StoreMind Logo
StoreMind
Legal

Privacy Policy

Last updated: June 9, 2026

1. Who We Are

StoreMind operates AI automation services for Shopify merchants. This Privacy Policy explains what data we collect, how we use it, and your rights. If you have questions, email ai@storemind.us.

2. Data We Collect

From merchants (our direct customers):

  • Name, email, business name, phone, store URL
  • Stripe billing data (payment method handled by Stripe, not stored on our servers)
  • Shopify store data: orders, products, inventory, customer records, checkout events — read via authorized API token
  • Usage data: dashboard visits, recommendations approved/dismissed, support messages

From end-shoppers (your customers):

We process your customers' data only as required to deliver the merchant's automations (e.g., sending an abandoned cart email to a customer who left a cart). We do not sell or use end-shopper data for any other purpose.

3. Financial Account Data (Bank Connections)

If a merchant chooses to connect a business bank account for expense tracking and financial reporting, the connection is established through Plaid Inc. You authenticate directly with your financial institution through Plaid Link — your banking credentials are never transmitted to or stored on our servers.

  • Data received via Plaid is read-only: account metadata (institution, account name, type, last-four mask) and transaction history (dates, amounts, merchant names, categories)
  • This data is used solely to provide expense tracking and financial reporting to the business that connected the account
  • It is never sold, never used for advertising, and never used to train AI models
  • You may disconnect a bank account at any time; we revoke the access token immediately and delete the associated data on request within 30 days (Section 6 retention terms apply otherwise)

Data obtained through Plaid is also subject to Plaid's End User Privacy Policy.

4. How We Use Data

  • Run merchant automations (orders, inventory, marketing, reporting)
  • Generate AI recommendations and reports
  • Provide customer support via email and live chat
  • Process payments and manage subscriptions via Stripe
  • Send service announcements and trial-expiration reminders
  • Improve our service (aggregated, anonymized data only)

5. Sub-processors

We use the following third parties:

  • Stripe — payment processing, billing
  • Shopify — read access to merchant store data
  • Anthropic / OpenAI — AI model providers (text generation, classification, decisions)
  • Resend — transactional email
  • Vercel — application hosting
  • Mirra — automation runtime, data storage, operator messaging
  • Plaid — bank account connectivity and read-only transaction data (only when a merchant connects a bank account)

All sub-processors are bound by data-protection agreements. Data is not sold to advertisers or used to train public AI models.

6. Data Retention

We retain merchant data for the duration of the subscription and up to 90 days after termination, after which it is deleted unless legal obligations require longer retention. Stripe and Shopify retain their own data per their policies.

7. Security

We use HTTPS for all traffic, encrypt API tokens at rest, scope access to authorized personnel, and rotate credentials on a regular schedule. No system is perfectly secure — if we become aware of a breach affecting your data we will notify you within 72 hours.

8. Your Rights

You may request access to, correction of, or deletion of your personal data at any time. EU/UK residents have rights under GDPR; California residents have rights under CCPA. Email ai@storemind.uswith the subject line “Privacy Request” and we will respond within 30 days.

9. Children

StoreMind is a B2B service. We do not knowingly collect data from anyone under 18.

10. Changes

We will post material changes on this page with at least 30 days' notice. Continued use of StoreMind after the effective date constitutes acceptance.