1. Scope
This policy governs the Celeste commerce-platform assessment at runceleste.com — a free, automated tool that suggests a commerce platform based on information you provide. It is separate from, and additional to, Acro Commerce’s general website privacy practices at acrocommerce.com, because Celeste collects different information. By using Celeste you acknowledge this policy.
2. Information we collect
(a) Information you provide
- Assessment inputs: the business details you enter (industry, company size, sales channels, current platform/ERP, pricing/operational complexity, integrations, goals) and the company website URL you submit for assessment.
- Contact details — optional: your name and email, only if you choose to provide them (e.g., to receive the report by email). You can complete an assessment without providing contact details.
(b) Information collected automatically
- Technical data: IP address, browser/device type (user-agent), referring source, pages viewed, and marketing parameters (UTM tags, ad-click identifiers).
- Interaction/analytics data: clicks, scrolling, navigation and funnel steps, via Google Analytics 4 and Microsoft Clarity (which provides session replay and heatmaps and masks sensitive on-screen fields by default). These load only after you consent (Section 4).
- Cookies and similar technologies: for consent state and analytics, set only after consent.
We do not request or knowingly collect payment-card numbers, government IDs, or other sensitive personal information.
3. Why we use it (purposes)
- To generate and deliver your commerce-platform recommendation and operate the assessment.
- To improve Celeste’s accuracy, content, and reliability.
- To assess traffic quality and security — distinguishing genuine visitors from bots/automated and fraudulent traffic, recognizing our own team and partners, and grouping returning visits — so our records and follow-up are accurate.
- To respond to and follow up with you where you provided contact details or where we have a legitimate business interest, and to route genuine opportunities to the appropriate team or partner.
- To measure and improve our marketing.
4. Consent (PIPEDA & CASL)
- Analytics and cookies load only after you accept via our consent banner. Decline, and no analytics cookies are set and Google Analytics / Microsoft Clarity do not record your session. You may change or withdraw your choice at any time.
- Marketing email is separate and express opt-in. Any “keep me informed” option is off by default and is distinct from consent to run the assessment (CASL express consent). Receiving a report you requested by email is a transactional message you asked for, not marketing.
- Where permitted, we may rely on implied consent or legitimate interest for security, fraud/bot detection, and core operation of the tool.
5. Why we capture IP address
We capture the visitor IP at assessment time for security and data-quality purposes: to detect bots, abuse, and fraud; to recognize our own staff and partner traffic so internal testing doesn’t distort our data; and to group repeat visits. In our interface we show a non-identifying visitor label rather than raw IPs to most users. IP addresses are treated as personal information, retained only as long as needed for these purposes (Section 8), and never sold.
6. Service providers we share with
We share the minimum necessary with vendors who process data on our behalf under contract:
- Google Analytics 4 (Google) — usage analytics.
- Microsoft Clarity (Microsoft) — session replay, heatmaps, bot-traffic analysis.
- HubSpot — CRM, for genuine prospects/opportunities only (not traffic classified as test, spam, or bot).
- Vercel — application hosting and delivery.
- Business-data enrichment (e.g., Apollo, BuiltWith) and domain-reputation/fraud screening (IPQualityScore) — to enrich legitimate business records and screen out fake or fraudulent domains.
We do not sell personal information and do not permit these providers to use it for their own purposes.
7. Cross-border transfer
Some providers are located in the United States and elsewhere; your information may be processed outside Canada and may be subject to lawful access requests in those jurisdictions. We use providers that offer appropriate contractual and security safeguards.
8. Retention
We keep assessment and contact data only as long as necessary for the purposes above or as required by law, then delete or de-identify it. Analytics data follows each provider’s retention settings. Submissions classified as bot, spam, or test are pruned routinely.
9. Aggregated / de-identified data
We may create and use aggregated or de-identified data (which does not identify you) for any lawful purpose, including improving Celeste and our recommendations.
10. Security
We apply access controls, encryption in transit, and least-privilege practices appropriate to the sensitivity of the data. No system is perfectly secure, and we cannot guarantee absolute security.
11. Your rights
You may request access to, correction of, or deletion of your personal information, and may withdraw consent for analytics or marketing at any time (subject to legal/contractual limits). Contact our Privacy Officer at privacy@acrocommerce.com. We respond within the timeframes required by PIPEDA. You may also contact the Office of the Privacy Commissioner of Canada.
12. Children
Celeste is a business tool, not directed to children, and we do not knowingly collect their information.
13. Changes
We may update this policy; the “Last updated” date will change and material changes will be highlighted. Continued use after an update constitutes acceptance.
14. Contact
Acro Commerce Inc., British Columbia, Canada. privacy@acrocommerce.com.
See also our Terms of Use.
