commerce.fyi / legal

Privacy Policy

Effective: May 2026

1. What we collect

• Store data: name, tagline, hero copy, palette, slug, status, Stripe account ID (if published)
• Product data: name, price, description, image references, ACS fields (sku, gtin, mpn, tax_code, shipping_class, weight)
• Order data: order ID, status, totals, customer email (provided by merchant or buyer at checkout)
• Owner tokens: used for authentication and ownership verification
• Webhook configurations: URLs and event subscriptions for merchant notifications
• Usage data: API request logs, rate-limit counters, basic telemetry (provider/model used for generation)

2. What we do NOT collect

• Cardholder data or payment details (Stripe Connect handles all payment processing)
• Customer browsing behavior beyond what merchants explicitly log via webhooks
• Personal data of end-buyers beyond what is required to fulfill an order

3. How we use data

We use your data to operate the service: generate stores, process checkouts, deliver receipts, send webhooks, and provide proof/evidence surfaces. We do not sell your data. We do not use it to train models.

4. Sharing

We share data with Stripe (for payments and Connect), Resend (for email delivery), and our infrastructure providers (Neon, Vercel, Cloudflare). We do not share data with third-party analytics or advertising networks.

5. Retention

Data is retained while your store is active. After deletion or 30 days of inactivity, we remove or anonymize personal data. Audit logs may be retained longer for security and legal reasons.

6. Your rights

You may request access, correction, or deletion of your data by contacting privacy@commerce.fyi. We will respond within 30 days. Note that deleting a store does not retroactively remove order or receipt records required for tax or legal compliance.

7. Contact

Privacy requests: privacy@commerce.fyi
Security: security@commerce.fyi