Portal Login

Privacy Policy

Shoppers Confidential keeps your data and information private and secure.  We never share, sell or trade information.  You can read more about our standards below.

Effective April 19th, 2023

Shoppers Confidential (“SCI”) is an information technology service provider to mystery shopping and market research companies (“Providers”). Those Providers use our platform to collect data, store and process it, and report (“Services”) to their end clients (“End Clients”). SCI also serves as a platform for independent contractors (“Shoppers”) to advertise their services to Providers and to enter data requested by end-client users.

SCI respects the privacy of every individual who visits the SCI websites and uses our connected apps. This Privacy Policy is our commitment to transparency in communicating how SCI collects, uses, and discloses the information collected from you, the visitor of its Website and Apps, as well as the choices you have with respect to the information.


Depending on your role in this process, you may be using our site, services, and/or products as one of the following types of users below:

  • A general visitor (General User)
  • An employee/agent of one of our providers (Provider User)
  • An independent contractor or respondent who submits data into our platform on behalf of one of our providers (Shopper)
  • An end-client of one of our providers (End-client User)
  • An Outside Person* (see below)

*Outside Person: If you are not a Provider User, General User, or End-client User, it is also possible that our platform still contains personal information about you loaded by one of those users. In this case, you are an Outside Person.

Personal Data

Throughout this document, we will use the term Personal Data to mean any information that can be used alone or in combination with other sources to uniquely identify, contact, or locate a single person or to identify an individual. Our Providers or their End Clients may also collect your consent for some types of collection and processing of your Personal Data. We will collect only as much Personal Data as needed to conduct specific, identified activities related to our business. As such, the “Do Not Track” browser setting is irrelevant to our products and services.

Categories of Personal Data Collected

Personal Data is collected from you and used differently depending on your role, as described above under “Roles.” For example: If you are a General User of our products or services, we may collect the following information about you:

  • Contact information (such as name, address, email address, phone, email, and fax)
  • Localization data (including geolocation/date/time)
  • Connection data (such as usage information, device or browser information, IP address, and page visits and navigation data)

If you are a Shopper, we may collect the above and the following additional categories of information from you using our products or services. Some questions are optional but will uncover more opportunities for you to apply for:

  • Employment and/or compensation details
  • ID data (Such as a Drivers license for Proof of Age with your number redacted)
  • Work/professional life data (i.e., field of work or employer)
  • Professional skills information (i.e., Certifications or other)
  • Personal life data (i.e., Marital Status, Age, Family, etc.)
  • Contract master data (contractual relationships)
  • Performance metrics and history
  • Billing and payment data (PayPal addresses)
  • Media files and information from media files (uploaded to the survey as required)
  • Results from mystery shopping, mystery calls, mystery mailing and other marketing, service evaluation, business audit, opinion poll responses, and data collection and reporting projects

If necessary, in connection with performing the services, we may also collect optional special categories of data, such as the following:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometrics data for the purpose of uniquely identifying a natural person
  • Data concerning health
  • Data concerning a natural person’s sex life or sexual orientation
  • Brand awareness, past purchasing behaviours, purchasing intentions etc.

If you are a Provider User or End-client User, then our providers or their end-clients may collect the same data as a General User, and also the following additional categories of information from you using our products or services.

  • Employment and compensation details
  • ID data
  • Contract master data (contractual relationships)
  • Performance metrics and history
  • Customer history
  • Media files and information from media files
  • Results from mystery shopping, mystery calls, mystery mailing and other marketing, service evaluation, business audit, opinion poll responses, and data collection and reporting projects

If you are an Outside Person, it is possible that any of the above categories of information has been collected about you and entered into our system.

Who We Collect Information From or About (Data Subjects)

With the above roles in mind (see “Roles”), we collect the above information from or about the following individuals or entities (data subjects):

  • Staff, employees, agents, advisors, business partners, vendors, subcontractors
  • Independent Contractors such as mystery shoppers, callers, emailers (or mailers), interviewers
  • Respondents
  • Friends & Family
  • Data subjects from end-client (or prospective end-client) sources:
    - Staff, employees, agents, advisors, business partners, vendors, subcontractors
    - Customers, prospects, friends & family
  • Other third-party individuals

·         How We Use the Information We Collect

  • We do not sell your Personal Data and only use our collected information to provide and improve our products and services. If you provide us with contact information to stay informed about our products and services or for support/troubleshooting operations, we will use the information for those purposes. Your IP address may be used to infer your geographical location. We keep various logs relating to Personal Data for internal purposes.
  • If you are a ShopperProvider UserEnd-client User, or Outside Person, your Personal Data may be used by us, our providers, and/or their end clients for such things as contacting you or for data verification, anti-abuse, and anti-fraud purposes. For details about how our providers or their end clients use the information they collect using our products and services, please refer to their specific Privacy Policies, or contact that company directly. If you need any assistance, please contact us using the contact information below.

Information We Share: Partners and integrations

SCI shares the information it collects about you in the following ways:

  • Providers - SCI shares your information with participating Providers to facilitate matching shoppers with specific data collection opportunities and to facilitate payment for work performed by the Providers to you. This information is redacted to remove identifying information.
  • Third-Party Providers – SCI may use third-party vendors to provide storage, hosting, infrastructure, support, and processing in delivering our products and services. We may also use third-party vendors for data verification and anti-fraud purposes. We enter into confidentiality and data processing agreements with each vendor to ensure they comply with high levels of confidentiality and best practices in privacy and security standards. We regularly review these standards and practices. A list of these companies is available upon request.
  • Aggregated or De-identified Data - We may disclose or use aggregated or de-identified information with third-party providers for research purposes relating to our Services.
  • As Required by Law or Similar Investigations - To comply with legal obligations (e.g. subpoena) or investigate potential legal violations. SCI may be required to share personal data in response to lawful requests from public authorities to meet national security and/or law enforcement requirements.
  • Safety - We may disclose your information to protect and defend the safety of SCI in connection with investigating and preventing fraud or security issues.
  • Consent - SCI may share your information with your expressed consent.


Our products use cookies and similar technologies to provide certain features and functionality. These are used only for our legitimate interests of delivering and optimizing services to you. We gather information such as internet protocol (IP) addresses, internet service provider (ISP), operating system, browser type, and date/time stamp and store it in log files for identification purposes. To collect this information, a cookie, a standard feature of a website that allows us to store a small amount of data on your computer to allow our web servers to recognize you, may be set on your computer or device when you visit our Website. We may track your use across different websites and services. In some countries, including those in the European Economic Area ('EEA'), the information in this paragraph may be considered personal information under applicable data protection laws.
Specifically, we use cookies for:

  • Security/Authentication: When you log in and authenticate your identity, we use a cookie to confirm that you are logged in.
  • Functionality: Certain functionality you use in the system may use a cookie to deliver the data or information you request.
  • Preferences: When you set certain configuration settings in our products, we may use a cookie to store that setting.

You can control how websites use cookies by changing your cookie settings (www.aboutcookies.org), but your modification may limit your use and functionality of some of our website's features.


We take the security of your Personal Data very seriously and take reasonable and appropriate measures to protect it from loss, misuse and unauthorized access, disclosure, alteration, and destruction. We have put in place appropriate physical, electronic, and managerial procedures to ensure the protection of your Personal Data.

External Links

We are not responsible for any content in external links. Content on third-party websites, and the related Privacy Policies covering those, are the responsibility of their respective owners.

Data Retention

We keep your Personal Data only for as long as needed for the purposes for which it was originally collected or as permitted by law.
For the data retention policies of our providers or their end clients, please inform us if you have a concern, and we can facilitate communication.

Safety of Minors

Our products and services are not intended to be used by anyone under 18. We do not allow anyone under 18 to register and do not knowingly collect Personal Data from any minor. If it comes to our attention that we have collected Personal Data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support.

Changes to Our Privacy Policy

From time to time, we may update our privacy policy. Please check back periodically to see any changes. We will notify you if we change this privacy policy that materially affects your protections under the policy.

EU / EEA / Swiss Residents

Although we currently do not operate a business in the EU or EEA, we have enhanced securities for future growth. For users who reside in the European Union, the European Economic Area (Norway, Liechtenstein, or Iceland), or Switzerland, we have additional privacy-related information for you.
EU / EEA residents are covered under the General Data Protection Regulation (GDPR). Swiss residents are covered under the Swiss Federal Data Protection Act (Swiss DPA). These provide certain protections and rights regarding how Personal Data is collected and processed and how and when it may be transferred outside those countries.
GDPR Rights and Your Data Controller
If you are an EU/EEA resident, you have certain legal rights listed below. You exercise these rights by contacting your data controller:
Your Data Controller

  • As a Shopper, SCI is your data controller.
  • In most cases, your Personal Data is controlled by one of our providers. This is especially true if you are a Provider User or an Outside Person. Please contact the provider that collected the information, as they are the data controller.
  • If you are an End-Client User, it is also possible that your employer is the data controller that collected and supplied your Personal Data to one of our providers. In that case, please contact the appropriate person at your employer.
  • If you are a General User visiting our website or using our products, we collect only the limited Personal Data mentioned above and are the data controller for that limited data. If you have questions about this data, please contact us using the contact information below. We will respond to your request to exercise any of these rights within 30 days of receiving it.

If you need any assistance in determining who your data controller is, or how to contact them, please contact us using the contact information below.

As an EU/EEA resident, your specific rights under the GDPR include the following:

In addition, you have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or other significant effects for you. If a Personal Data breach occurs and is likely to result in a high risk to your rights and freedoms, we will notify you, the Data Controller and the appropriate supervisory authority promptly.

EU/EEA residents wishing to complain to the supervisory authority should do so with the contact information here:

Legal Basis for Processing Personal Information
For individuals in the EEA, SCI’s legal basis for collecting and using your personal information will depend on the personal information collected and the specific context in which we collect it. SCI will process personal information from you where a) we have your consent to do so, b) where processing is necessary for SCI to perform Services pursuant to an agreement, or c) where processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information or may otherwise need the personal information to protect your vital interests or those of another person. At any time, you have the right to withdraw or decline consent. If you do not provide the requested information, SCI may be unable to perform Services for you. Also, you have the right to object when we rely on our legitimate interests to process your personal information.
Privacy within Canada
When we collect personal information from you through our services, we comply with the PIPEDA and The Office of the Privacy Commissioner of Canada regarding the collection, use, and retention of personal information transferred to us. If there is any conflict between the terms in this Privacy Policy and PIPEDA, the PIPEDA shall govern. To learn more about PIPEDA, please visit https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/
Personal Data under the PIPEDA:

  • Notice – If we collect any Personal Data from you directly, we will inform you of the purpose for which it is collected and used. We must have your agreement for any disclosure or use of Personal Data for a purpose other than for which it was originally collected. Before disclosing Personal Data to non-agent third parties, you will be notified and presented with a choice and means (an “opt-out” option) for limiting the disclosure of the Personal Data. An exception is a government and law enforcing agencies in cases where we are required by law to provide such information without notice.
  • Choice – We will provide the opportunity to choose (i.e., to opt out) whether your Personal Data may be disclosed to third parties or be used for a purpose other than for which it was originally collected. This is accomplished using the means provided in the notice or by contacting us directly using the contact information provided below.
  • Accountability for Onward Transfer – We do not routinely disclose Personal Data to non-agent third parties. If the need should arise, before disclosing Personal Data to a non-agent third party, we will notify you of such disclosure and allow you the choice to opt out of such disclosure. We will ensure that any third party to which Personal Data may be disclosed subscribes to the same principles for managing Personal Data and agrees in writing to provide adequate privacy protection. We may be liable for the inappropriate transfer of Personal Data to third parties. Also, note that we may be required to disclose your Personal Data in response to a lawful request by governmental authorities.
  • Security – We secure Personal Data as described above in this Privacy Policy.
  • Data Integrity and Purpose Limitation – We will only process Personal Data in a way that is compatible with and relevant to the purpose for which it was collected or authorized by you. To the extent necessary for those purposes, we will take reasonable steps to ensure that Personal Data is accurate, complete, current, and reliable for its intended use.
  • Access – We acknowledge your right to access your Personal Data and will allow you access to your Personal Data. We will allow you to correct, amend, or delete inaccurate information, except where the burden or expense of providing such access would be disproportionate to the risks to your privacy in the case in question or where the rights of other persons would be violated. You may access your Personal Data by logging on to the website or product where you registered or by contacting us directly using the contact information below.
  • Recourse, Enforcement and Liability – We use a self-assessment approach to assure compliance with this Privacy Policy and periodically verify that the Policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, accessible, and in conformity with its principles. We encourage interested persons to raise any concerns using the contact information provided, and we will investigate and attempt to resolve any complaints or disputes regarding the use and disclosure of Personal Data in accordance with our principles outlined above. To ask questions about our privacy policy or to make a complaint, contact us using the information below.
  • If you have any questions or complaints concerning our processing of Personal Data on behalf of our providers or their end-clients or to make choices about how those companies use your Personal Data, please contact those companies directly or contact us using the contact information below.
  • We commit to promptly resolving complaints about your privacy and our collection or use of your personal information. Individuals with inquiries or complaints regarding this Privacy Policy should first contact us using the contact information below.
  • We are also committed to using 'last-resort' binding arbitration at your request to address any complaint that has not been resolved by other recourse and enforcement mechanisms.
  • All persons registered within our system (www.sc.shopmetrics.com and www.gigspot.com) have the right and the ability to request a full-data erasure where all potentially identifiable information will be erased from the system where possible.