Privacy Policy
Last updated: April 3, 2026
ProfitPilot (“we,” “us,” or “our”) operates as a Shopify application that provides AI-powered profit analysis and financial insights for Shopify merchants. This Privacy Policy describes how we collect, use, and protect your information when you use ProfitPilot.
1. Information We Collect
Store Data (from Shopify)
When you install ProfitPilot, we access the following data from your Shopify store through Shopify's API with your authorization:
- Product data: titles, prices, SKUs, and variants
- Order data: order totals, line items, shipping costs, discounts, transaction fees, and customer email and display name associated with each order (for lifetime value analysis)
- Store information: shop domain and shop name
Merchant-Provided Data
- Cost of goods (COGS): product costs you enter manually, via CSV upload, or that our AI estimates
- Transaction fee rates: custom fee percentages you configure
- Expense data: business expenses you enter (advertising, subscriptions, shipping, software, other) with amounts, dates, categories, platform tags, and optional notes
- Bank/card transaction data: if you connect a bank account via Plaid (Pro/Growth plans), we receive transaction descriptions, amounts, dates, and categories. We do not access account numbers, balances, or credentials.
- Ad platform data: if you connect ad platforms (Pro/Growth plans), we pull campaign spend data (amounts, dates, platform name). We do not access ad creatives, audience data, or personal information of your ad targets.
- Email address: if you enable weekly email reports, we store your report delivery email
- Telegram Chat ID: if you choose to connect Telegram for notifications
Data We Do NOT Collect
- Customer addresses or phone numbers
- Payment card or banking details
- Customer browsing behavior
- Social Security numbers or government IDs
We store limited customer data (email and display name) from order records to calculate customer lifetime value. This data is deleted when you uninstall the app or when a customer requests data deletion through Shopify's GDPR process.
2. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Calculate true product profit and margins | Orders, products, costs, fees |
| Generate AI cost estimates | Product titles, categories, prices |
| Provide AI-powered recommendations | Aggregated store metrics and margins |
| Track business expenses | Expense amounts, dates, categories, notes |
| Detect financial anomalies | Aggregated order and expense data (7-day comparison) |
| Send daily briefings and alerts | Aggregated profit data, Telegram Chat ID |
| Send weekly email reports | Aggregated store metrics, your report email address |
| Process billing | Handled entirely by Shopify Billing API |
3. Third-Party Services
We use the following third-party services to operate ProfitPilot:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database storage (US servers) | All store and cost data |
| Anthropic (Claude AI) | AI cost estimation and recommendations | Product titles, prices, categories (no customer PII) |
| Telegram | Merchant notifications | Aggregated profit summaries, chat ID |
| Resend | Email delivery for weekly reports | Your report email address, email content |
| Fly.io | Application hosting | Standard server logs |
| Plaid (Pro/Growth plans) | Bank/card transaction import | Transaction descriptions, amounts, dates. Plaid does not share account numbers or credentials with us. |
| Facebook/Meta Ads API | Ad spend sync | Campaign spend amounts and dates only |
| Google Ads API | Ad spend sync | Campaign spend amounts and dates only |
| TikTok, Pinterest, Snapchat, Microsoft Ads APIs | Ad spend sync | Campaign spend amounts and dates only |
We do not sell, rent, or share your data with any parties beyond what is described above.
4. Data Storage and Security
- All data is stored in Supabase on servers located in the United States (US West region).
- Data is encrypted in transit (TLS/HTTPS) and at rest.
- We use Supabase Row Level Security (RLS) to isolate merchant data.
- API keys and secrets are stored in environment variables, never in source code.
- Session data is stored locally using Prisma with SQLite, managed by Shopify's session storage.
5. Data Retention
- While installed: We retain your store data for as long as ProfitPilot is installed on your store.
- After uninstall: When you uninstall ProfitPilot, all your data is automatically deleted within 48 hours via Shopify's mandatory GDPR webhooks.
- On request: You can request immediate data deletion at any time (see Your Rights below).
6. Your Rights (GDPR and CCPA)
You have the right to:
- Access: Request a copy of all data we store about your store.
- Correction: Update any inaccurate data directly through the app (e.g., product costs).
- Deletion: Request complete deletion of your data. Uninstalling the app automatically triggers this.
- Portability: Request your data in a machine-readable format.
- Restriction: Request that we limit how we process your data.
- Objection: Object to our processing of your data for specific purposes.
We comply with Shopify's mandatory GDPR webhooks:
- Customer data request: We return any order records associated with the customer's email address. All requests are logged in our GDPR audit trail.
- Customer data erasure: We remove customer email and name from all order records associated with that customer. All redactions are logged.
- Shop data erasure: All merchant data (products, orders, expenses, costs, recommendations, settings) is permanently deleted. All compliance actions are logged.
7. AI-Generated Content Disclaimer
ProfitPilot uses artificial intelligence to estimate product costs, generate profit recommendations, and predict upcoming expenses. AI-generated estimates, recommendations, and expense predictions are approximations and should not be treated as financial advice. Expense predictions are marked as “predicted” and replaced automatically when real data arrives. Always verify AI-generated costs with your suppliers and consult a qualified financial professional for business decisions.
8. Cookies and Tracking
ProfitPilot does not use cookies for tracking or advertising. The only cookies used are Shopify's standard session cookies required for the embedded app to function.
9. Children's Privacy
ProfitPilot is a business tool designed for Shopify merchants. We do not knowingly collect data from individuals under 18 years of age.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via Telegram (if connected) or through the app interface. Continued use of ProfitPilot after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights:
- Email: support@profitpilot-ai.app
- Location: Phoenix, AZ, United States