Skip to content
ShelfPilot
FeaturesPricingTeam

Privacy Policy

Effective July 2, 2026

ShelfPilot (“ShelfPilot,” “we,” “us”) provides AI-powered analytics and business intelligence tools for e-commerce businesses. By connecting the sales channels and business tools you authorize, such as Shopify, Amazon Selling Partner, Meta, and Google Ads, ShelfPilot helps merchants analyze performance, generate insights, monitor operations, and make more informed business decisions.

This Privacy Policy explains what information we collect through the ShelfPilot service (the “Service”), how we use and share that information, and the choices available to you. It applies to merchants who connect one or more supported platforms to ShelfPilot, as well as visitors to shelfpilot.io.

1. Information we collect

Account information. When you sign up, our authentication provider (Clerk) collects your email address and manages your login credentials. We store a local reference to your Clerk account ID and email so we can associate your data with your account.

Connected platform data. When you connect supported platforms — such as Shopify, Amazon Selling Partner, Meta, Google Ads, or other integrations we make available — we receive the business data necessary to provide the Service. Depending on the platforms you connect and the features you use, this may include order, product, inventory, advertising, marketing, or other business performance data. We request only the permissions necessary to provide the features you enable. Some permissions — such as access to orders — can technically return individual customer details like a name, email, or shipping address; where possible, our reporting is based on aggregated business metrics rather than individual customer information, and we do not store individual customer records in our database.

Connector credentials. OAuth access and refresh tokens for each connected platform are encrypted at rest and are never stored or logged in plaintext.

Payment information. Subscriptions are processed by Stripe through Stripe Checkout. ShelfPilot does not receive or store your card number or other payment card details — Stripe handles that data under its own privacy policy.

Cookies. We use a short-lived cookie to secure the Shopify OAuth handshake (CSRF protection) and session cookies set by Clerk to keep you signed in. We do not use third-party advertising or analytics trackers on the Service.

2. How we use information

  • Provide, operate, and maintain the Service and the features you choose to use.
  • Generate dashboards, reports, recommendations, alerts, AI-generated insights, and other analytics.
  • Synchronize data from connected business platforms.
  • Improve the accuracy, reliability, and performance of the Service.
  • Communicate with you about your account, billing, support, or changes to the Service.
  • Comply with legal obligations and enforce our Terms.

To provide AI-powered features, certain aggregated business metrics or other information necessary for your requested feature may be sent to Anthropic’s Claude API for processing. Anthropic processes this information solely to generate responses requested by ShelfPilot and does not use submitted data to train its models under our API agreement.

3. Who we share information with

We do not sell your personal information or your business data. We share data with the following service providers (subprocessors) to the extent needed to operate the Service:

  • Clerk — authentication and session management.
  • Supabase — database hosting for your account and analytics data.
  • Vercel — application hosting and scheduled data syncs.
  • Anthropic — powers AI-generated insights and other AI features.
  • Stripe — payment processing for subscriptions.

Each provider is contractually bound to use your data only to provide services to ShelfPilot. We may also disclose information if required by law or to protect the rights, property, or safety of ShelfPilot, our users, or others.

4. Data retention and deletion

We retain connector credentials and synced business metrics for as long as your account and platform connections remain active, so we can continue providing the Service. When you uninstall the ShelfPilot app from Shopify, we automatically disconnect the connector and, on Shopify’s shop/redactrequest, delete the store’s synced metrics and connector credentials from our live database. You can also request deletion of your account and associated data at any time by contacting us (Section 7).

Deleted data may persist for a limited period in encrypted, automatically-expiring database backups before it is overwritten, and in system logs that are rotated on a regular schedule. We do not restore this data except to recover from a system failure.

5. International data transfers

ShelfPilot is operated from the United States, and the service providers listed in Section 3 process and store data in the United States and other countries. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your jurisdiction. Where required, we rely on appropriate safeguards (such as the Standard Contractual Clauses offered by our providers) for these transfers.

6. Shopify and Amazon compliance

As a Shopify app, ShelfPilot implements Shopify’s mandatory compliance webhooks (customers/data_request, customers/redact, and shop/redact) and responds to verified requests within 30 days, except where we are legally required to retain certain records. Because ShelfPilot does not store individual end-customer personal data from your Shopify orders, customer data requests and redaction requests are acknowledged with no matching records to return or delete.

As an application built on the Amazon Selling Partner API, we only collect and use the seller data required to provide the Service and the features you choose to use, obtain your authorization before accessing your Amazon account, and transmit all data over encrypted (HTTPS) connections. We do not share Amazon seller data with third parties except the subprocessors listed in Section 3, and we do not use it for any purpose beyond providing and improving the Service.

7. Your rights and choices

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to withdraw consent for future processing. To exercise any of these rights, disconnect a store, or delete your account, email us at privacy@shelfpilot.io. You can also disconnect Shopify or Amazon at any time from your ShelfPilot dashboard, or by uninstalling the app from your Shopify admin.

8. Security

We encrypt connector access and refresh tokens at rest, transmit data over HTTPS, and restrict access to production data to the personnel who need it to operate the Service. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

9. Children’s privacy

The Service is intended for business use by merchants and is not directed to children. We do not knowingly collect personal information from children.

10. Changes to this policy

We may update this policy as the Service evolves. If we make material changes, we will update the effective date above and, where appropriate, notify you directly.

11. Contact us

Questions about this policy or your data? Email our privacy team at privacy@shelfpilot.io.

FeaturesPricingTeamPrivacy PolicyContact

© 2026 ShelfPilot. Built in San Francisco.