ProfileToList

Privacy Policy

Last updated: June 14, 2026

ProfileToList (“ProfileToList”, “we”, “us”) is a service operated by MOEN & Co AS, a company registered in Norway. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have. If you have any questions, contact us at skavhellen@moenco.no.

1. Who is responsible for your data

For data about merchants (the businesses who sign up for ProfileToList), MOEN & Co AS is the data controller. For data about subscribers (people who click a subscribe link in a merchant’s email), the merchant is the data controller and ProfileToList acts as a data processor on the merchant’s behalf.

2. Data we collect

Merchant account data: your email address, password (stored hashed by our auth provider), store name, store URL, and the settings you configure (chosen list, confirmation page content, brand color).

Klaviyo connection data: when you connect Klaviyo, we store the OAuth access and refresh tokens needed to add subscribers to your chosen list on your behalf. We never see or store your Klaviyo password.

Subscriber data: when someone clicks your subscribe link, we process their email address (provided by Klaviyo in the link) solely to subscribe them to your list and record the event. We do not build independent marketing profiles of these individuals.

Usage data: we record subscribe-link clicks and conversions, including the source (e.g. the campaign or flow) for analytics shown in your dashboard.

3. How we use data

We use the data above to: provide and operate the service; subscribe people to your Klaviyo list when they click; show you performance statistics; communicate with you about your account; and keep the service secure.

4. Legal bases (GDPR)

We process merchant data to perform our contract with you and for our legitimate interest in running and improving the service. Subscriber data is processed on the basis of the subscriber’s explicit consent — the deliberate click of a clearly labeled subscribe button — and under our data-processing agreement with the merchant.

5. Sub-processors

We share data only with service providers that help us operate ProfileToList:

We do not sell personal data, and we do not share it for advertising.

6. Data retention

We keep merchant account data for as long as your account is active. Event data is retained to provide historical statistics. You can request deletion of your account and associated data at any time (see Section 8). Klaviyo tokens are deleted when you disconnect or delete your account.

7. Security

Data is encrypted in transit (HTTPS). Access to each merchant’s data is isolated using row-level security, and the credentials used to subscribe people are only accessible to our server through secret-gated functions — never exposed to browsers. No method of transmission or storage is completely secure, but we take reasonable measures to protect your information.

8. Your rights

Depending on your location, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, email skavhellen@moenco.no. Subscribers should contact the merchant whose email they received, or us, and we will assist the merchant in responding.

9. Cookies

We use only the cookies and local storage necessary to keep you logged in and remember your preferences. We do not use third-party advertising or tracking cookies.

10. Children

ProfileToList is a business tool and is not directed to anyone under 16. We do not knowingly collect data from children.

11. Changes to this policy

We may update this policy from time to time. We will update the “Last updated” date above and, for material changes, notify account holders.

12. Contact

MOEN & Co AS
Email: skavhellen@moenco.no
Web: www.moenco.no

This policy is provided as a starting template and should be reviewed by a qualified legal advisor before you rely on it for a published, multi-merchant product.