge a Complaint: You have the right to file a complaint with your local data protection authority.

8.1 How to Exercise Your Rights

To exercise your privacy rights, you may:

  • Email us at: privacy@inwren.com
  • Access your account settings to update or delete information
  • Use our Privacy Request Portal at www.inwren.com/privacy-request

We will respond to verified requests within 30 days (or 45 days for complex requests).

We may request additional information to verify your identity before fulfilling your request.

8.2 Authorized Agents

You may designate an authorized agent to make requests on your behalf.

The agent must provide proof of authorization (power of attorney or signed permission), and we may require you to verify your identity directly with us.

9. AI AND MACHINE LEARNING

Service Improvement: We may use aggregated, anonymized data derived from usage of our Services to improve our algorithms, develop new features, and enhance service quality.

This aggregated data cannot be used to identify individual users.

AI Training Restriction: InWren does not use Customer Data, Merchant Data, or End-User Data (including derived or aggregated data from such sources) to train generalized AI or machine learning models without explicit, affirmative consent from the Customer or Merchant.

Transparency: If you provide consent for us to use your data for AI training purposes, we will clearly disclose: (a) what data will be used, (b) the purpose of such use, and (c) how you can withdraw consent.

You may withdraw consent at any time by contacting privacy@inwren.com.

10. COOKIES AND TRACKING TECHNOLOGIES

What Are Cookies: Cookies are small text files stored on your device by your web browser.

We use cookies, web beacons, pixels, and similar technologies to collect information about your interactions with our Services.

Types of Cookies We Use:

  • Essential Cookies: Required for basic functionality, authentication, and security. These cannot be disabled.
  • Performance and Analytics Cookies: Track usage patterns, page performance, and user behavior to improve our Services.
  • Functional Cookies: Remember your preferences, settings, and customizations.
  • Advertising and Marketing Cookies: Enable personalized advertising and marketing communications (with your consent).
  • Third-Party Cookies: We use third-party analytics and advertising services (Google Analytics, Facebook Pixel, LinkedIn Insight Tag) that may place cookies on your device.

These services have their own privacy policies.

Managing Cookies: You can control cookies through:

  • Our cookie consent banner (for non-essential cookies)
  • Browser settings (most browsers allow you to refuse or delete cookies)
  • Opt-out tools: Google Analytics Opt-out, NAI Consumer Opt-Out, DAA WebChoices
  • Do Not Track (DNT) and Global Privacy Control (GPC) browser signals: We honor both DNT and GPC signals as valid opt-out requests for targeted advertising

For more information, visit our Cookie Policy at www.inwren.com/cookie-policy or www.allaboutcookies.org

11. CHILDREN'S PRIVACY

InWren's Services are not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children under 18.

If we become aware that we have collected Personal Data from a child under 18 without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us immediately at privacy@inwren.com.

12. CUSTOMER DATA AND END-USERS

InWren as Data Processor: When you use InWren's Services to process Personal Data of your customers or End-Users ("Customer Data"), you act as the Data Controller, and InWren acts as the Data Processor.

In this capacity, we process Customer Data solely according to your instructions and our Data Processing Agreement (DPA).

Customer Responsibilities: As a Customer, you are responsible for:

  • Ensuring lawful collection and processing of Customer Data
  • Obtaining necessary consents from End-Users
  • Providing End-Users with appropriate privacy notices
  • Responding to End-User privacy requests regarding their data

End-User Inquiries: If an End-User contacts InWren regarding their Personal Data processed through your use of our Services, we will direct them to you as the Data Controller.

We are not responsible for your privacy practices or compliance with your obligations to End-Users.

Data Processing Agreement: Our DPA governs how we process Customer Data, including security measures, sub-processors, data breach notifications, and data subject rights assistance.

The DPA is incorporated into our Terms of Service and available at www.inwren.com/dpa

Abuse Prevention: While we process Customer Data on your behalf, we may scan content to detect violations of our Acceptable Use Policy, prevent spam and abuse, and develop fraud detection algorithms.

We do not use Customer Data for our own marketing purposes or share it with third parties except as necessary to provide Services or comply with legal obligations.

13. U.S. STATE-SPECIFIC PRIVACY RIGHTS

The following provisions apply to residents of specific U.S. states with comprehensive privacy laws:

13.1 California Residents (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: Categories and specific pieces of Personal Information collected, sources, purposes, and third parties with whom we share data
  • Right to Delete: Request deletion of Personal Information (subject to exceptions)
  • Right to Correct: Request correction of inaccurate Personal Information
  • Right to Opt-Out: Opt out of "sale" or "sharing" of Personal Information for cross-context behavioral advertising
  • Right to Limit Sensitive Personal Information: Limit use of sensitive Personal Information (we only use sensitive data for permitted purposes)
  • Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

Categories of Personal Information We Collect (CCPA):

  • Identifiers (name, email, IP address, device IDs)
  • Commercial information (purchase history, account details)
  • Internet/network activity (browsing history, interactions with Services)
  • Geolocation data
  • Professional/employment information
  • Inferences (preferences, characteristics, behavior patterns)
  • Sensitive Personal Information (account login credentials, precise geolocation with consent, email/message contents in support tickets)

Sale and Sharing: InWren does not "sell" Personal Information as traditionally understood.

However, we may "share" data with advertising partners for targeted advertising purposes.

You can opt out via our "Do Not Sell or Share My Personal Information" link at www.inwren.com/privacy-choices or by emailing privacy@inwren.com

Retention: See Section 4 for specific retention periods by processing purpose.

Shine the Light: Under California Civil Code Section 1798.83, California residents may request information about our disclosure of Personal Information to third parties for direct marketing.

We do not share Personal Information with third parties for their own direct marketing purposes.

To submit a Shine the Light request, email privacy@inwren.com with the subject line "California Shine the Light Request".

13.2 Virginia, Colorado, Connecticut, Utah Residents

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Utah (UCPA) have similar rights:

  • Right to access Personal Data
  • Right to correct inaccuracies
  • Right to delete Personal Data
  • Right to data portability
  • Right to opt out of targeted advertising, sales of Personal Data, and profiling

To exercise these rights, contact privacy@inwren.com or use our Privacy Request Portal. We will respond within 45 days.

13.3 Nevada Residents

Nevada residents may opt out of the "sale" of covered information.

InWren does not currently sell covered information as defined under Nevada law.

If this changes, we will update this Policy and provide opt-out mechanisms.

13.4 Exercising Your Rights

To exercise any of the above rights:

  • Email: privacy@inwren.com
  • Online Portal: www.inwren.com/privacy-request

We will verify your identity before processing requests. You may appeal denials by contacting privacy@inwren.com with "Appeal" in the subject line.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, legal requirements, or for other operational reasons.

Material changes will be communicated through:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications

The "Last Updated" date at the top of this Policy indicates when the most recent changes were made.

Continued use of our Services after changes take effect constitutes acceptance of the updated Policy.

We encourage you to review this Policy periodically. Prior versions are available upon request.

15. CONTACT INFORMATION

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

  • Privacy Team Email: privacy@inwren.com
  • Data Protection Officer: dpo@inwren.com
  • Security Issues: security@inwren.com
  • Mailing Address: InWren, Inc., Attn: Privacy Team, 8 The Green, Ste A, Dover, DE 19901, United States

We aim to respond to all inquiries within 30 days.

For urgent security or data breach concerns, please contact security@inwren.com immediately.

APPENDIX A: GOOGLE API SERVICES DISCLOSURE

InWren's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request access to Google user data necessary to provide and improve our Services' functionality.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes, (c) to comply with applicable law, or (d) the data has been aggregated and anonymized.
  • We do not transfer Google user data to third parties except as necessary to provide our Services, comply with legal obligations, or with your explicit consent.

You can revoke InWren's access to your Google account data at any time through your Google Account settings at https://myaccount.google.com/permissions

APPENDIX B: SHOPIFY APP INTEGRATION DISCLOSURE

When you install InWren's Shopify app, we access and process data from your Shopify store in accordance with Shopify's API Terms of Service and Partner Program Agreement:

  • Data Minimization: We request access only to the data scopes necessary for our app's functionality (e.g., customer data, order information, product catalogs).
  • We do not request access to data that is not required for the features we provide.
  • Data Usage: We use Shopify data solely to provide marketing automation, analytics, and customer engagement features within our Services.
  • AI Training Restriction: InWren does not use Merchant Data or Customer Data (including derived or aggregated data) to train generalized AI or machine learning models without explicit, affirmative consent from the Merchant.
  • Data Retention: If you uninstall our app, we will delete or anonymize your Shopify store data within 30 days, except as required by law or to resolve disputes.
  • Security: We maintain security measures compliant with Shopify's requirements, including encryption and secure API authentication.
  • Customer Data Ownership: Your Shopify store's customer data remains your property.
  • We process it on your behalf as a Data Processor.

APPENDIX C: STRIPE PAYMENT PROCESSING

InWren uses Stripe, Inc. as our payment processor. Key points:

  • Payment Information: Credit card numbers and sensitive payment data are collected and stored directly by Stripe, not by InWren.
  • We receive only tokenized payment information and last-four digits for display purposes.
  • PCI Compliance: Stripe is PCI DSS Level 1 certified, the highest level of payment security.
  • Data Sharing: We share billing information (name, email, address) with Stripe to process payments.
  • Privacy Policy: For details on how Stripe handles payment data, see Stripe's Privacy Policy at https://stripe.com/privacy

Version 2.0

This Privacy Policy is effective as of February 7, 2026 and supersedes all prior versions.