Privacy Policy
Effective July 8, 2026
Our Promise to You
At Ask Shopi, we're building a shopping agent you can truly trust. We collect information to give you personalized product recommendations—nothing more, nothing less. We will never sell your individual data, show you ads, use affiliate links, or share your personal information with advertisers. We may share anonymized, aggregated insights (like overall shopping trends) with merchant partners — never anything that identifies you. Your data is yours, and we're just here to help you shop smarter.
What Makes Ask Shopi Different
No Affiliate Links
We never profit from product recommendations. All product links point directly to manufacturer websites or authorized retailers, found via AI-powered web search.
No Advertising
We don't run ads, track you for advertising, or work with ad networks. Our business model is simple: you pay for premium features if you want them.
No Data Selling
Your individual shopping preferences, profile data, and search history will never be sold to third parties. Ever. Period. We may share anonymized, aggregated data (like overall category trends) with merchant partners — but never anything that identifies you or your activity specifically. See "Aggregated Merchant Insights" below for details.
Transparent AI
Every recommendation comes with an explanation of why we suggested it. You can always see the AI's reasoning and how your profile influenced results.
What Information We Collect
Profile Information (that you provide)
- Contact details: Email, name, profile photo
- Shopping interests: Product categories you're interested in
Why we collect it: To give you personalized product recommendations that match your unique preferences.
Search & Activity Data
- Search queries: What you search for, plus any refinement instructions you provide
- Search results: Products we recommend to you
- Favorites: Products you save to your favorites list
- Dislikes: Products you explicitly pass on or dislike, along with your feedback
- Search history: Your past searches (so you can easily find them again)
- Price alerts: Which products you've subscribed to for price-drop notifications, and the alert thresholds you set
Why we collect it: To remember your searches, let you save favorites, learn from your dislikes, and improve our recommendations over time.
AI-Generated Insights
- User memories: Short observations derived from your interactions (searches, favorites, chat messages, dislikes, and preference selections), stored as semantic memories to improve personalization. This is also where inferred context like your general age range, location, household situation, or style comes from — only when it naturally comes up in how you use Ask Shopi, never from a form you fill out
- Profile document: An AI-generated structured summary of your preferences, lifestyle, and shopping patterns (typically a few hundred to around 1,500 tokens of markdown text)
Why we collect it: To build a richer understanding of your preferences so recommendations improve over time, without re-analyzing your entire profile on every search.
Authentication & Technical Data
- Authentication: Magic link (passwordless), a registered passkey, or email/password sign-in via Supabase Auth
- Usage data: Which features you use (to improve the app), plus basic browser and device signals captured automatically by our analytics provider, PostHog
- Agent execution logs: Technical logs of AI processing, including request/response data, model used, token counts, and processing duration
- Content moderation: Search queries are classified by AI for appropriateness; the classification result is stored alongside the search
Why we collect it: To keep your account secure, make sure Ask Shopi works well on your device, and maintain a safe platform.
How We Use Your Information
We use your information for exactly what you'd expect—and nothing else:
- Personalized Recommendations: Matching products to your preferences using AI
- Search Results: Generating and caching search results so they load quickly
- Your Dashboard: Showing your search history, favorites, and profile insights
- Account Management: Sending magic links, security notifications, and account updates
- App Improvements: Understanding which features work well and which need improvement
- Content Moderation: Automatically classifying search queries for appropriateness to keep the platform safe
- Price Alerts: Emailing you when a product you're tracking drops in price
- Customer Support: Helping you if something goes wrong or you have questions
We do not use your data for advertising, marketing to third parties, or any purpose other than making Ask Shopi work better for you.
Who We Share Your Data With
Essential Service Providers Only
We only share your data with companies that help us run Ask Shopi. These providers are contractually required to protect your data and can't use it for their own purposes.
- Supabase: Secure database, authentication, and hosting infrastructure
- Perplexity AI: Primary AI model for product search and recommendations (per their published API terms, they don't train on your data)
- OpenAI: Text embedding generation for semantic memory matching, plus AI-authored reasoning for the Top Picks verdict feature (per their published API terms, they don't train on your data)
- Anthropic (Claude): Primary AI model for Ask Shopi (our in-app chat), the For You recommendations feed, and profile-document generation, plus content-moderation classification of search queries (per their published API terms, they don't train on your data)
- Stripe: Payment processing for Premium subscriptions (see Payment Processing section below)
- Resend: Sends price-alert emails when a product you're tracking drops in price
- PostHog: Privacy-focused product analytics. Receives anonymized usage events, page views, and error reports. We strip IP addresses before data reaches PostHog. Session recording with input masking is built and configured but not currently turned on. See the "Cookies & Tracking" section below for details
What Data Is Sent to AI Providers
When you search for products, the following data may be sent to our AI providers to generate personalized recommendations:
- Your search query (the text you type)
- Your profile document (a few hundred to ~1,500 tokens summarizing your preferences and interests)
- Recent search history (up to your last 20 search queries)
- Favorites for the current search (product data and ownership status)
- Dislikes for the current search (product data and feedback)
- Relevant memories (semantically matched memories from your interaction history)
- Refinement instructions (any follow-up instructions you provide to refine results)
AI providers process this data to generate recommendations. Per their published API terms, they don't use it to train their models. Your email, passwords, and authentication tokens are never sent to AI providers.
Separately, when we periodically regenerate your AI profile document, we send your stored memories, core profile data, and recent search queries to Anthropic (Claude) to synthesize the summary — this happens independently of an individual search.
What We Don't Share
- We don't share data with advertisers or ad networks
- We don't share your individually identifiable data with product retailers or brands — see "Aggregated Merchant Insights" below for the one exception
- We don't sell your individual data to data brokers or analytics companies
- We don't share your search queries or favorites with third parties for their own use. The one exception is if a search is made public (yours, or one of our showcase demo profiles) — see "Public Sharing" below for exactly what that exposes
Aggregated Merchant Insights
We may share anonymized, aggregated data — such as overall shopping trends by product category or region — with merchant and retail partners who join Ask Shopi's network. This data is never tied to your individual identity, account, or specific activity; a merchant cannot use it to identify you, target you individually, or reconstruct your personal shopping history. If we ever offer a program where merchants access data in a way that could identify you individually, we'll update this policy and give you a way to opt out first.
Legal Exceptions
We may disclose your information if required by law (court order, subpoena, etc.) or to protect the rights, safety, or property of Ask Shopi, our users, or others.
Public Sharing
Some searches on Ask Shopi can become public web pages — viewable by anyone with the link, no account required, and potentially indexed by search engines. Today this only applies to a small number of designated showcase demo profiles, not to every user's searches.
If a search is public, the page shows: the exact text of the search query, the recommended products (name, brand, price, image, and a link to buy), and the sharer's public display name and avatar or bio.
It never shows the AI's personalized "why we picked this for you" reasoning or persona-derived descriptions — those are deliberately stripped out before anything is published, because they can reveal more about your taste and profile than the product picks themselves.
If we open up self-serve sharing to all users in the future, we'll update this section with how to opt in and how to unpublish.
Payment Processing
We use Stripe as our payment processor for all subscription transactions. Stripe is a PCI-DSS Level 1 certified payment processor, the highest level of certification in the payments industry.
What data is shared with Stripe
- Email address: Used to identify your Stripe customer account and send payment receipts
- Name: Associated with your payment profile
- Payment method details: Credit/debit card numbers, expiration dates, and CVV are entered directly into Stripe's secure payment form and processed by Stripe
- Billing address: If provided during checkout, for payment verification
- Subscription status: Plan type and billing cycle information
What we do NOT store
- We never store your full credit or debit card numbers on our servers
- We never have access to your CVV/security code
- Card details are entered directly into Stripe's secure, PCI-compliant payment form
- We only store a reference ID to your Stripe customer account. No card details — not even the last 4 digits — are stored in our database. To view or update your payment method, use "Manage Billing" in your account settings, which takes you to Stripe's own secure portal
Our compliance approach
Because we use Stripe Checkout (a hosted payment page), card data never touches our servers. This means we follow the PCI-DSS SAQ-A compliance approach—the simplest and most secure method, as all payment data is handled entirely by Stripe.
For more information about how Stripe handles your payment data, please review Stripe's Privacy Policy at stripe.com/privacy.
Your Rights & Controls
You have complete control over your data. Here's what you can do:
View Your Data
Access your profile and AI-generated insights from Settings → Profile, your search history from the sidebar, and your saved favorites from the Saved page.
Download Your Data
We do not currently offer an automated self-service data export. To request a copy of your data in machine-readable format, email [email protected] and we will provide it within 30 days.
Clear Your Data
Your account settings have two self-service options:
- Delete Profile Only — removes your memories (AI-derived observations) and your profile document (AI-generated preference summary). Your search history and favorites are preserved
- Delete Everything & Start Fresh — does all of the above, and also permanently deletes your search history and saved favorites
Neither option currently deletes your dislikes, agent execution logs, or your authentication account itself. To request complete deletion of everything, including your login, email [email protected].
Update or Correct Your Data
Edit any profile information or preferences at any time. Changes take effect immediately for future recommendations.
How We Protect Your Data
We take security seriously and use industry-standard practices to protect your information:
- Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
- Authentication: Passwordless magic link or passkey sign-in available; email/password sign-in also supported via Supabase Auth, with passwords securely hashed
- Access Controls: Row-level security ensures other users can't access your data. The exceptions are content you explicitly make public (see "Public Sharing" above) and authorized Ask Shopi staff accessing your account for support purposes (see "Internal Access to Your Account" below)
- Secure Infrastructure: Hosted on Supabase's secure, SOC 2 compliant infrastructure
- API Security: All AI processing happens server-side; your data never touches client-side code
- Regular Audits: We regularly review our security practices and update them as needed
While we use best practices to protect your data, no system is 100% secure. If we detect a breach, we'll notify you immediately.
Internal Access to Your Account
A small number of Ask Shopi team members hold an internal "admin" role for support and troubleshooting. That role can:
- View a directory of account basics (name, email, account dates) across all users
- Log in as your account to see exactly what you see, to help debug an issue you've reported
- Delete an account on request
Every use of this access is logged internally (who did it, whose account, and when), though that log isn't currently visible to you directly. We only use this access for legitimate support, debugging, or account-management purposes — never to browse your data out of curiosity.
Cookies & Tracking
We use minimal cookies and privacy-respectful analytics:
Keeping You Signed In (Required)
Your sign-in session is stored in your browser's local storage (not a cookie) to keep you logged in. This is required for Ask Shopi to function.
Analytics (PostHog)
We use PostHog for product analytics to understand how features are used and to identify errors. PostHog uses a combination of localStorage and cookies for persistence. Here is what PostHog collects:
- Page views and navigation patterns
- Feature usage events (search, favorites, onboarding, chat, subscriptions)
- Error and exception tracking
- User identification (user ID, email, account creation date)
Session recording (with all inputs masked) is built and configured, but not currently turned on. We'll update this section if we enable it.
Privacy Protections Built In
- IP addresses are stripped before data reaches PostHog
- Do Not Track respected: If your browser sends a DNT signal, PostHog analytics are disabled entirely
- No auto-capture: We do not automatically track clicks or form interactions — only specific events we explicitly defined
- Input masking: If we turn on session recordings, all input fields and elements marked as private will be masked
- No cross-site tracking: Cookies are not shared across subdomains or other websites
Local Storage
We store some display preferences (such as results layout) in your browser's local storage — this stays on your device. If you search or favorite products before creating an account, we also temporarily store that activity (your search, results, favorites, and taste selections) in local storage so it can carry over once you sign up — at that point, it's uploaded to your new account.
No Advertising Cookies
We don't use cookies from ad networks, social media pixels, or third-party trackers.
Children's Privacy
Ask Shopi is not intended for children under 18 years of age. We do not knowingly collect information from children under 18. If you are under 18, please do not use Ask Shopi or provide any information to us.
If we learn we have collected information from a child under 18, we will delete it immediately. If you believe we may have information about a child under 18, please contact us at [email protected].
State-Specific Privacy Rights
California Residents (CCPA)
If you're a California resident, you have these additional rights:
- Right to Know: Request details about what personal information we've collected about you in the past 12 months
- Right to Delete: Request deletion of your personal information (with certain exceptions)
- Right to Correct: Request correction of inaccurate personal information
- Right to Opt-Out: We don't sell or share your individually identifiable data for advertising. We may share fully anonymized, aggregated data (that cannot identify you) with merchant partners — if this ever changes to include personal information, we'll provide an opt-out here
- Right to Non-Discrimination: We won't discriminate against you for exercising your privacy rights
To exercise these rights, email us at [email protected] with "California Privacy Rights" in the subject.
Nevada Residents
Nevada residents have the right to opt-out of the sale of personal information. We don't sell personal information that identifies you — we may share anonymized, aggregated data with merchant partners, which does not identify you individually.
European Residents (GDPR)
If you're in the EU/EEA/UK, you have rights under GDPR including:
- Right of access, rectification, erasure, and data portability
- Right to restrict or object to processing
- Right to withdraw consent
- Right to lodge a complaint with your supervisory authority
Contact [email protected] to exercise these rights.
How Long We Keep Your Data
- Active accounts: We keep your data as long as your account is active or as needed to provide services
- Deleted accounts: Full account deletion is currently a manual process — email [email protected] and we'll delete your data and login. The self-service "Delete Everything & Start Fresh" option in your account settings immediately removes your profile, memories, search history, and favorites, but does not yet remove your sign-in account itself
- Search cache: Anonymous search results may be cached for up to 7 days to improve performance
- Agent execution logs: These aren't currently purged on an automatic schedule and may be retained indefinitely
- Analytics data: PostHog event data is retained according to PostHog's data retention policies; session recordings, if we enable them, would be retained for a limited period
- Legal holds: We may retain data longer if required by law or legal proceedings
Changes to This Privacy Policy
We may update this Privacy Policy from time to time as we add new features or comply with new regulations. If we make material changes, we'll notify you by:
- Sending an email to the address associated with your account
- Posting a prominent notice in the app
- Updating the "Effective Date" at the top of this policy
Your continued use of Ask Shopi after changes means you accept the updated policy.
Questions or Concerns?
We're here to help. If you have any questions about this Privacy Policy or how we handle your data, please reach out:
Email: [email protected]
Privacy Requests: [email protected]
We'll respond to all privacy-related inquiries within 30 days.
This Privacy Policy is effective as of July 8, 2026 and applies to all users of Ask Shopi.
This policy describes our actual data practices as implemented in the application. It is not a substitute for formal legal review.