compliant-copy-legal

Privacy Policy

Last updated: May 8, 2026

This Privacy Policy describes how Compliant Copy for Supplements (“the App”, “we”, “our”) collects, uses, and protects information when you install and use the App on your Shopify store.

What we collect

When you install the App, we collect and store:

• Shop information: Your Shopify store domain (e.g., yourshop.myshopify.com), shop name, and the access token issued by Shopify for API access. The access token is encrypted at rest.
• Product data: Product IDs, titles, descriptions, vendors, product types, tags, and images for products in your store. This data is synced from your Shopify catalog and used to generate compliant copy.
• Brand voice settings: The tone, audience, and differentiator you configure in the App’s Settings page.
• Generation history: A record of each copy generation request, including the product ID, timestamp, and your shop domain. This is used to enforce per-billing-period generation limits and is not used for any other purpose.
• Subscription state: Your current plan, billing period dates, and trial status. Payment information is handled exclusively by Shopify and is never seen or stored by the App.

What we do not collect

• We do not collect or store any data about your customers, orders, or transactions.
• We do not collect or store credit card or other payment information.
• We do not access any Shopify resources outside the products you ask us to generate copy for.

How we use your data

• Generating compliant copy: Product information you select for generation is sent to Anthropic’s API (the Claude language model) to produce copy and check it against FDA structure-function compliance criteria. Anthropic does not train models on data sent through this API. See https://www.anthropic.com/legal/privacy for Anthropic’s privacy practices.
• Compliance review: A subset of the generated copy is sent back to Anthropic’s API for compliance review. The same data policy applies.
• Publishing copy: When you click Apply to Product, the rewritten copy is sent to Shopify via the Admin API to update your product page.
• Billing enforcement: Generation history and subscription state are used to enforce plan limits and trial windows.

Data sharing

We share data only with the following processors, and only as necessary to provide the App:

• Anthropic: Receives product information and generated copy for AI generation and compliance review. See Anthropic’s privacy policy at https://www.anthropic.com/legal/privacy.
• Shopify: Receives commands to update your products and handles all billing.

We do not sell your data to anyone, ever.

Data retention and deletion

• While the App is installed, we retain all data described above to operate the service.
• When you uninstall the App, we delete shop data, product data, brand voice settings, and generation history within 30 days.
• Subscription records may be retained for up to 7 years for tax and accounting purposes.
• You can request earlier deletion by contacting hownigzu@gmail.com.

Security

• All data is stored in a managed database with encryption at rest.
• All data in transit uses TLS 1.2 or higher.
• API access tokens are stored encrypted.
• Access to production systems is limited to the App’s developer.

Your rights

If you are a merchant in the EU, UK, or California, you have the right to access, correct, or delete the data we hold about you. Contact hownigzu@gmail.com to make any such request and we will respond within 30 days.

Children’s privacy

The App is not intended for use by anyone under 18.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via the App’s interface or via email to your shop’s contact address. The “Last updated” date at the top of this policy reflects the most recent revision.

Contact

For any privacy-related questions: hownigzu@gmail.com