Privacy Policy
Last updated: February 20, 2026
This Privacy Policy explains how AI Shopping Feeds (“we”, “us”, or “our”) collects, uses, stores, and protects your personal data when you use our website at www.aishoppingfeeds.com and our application at app.aishoppingfeeds.com (together, the “Service”).
We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws.
By using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller
AI Shopping Feeds is the data controller responsible for your personal data.
Contact details:
- Email: support@aishoppingfeeds.com
- Website: www.aishoppingfeeds.com
2. What Personal Data We Collect
2.1 Account Data
When you create an account, we collect:
- Full name
- Email address
- Password (stored in hashed form by our authentication provider)
2.2 Product Feed Data
When you use our Service, we collect and process business data that you provide, including:
- Product feed data: Product titles, descriptions, images, prices, availability, SKUs, and other product attributes
- Feed configurations: Export settings, channel configurations, and optimisation preferences
- Account information: Business details, store connections, and integration credentials
Data Ownership: You retain all ownership rights to your product data, feeds, and business information. We process this data solely to provide our AI-powered feed optimisation services.
2.3 Payment Data
When you subscribe to a paid plan, payment information is collected and processed directly by Stripe. We do not store your full credit card number, CVV, or bank account details on our servers. We may receive from Stripe:
- Last four digits of your card
- Card brand and expiration date
- Billing address
- Subscription status and payment history
2.4 Contact Form Data
When you use our contact form, we collect:
- Name
- Email address
- Message content
This data is sent to us via Resend (our email service provider) and is not stored in a database.
2.5 Usage Data (Automatically Collected)
When you access the Service, we automatically collect:
- IP address
- Browser type and version
- Pages visited and time spent
- Device type and operating system
- Referring URL
- Unique device identifiers
This data is collected via Cloudflare Web Analytics, which is a privacy-first analytics service that does not use client-side tracking or cookies.
2.6 Security Verification Data
We use Cloudflare Turnstile to protect forms from automated abuse. Turnstile may collect:
- Browser and device characteristics
- Interaction data used to determine if you are a human
Turnstile does not use cookies and does not track you across websites.
3. How We Use Your Data
We process your personal data for the following purposes, with the corresponding legal basis under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Providing and maintaining the Service (account management, feed optimisation, exports) | Performance of contract (Art. 6(1)(b)) |
| Processing payments and managing subscriptions | Performance of contract (Art. 6(1)(b)) |
| Responding to your contact form enquiries | Legitimate interest (Art. 6(1)(f)) |
| Sending transactional emails (account confirmations, password resets) | Performance of contract (Art. 6(1)(b)) |
| Protecting the Service from abuse (Turnstile CAPTCHA) | Legitimate interest (Art. 6(1)(f)) |
| Analysing Service usage to improve performance | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Sending marketing communications (only with your explicit consent) | Consent (Art. 6(1)(a)) |
We do not use your product feed data to train AI models for use by other customers. Your feed data is processed solely to provide optimisation services to you.
4. Third-Party Service Providers (Sub-Processors)
We use the following third-party service providers to operate the Service. Each acts as a data processor on our behalf:
| Provider | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Supabase (US) | Authentication and database hosting | Account data, product feed data | supabase.com/privacy |
| Stripe (US) | Payment processing | Payment and billing data | stripe.com/privacy |
| Cloudflare (US) | CDN, web analytics, Turnstile CAPTCHA, hosting | IP address, usage data, security verification | cloudflare.com/privacypolicy |
| Resend (US) | Transactional and contact form emails | Email address, name, message content | resend.com/legal/privacy-policy |
| Google Fonts (US) | Font delivery | IP address (collected by Google when fonts load) | policies.google.com/privacy |
We do not sell your personal data to any third party.
5. Cookies and Local Storage
5.1 Cookies
We use essential cookies only for authentication and session management when you are logged into the application. These are strictly necessary for the Service to function and do not require consent under GDPR.
We do not use any advertising, marketing, or third-party tracking cookies.
5.2 Local Storage
We use browser local storage to store your theme preference (light or dark mode). This data never leaves your browser and is not transmitted to our servers.
5.3 Cloudflare Web Analytics
Cloudflare Web Analytics does not use cookies, does not collect personal data, and does not track users across websites. It collects aggregated, anonymised performance metrics only.
6. International Data Transfers
Your data may be transferred to and processed in the United States, where our service providers (Supabase, Stripe, Cloudflare, Resend) operate.
For transfers of personal data from the European Economic Area (EEA) or the United Kingdom to the United States, we rely on:
- EU-U.S. Data Privacy Framework (where the provider is certified)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
We ensure that all transfers provide an adequate level of protection for your personal data in compliance with GDPR Article 46.
7. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of your account, plus 30 days after deletion |
| Product feed data | Duration of your account, plus 30 days after deletion |
| Payment records | As required by tax and accounting laws (typically 7 years) |
| Contact form submissions | 12 months, unless an ongoing conversation |
| Usage/analytics data | Aggregated and anonymised (no personal data retained) |
| Backup copies | Up to 90 days after deletion for disaster recovery |
After the retention period, data is permanently deleted from our systems and backup infrastructure.
8. Your Rights Under GDPR
If you are located in the EEA or the United Kingdom, you have the following rights under GDPR:
Right of Access (Article 15)
You can request a copy of the personal data we hold about you.
Right to Rectification (Article 16)
You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure / Right to Be Forgotten (Article 17)
You can request that we delete your personal data. See Section 9 for how to do this.
Right to Restrict Processing (Article 18)
You can request that we limit how we process your data in certain circumstances.
Right to Data Portability (Article 20)
You can request to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object (Article 21)
You can object to the processing of your personal data where we rely on legitimate interest as the legal basis.
Right to Withdraw Consent (Article 7)
Where we process data based on your consent, you can withdraw that consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority. For the UK, this is the Information Commissioner’s Office (ICO) at ico.org.uk. For the EU, contact your local data protection authority.
To exercise any of these rights, email us at support@aishoppingfeeds.com. We will respond within 30 days.
9. How to Delete Your Data
You have two options to delete your data:
Option 1: Self-Service Account Deletion
You can delete your account directly within the application at app.aishoppingfeeds.com. When you delete your account, all associated personal data and product feed data will be permanently removed within 30 days, with backup copies removed within 90 days.
Option 2: Email Request
You can email us at support@aishoppingfeeds.com to request deletion of your account and all associated data. We will process your request within 30 days and confirm deletion by email.
In both cases:
- All personal data, product feed data, and feed configurations will be permanently deleted
- Payment records may be retained as required by applicable tax and accounting laws
- Anonymised, aggregated analytics data (which cannot identify you) may be retained
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of data at rest
- Access controls and authentication
- Regular security assessments
- Content Security Policy (CSP) headers
- CAPTCHA protection on forms (Cloudflare Turnstile)
While we take all reasonable precautions, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@aishoppingfeeds.com.
11. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (GDPR Article 33)
- Notify affected individuals without undue delay where the breach is likely to result in a high risk to rights and freedoms (GDPR Article 34)
12. Children’s Privacy
Our Service is not directed at anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at support@aishoppingfeeds.com and we will promptly delete it.
13. Links to Other Websites
Our Service may contain links to third-party websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on this page
- Updating the “Last updated” date
- Sending an email notification for significant changes
You are advised to review this Privacy Policy periodically. Changes are effective when posted on this page.
15. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, contact us:
- Email: support@aishoppingfeeds.com
- Website: www.aishoppingfeeds.com/contact