Storeshift
Menu

Product

eBay to ShopifyEtsy to ShopifyRewrite Shopify catalogTikTok Shop ready

Platform

How it worksPricingSecurityStatus

Proof

Case studiesCompare toolsMigration guides

Resources

Help centerDocsImport guideReview guideSite map
Start free previewSign in

Privacy Policy

What we collect, what we don't, and how to get it deleted.

Last updated 2026-05-10

Short version: we keep what we need to run your conversions and not a byte more. Stripe holds payment records (legal requirement). Everything else is yours to delete on demand from the dashboard.

1. Data we collect

1.1 Account data

  • Your email address (you give it to us to sign in via magic link).
  • A Supabase auth user record holding that email, a hashed magic-link nonce, and the timestamp you last signed in.
  • No password — we use passwordless email auth.

1.2 Run data

  • The marketplace storefront URL you submit, such as an eBay store URL or Etsy shop URL.
  • The tone, audience, listing cap, exclude keywords, markup percentage, rounding strategy, rewrite scope, image-cleanup setting, and destination store you choose for each run.
  • The scraped listing data from public marketplace pages — titles, descriptions, prices, images, variants. We don't scrape data the marketplace doesn't make publicly visible.
  • Shopify CSVs you upload for Rewrite or image-cleanup-only runs, including handles, SKUs, body HTML, SEO fields, image URLs, and variant rows.
  • Brand kit data you add, such as logo URL, brand colors, fonts, and voice samples.
  • API key metadata and webhook subscription data. We store hashed API keys, key prefixes, webhook URLs, event lists, and webhook signing secrets.
  • The AI-generated rewrites of titles and descriptions.
  • The output CSV and processed images, stored on Cloudflare R2 at run completion.

1.3 Payment data

We never see your card number. Stripe handles payment details directly via Stripe Checkout. We store:

  • A Stripe customer ID (linking your account to your Stripe-side history).
  • The charged amount, currency, and timestamp per run.
  • The Stripe payment-intent ID per run, used for refunds + receipts.

1.4 Operational logs

  • Per-run event log: phase transitions, durations, error messages, retry counts. Used to surface progress on the run page and diagnose failures.
  • Sentry error reports (scrubbed of PII) when something throws.
  • Standard server access logs (IP, request path, status code) at Vercel + Modal — retained per their providers' policies.

We do not use third-party analytics scripts (Google Analytics, Segment, Mixpanel, etc). No web fingerprinting; no cross-site tracking.

2. Where it lives

  • Supabase (US region) — auth records, run rows, event logs, billing metadata, API key hashes, webhook subscriptions, brand kits, and deletion/export workflow rows.
  • Cloudflare R2 (global edge) — output CSVs, processed images, scraper checkpoints.
  • Modal (US workers) — transient run execution. No durable storage; intermediate state flushes to R2 / Supabase as the run progresses.
  • Anthropic — title and description text is sent to Claude for rewriting. Anthropic's API policy is no-training-on-API-traffic; we rely on that guarantee. Image bytes are not sent to Anthropic.
  • Stripe — payment records (their retention).
  • Resend — outgoing transactional email; messages and metadata held per their terms.

3. What we share

We don't sell your data, ever. We share it with the sub-processors above only as needed to deliver the service. Specifically:

  • Marketplace listing text and uploaded Shopify product text go to Anthropic for AI rewriting when a selected scope uses AI generation.
  • Image URLs are fetched by the worker and processed in our Modal infrastructure. Customer-supplied image URLs pass SSRF checks before server-side fetches.
  • Email address goes to Resend so we can send you run-complete notifications and receipts.
  • Email + amount goes to Stripe for charge processing.

We don't share your data with marketers, advertisers, or aggregators. There's no "anonymized data" feed we sell to anyone.

4. How long we keep it

  • Account record: until you delete it.
  • Run rows + event logs: 90 days after the run completes, then automatically purged. Earlier on request.
  • Output CSV + images on R2: 30 days, then deleted by lifecycle policy. The download link in your run-complete email expires when the file is deleted; re-run if you need it again (re-runs of unchanged stores are quick — we cache scraped data for 7 days).
  • Uploaded Shopify CSVs and brand kits: until you delete the run, replace the brand kit, or delete the account.
  • API keys and webhook subscriptions: until revoked or deleted. Delivery logs are retained for operational debugging.
  • Stripe payment records: held by Stripe per their retention (typically 7 years for tax + dispute purposes). We can't delete these on our side — they're not in our database.
  • Sentry error events: 90 days, default Sentry retention.

5. Deleting your data

From your dashboard you can:

  • Delete an individual run + its outputs immediately.
  • Export a portable copy of your account and run data from the data-export page.
  • Delete your entire account, which cascades to all your runs, uploaded CSVs, generated CSVs, images, event logs, brand kit data, API keys, webhook subscriptions, and scheduled runs. Stripe payment history persists per item 4.

If you'd rather email us than click a button, send a deletion request to hello@storeshift.app from your account email — we'll process within 7 business days.

6. Your rights

Depending on where you live (EU, UK, California, etc), you may have a legal right to:

  • Access the data we hold about you.
  • Correct it if it's wrong.
  • Request deletion (see section 5).
  • Object to processing that's based on legitimate interest (anything we do beyond the contract of delivering your conversion).
  • Receive a portable copy of your data.

Email us with the request and we'll respond within 30 days. We don't charge for these requests, and we don't require you to log in to make one — your account email is enough proof.

7. Cookies + browser storage

We use the minimum needed to keep you signed in:

  • A Supabase session cookie (httpOnly, SameSite=Lax, first-party). Lasts 7 days; refreshed on visit.
  • A small bit of localStorage with your preferred tone + audience, theme preference, and form state for the next run, so you don't have to re-pick every time. Cleared when you sign out or reset your browser storage.

No tracking cookies, no third-party advertising cookies, no fingerprinting.

8. Security

  • All traffic is HTTPS. We don't accept HTTP.
  • Supabase row-level security restricts each user to their own runs at the database level.
  • Service-role keys (which can bypass row-level security) are held only by server processes; never exposed to the browser.
  • Modal worker endpoints require a token-pair header; they're not callable directly without it.
  • We rotate signing secrets when a contractor's access is revoked, even if the secret hasn't been compromised.

9. Children

Storeshift is a B2B-ish service for resellers running their own businesses. We don't knowingly accept signups from anyone under 18. If we discover an account belongs to a minor, we delete it.

10. Changes to this policy

Material changes — new data collected, new sub-processor, retention extension — get an email to your account address with at least 14 days notice. Non-material changes (typo fixes) take effect on publication. The "Last updated" date at the top of this page is the canonical version date.

Contact

Privacy questions, data requests, or just curious how the sausage is made: hello@storeshift.app. A real person reads it.

Privacy Policy | Storeshift · Storeshift