Privacy Policy
Last updated: 14.07.2026.
This Privacy Policy describes how Pingoo collects, uses, and protects personal data in connection with our website (pingoo.rs) and our abandoned cart recovery service (the "Service").
Please read it carefully. If you have questions, contact us at stefdev018@gmail.com.
1. Who we are
The Service is provided by:
Legal entity: STEFANOVIĆ DEV
Registered address: Ulica Generala Bože Jankovića 27, 18000 Niš, Serbia
Company registration number: 68395445
Tax ID (PIB): 115476572
Email: stefdev018@gmail.com
In this policy, "we", "us", and "Pingoo" refer to STEFANOVIĆ DEV.
2. Terms we use
Personal data: any information relating to an identified or identifiable natural person (e.g. name, phone number, email address).
Controller: the entity that determines the purposes and means of processing.
Processor: the entity that processes data on behalf of the controller.
Data subject: the natural person whose data is processed.
Merchant: the business (online store) that uses our Service.
Customer: a visitor or buyer of our Merchant's online store.
3. Our two roles (important)
Depending on whose data we process, Pingoo acts in one of two roles:
a) As controller. For data we collect directly about Merchants using our Service, visitors to our website, and people who contact us, we determine the purpose and means of processing and act as the controller.
b) As processor. When a Merchant uses our Service to recover abandoned carts, we process their Customers' data on the Merchant's behalf (e.g. phone number, email, cart contents). In that relationship, the Merchant is the controller and Pingoo is the processor acting solely on the Merchant's documented instructions and under a data processing agreement. The Merchant is responsible for having a lawful basis to process their Customers' data and for informing those Customers about the processing. With each Merchant we enter into a Data Processing Agreement (DPA) governing our respective rights and obligations under applicable data protection law.
If you are a Customer of a store and have a question or request regarding your data, please contact that store (the Merchant) first. We will gladly help the Merchant fulfil your request.
4. What data we collect
4.1. Customer data (processed on behalf of the Merchant)
When a Merchant activates the Service, through integration with their store (Shopify, WooCommerce) and via webhooks we receive and process:
Customer contact details: phone number and/or email address, name (if available);
cart and order data: cart contents, value, abandonment time, unique cart/order identifier;
technical data for attribution: recovery link token, discount code, delivery and payment status (e.g. whether a cash-on-delivery order was delivered or refused);
content and delivery status of sent messages (Viber/SMS): delivered, read, replied.
We do not use this data for our own purposes or sell it. We use it solely to provide the Service to the Merchant and calculate commission on successfully recovered orders.
4.2. Merchant data
When a Merchant registers and uses the Service, we process:
account and contact person details: name, email, phone, store name and details;
business data required for billing and commission;
technical usage data (logs, IP address, in-app activity).
4.3. Website visitor data (pingoo.rs)
Analytics: we use Plausible Analytics, which does not use cookies and does not collect individually identifiable data. Only aggregated, anonymous visit statistics are collected.
Server logs: our server may temporarily record standard technical data (IP address, browser type, access time) for security, abuse detection, and system stability. This data is processed on the basis of our legitimate interest in protecting our systems and preventing abuse.
Contact: if you email us or book a call, we process the data you provide.
4.4. Data we do not collect
Pingoo does not collect payment card data, login passwords of online store users, health data, or other special categories of data. We do not sell data to third parties or use it for our own direct marketing to Merchants' Customers.
5. Purposes and legal bases
Pregled svrha i pravnih osnova obrade
Purpose: Providing the Service to the Merchant (processing on the Merchant's behalf); Legal basis: Performance of contract with the Merchant; Merchant provides basis for contacting Customers
Purpose: Sending cart recovery messages to Customers; Legal basis: Determined by the Merchant as controller (usually legitimate interest or consent)
Purpose: Account management and commission billing; Legal basis: Performance of contract; legal obligations (accounting)
Purpose: Analytics and website improvement; Legal basis: Legitimate interest (aggregated, anonymous data)
Purpose: Server logs (website security); Legal basis: Legitimate interest (system protection, abuse detection)
Purpose: Responding to enquiries and support; Legal basis: Legitimate interest / steps prior to entering a contract
Purpose: System security and abuse prevention; Legal basis: Legitimate interest
When processing Customer messages as a processor, we act on the Merchant's instructions. The Merchant is responsible for the lawful basis (consent, legitimate interest, etc.) for contacting Customers.
6. Cookies
Our public website does not use cookies for tracking or marketing. Analytics (Plausible) works without cookies. The admin area (accessible only to our team) uses a necessary session cookie for login.
7. Who we share data with
We do not sell data. We share it only with trusted service providers who help us deliver the Service, and only to the minimum extent necessary:
Messaging provider (SMS/Viber delivery), receiving phone number and message content for delivery;
Hosting / infrastructure provider: data is stored in the cloud infrastructure of reputable service providers (e.g. hosting and infrastructure on servers in Europe). Specific providers may include established cloud and hosting vendors according to our current architecture;
E-commerce platforms (Shopify, WooCommerce), from which we receive data via integration;
Analytics tool (Plausible), aggregated anonymous data only;
Competent authorities: when required by law.
With each processor that handles data on our behalf we enter into an agreement ensuring an appropriate level of protection, including standard contractual clauses (SCC) where applicable.
8. International transfers
Some of our service providers may process data outside the Republic of Serbia. In such cases we ensure transfers comply with applicable data protection law, to countries with an adequate level of protection, or with appropriate safeguards including standard contractual clauses (SCC) where applicable.
9. How long we keep data
Customer data processed for cart recovery is kept as long as needed to provide the Service to the Merchant and bill commission, for up to 12 months from the last activity, after which we delete or anonymise it, unless the Merchant requests earlier deletion.
Merchant data is kept for the duration of the business relationship and statutory retention periods (e.g. accounting records).
On deletion requests received via Shopify integration (`customers/data_request`, `customers/redact`, `shop/redact`) we act within the timeframes required by Shopify and delete or provide the requested data.
10. Security
We apply appropriate technical and organisational measures: need-to-know access, encryption in transit, regular system updates, and access controls. While we make reasonable efforts, no system is absolutely secure.
11. Your rights
Under applicable data protection law you have the right to:
request access to your data and confirmation of whether we process it;
request correction of inaccurate or incomplete data;
request erasure;
request restriction of processing;
object to processing based on legitimate interest;
request data portability;
withdraw consent at any time (without affecting processing before withdrawal).
You may send requests to stefdev018@gmail.com. We respond without undue delay and within 30 days of receiving a request at the latest, unless the law provides otherwise. If your request relates to data we process on a Merchant's behalf (as processor), we will forward it to that Merchant or act on their instructions.
If you believe your data is processed unlawfully, you may lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection (Bulevar kralja Aleksandra 15, Belgrade; [www.poverenik.rs](https://www.poverenik.rs)).
12. Automated decision-making and profiling
Pingoo does not make automated decisions or carry out profiling that produces legal or similarly significant effects on individuals under applicable data protection law. Automatic sending of abandoned cart reminders is not such decision-making in that sense.
13. Minors
Pingoo does not collect data on customers' age and cannot determine whether a person is a minor. The Service is not directed at minors. The Merchant, as controller, is responsible for the lawfulness of contacting customers, including where a minor leaves data at checkout.
14. Changes to this policy
We may update this policy from time to time. The current version is always available on this page with the date of the last update. We will notify Merchants of material changes in an appropriate manner.
15. Contact
For all questions regarding personal data protection:
Email: stefdev018@gmail.com
Address: Ulica Generala Bože Jankovića 27, 18000 Niš, Serbia