Privacy Policy

Last updated: February 6, 2026

SureBuy ("we", "our", "the app") is a Shopify application that generates AI-powered reassurance messages for product pages. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

When you install SureBuy, we access and store the following data from your Shopify store:

• Store information: Your store domain name (e.g., yourstore.myshopify.com) and OAuth access token (stored encrypted).
• Product data: Product titles, descriptions, prices, and product types. This data is used solely to generate reassurance messages.

We do not collect, store, or process any customer personal data, order data, or payment information.

2. How We Use Your Data

• Product data is sent to the Anthropic Claude API to generate short reassurance messages displayed on your storefront.
• Store domain and access token are used to authenticate API requests to your Shopify store.
• Generated messages are stored in our database and served to your storefront visitors.

3. Third-Party Services

We use the following third-party service:

• Anthropic (Claude API): Product titles, descriptions, and prices are sent to Anthropic's API to generate reassurance messages. Anthropic's privacy policy applies to data processed by their service. No customer personal data is sent to Anthropic.

4. Data Storage and Security

• All data is stored on secure servers hosted by Railway.
• Shopify access tokens are encrypted at rest using AES-256.
• All communication between your store, our servers, and third-party services uses HTTPS/TLS encryption.
• We verify all Shopify webhook signatures using HMAC-SHA256 to ensure data authenticity.

5. Data Retention

• When you uninstall the app, your store is marked as inactive. Product and message data is retained for 30 days in case you reinstall.
• After 48 hours of uninstallation, Shopify sends a shop redaction request and all your data (store info, products, and messages) is permanently deleted from our systems.

6. Your Rights

You have the right to:

• Access: View all data we store about your store through the app's admin dashboard.
• Deletion: Uninstall the app to trigger automatic data deletion, or contact us for immediate removal.
• Portability: Request a copy of your stored data by contacting us.

7. GDPR and Privacy Law Compliance

We comply with GDPR, CCPA, and other applicable privacy regulations. We respond to all Shopify mandatory compliance webhooks (customer data requests, customer redaction, and shop redaction) within the required timeframes.

8. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected by updating the "Last updated" date above.

9. Contact

For privacy-related questions or data requests, contact us at: computer4you1977@gmail.com