Privacy
Privacy Policy
We are committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data.
Last updated: December 2024
Effective: December 1, 2024
Information We Collect
- Account information (name, email, password)
- Usage data and analytics
- Device and browser information
- Payment information (processed securely by our payment providers)
- Communications with our support team
How We Use Your Information
- Provide and maintain our services
- Process transactions and send related information
- Send technical notices and support messages
- Improve our services and develop new features
- Comply with legal obligations
Information Sharing
- We do not sell your personal information
- Service providers who assist in our operations
- Legal compliance when required by law
- Business transfers (mergers, acquisitions)
- With your explicit consent
Data Security
- Industry-standard encryption for data in transit and at rest
- Regular security audits and assessments
- Access controls and authentication measures
- Secure data centers with physical security
- Employee training on data protection
Your Rights
- Access your personal information
- Correct inaccurate information
- Delete your account and data
- Export your data
- Opt-out of marketing communications
Data Retention
- Account data: Retained while your account is active
- Usage data: Retained for up to 2 years for analytics
- Support communications: Retained for 3 years
- Legal compliance: As required by applicable laws
- Deleted data: Permanently removed within 30 days
VibeSKU for Shopify
- Shop scope: when a Shopify merchant installs VibeSKU for Shopify, we receive only the data needed to operate the embedded app — shop domain, Shopify shop id, primary locale, currency, country, time zone, and the staff member id of whoever launches the app. We never receive Shopify customer (buyer) personal data and never collect order, checkout, or payment information.
- Product images you select inside the embedded app: imported server-side from Shopify, validated, stored on Aliyun OSS in our default region (cn-hangzhou) and used only as input to the AI generation you request.
- Generated outputs (images and text) are produced by VibeSKU and are made available for one-click write-back to your Shopify product. We do not use Shopify-imported images or generated outputs to train AI models. We do not share them with third parties for marketing.
- Token storage: the Shopify offline access token is encrypted at rest with AES-256-GCM before it touches the database.
- Embedded app analytics: we collect app usage events such as page views, template clicks, generation submissions, generation outcomes, downloads, billing clicks, and help-link clicks with the shop domain as the merchant-level identifier. These events are sent to our self-hosted Umami analytics instance and retained for up to 12 months.
- Uninstall and redaction: app/uninstalled starts a 48-hour recovery window by revoking the token and suspending access while keeping the shop workspace recoverable. If Shopify later sends shop/redact, we delete or anonymize merchant-identifiable shop data, generated jobs, assets, credits, Shopify billing projections, push audit records, and locally stored OSS objects.
- Anti-abuse retention: after shop/redact, we may retain a minimal HMAC-based marker for up to 12 months to prevent repeated install bonuses or subscription trials. This marker does not contain shop domain, staff email, tokens, products, images, jobs, or order details.
- Billing data for Shopify merchants is handled by Shopify Billing. We do not process Shopify merchant payment cards.
- Sub-processors used for the Shopify integration: Aliyun OSS (storage), Anthropic / OpenAI / Google / OpenRouter (LLM and image-generation providers we already use today), Sentry (error reporting). The current list is also published in our public sub-processor page.
Questions About This Policy?
If you have any questions about this Privacy Policy or our data practices, please don't hesitate to contact us.
Email: [email protected]
We reserve the right to update this policy at any time. Material changes will be communicated via email or through our service.