SSShopSentry

Privacy Policy

Effective date: March 1, 2026

1. Introduction

ShopSentry ("we", "us", or "our") is an AI-powered compliance scanning tool for Etsy sellers. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

We collect and process the following categories of data:

  • Account data — email address and display name provided through Google or email sign-in via our authentication provider (Supabase).
  • Etsy shop data — shop name, listing titles, descriptions, tags, prices, quantities, and other listing metadata obtained through the Etsy Open API v3 using the read-only scopes you authorize (listings_r, shops_r).
  • OAuth tokens — Etsy access tokens and refresh tokens required to sync your shop data. These are stored securely in our database and are never shared with third parties.
  • Compliance scan results — violations, scores, and AI-generated suggestions associated with your listings.
  • Billing data — subscription status and plan tier. Payment card details are processed and stored exclusively by Stripe; we never see or store your card number.
  • Usage data — anonymous page-view analytics collected by Vercel Analytics. No personally identifiable information is included.

3. How We Use Your Information

  • To authenticate your account and manage your session.
  • To sync and store Etsy listing metadata for compliance scanning.
  • To analyze listings using our AI-powered compliance engine and display results.
  • To generate appeal templates when requested (Pro plan feature).
  • To send weekly compliance digest emails (Pro plan feature, via Resend).
  • To process subscription payments through Stripe.
  • To improve and monitor our service performance.

4. Third-Party Services

We rely on the following third-party services to operate ShopSentry:

  • Supabase — authentication and database hosting.
  • Etsy Open API v3 — read-only access to shop and listing data you authorize.
  • Anthropic (Claude) — AI analysis of listing content for compliance checks. Listing text is sent to the Anthropic API for evaluation; no personal user data is included in these requests.
  • Stripe — subscription billing and payment processing.
  • Resend — transactional and digest email delivery.
  • Vercel — application hosting and anonymous usage analytics.

Each third-party service processes data in accordance with its own privacy policy. We encourage you to review their respective policies.

5. Cookies and Local Storage

We use cookies strictly for functional purposes:

  • Authentication cookies — session tokens managed by Supabase to keep you signed in.
  • OAuth state cookies — short-lived cookies (10 minutes) used during the Etsy OAuth connection flow to prevent cross-site request forgery.

We do not use advertising or third-party tracking cookies.

6. Data Retention

We retain your data for as long as your account is active. Listing metadata and scan results are updated each time you sync or run a scan. If you delete your account, all associated data — including shop credentials, listings, scan history, and appeal templates — is permanently deleted from our database.

7. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (HTTPS/TLS) for all connections.
  • Encryption at rest for our database.
  • Row-level security policies ensuring users can only access their own data.
  • OAuth tokens stored server-side only; never exposed to the browser.
  • PKCE (Proof Key for Code Exchange) for all OAuth flows.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate data.
  • Deletion — request deletion of your account and all associated data.
  • Data portability — request an export of your data in a machine-readable format.
  • Withdrawal of consent — revoke Etsy OAuth access at any time through your Etsy account settings.

To exercise any of these rights, contact us at support@shopsentry.io. We will respond to your request within 30 days.

9. Children's Privacy

ShopSentry is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. Your continued use of ShopSentry after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at support@shopsentry.io.

    Privacy Policy | ShopSentry