Privacy Policy | Understnd

1. Introduction

Understnd ("we", "our", or "us") provides AI-powered semantic search services for e-commerce stores. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services.

2. Information We Collect

2.1 Merchant Data

When you install our Shopify app, we collect:

Store domain and basic store information
Product catalog data (names, descriptions, categories, images, prices)
OAuth access tokens (encrypted at rest)

2.2 Search Analytics

To improve search quality and provide analytics, we collect:

Search queries entered by your customers
Search result data (which products were returned)
Timestamps of searches

We do not collect personal information about your customers such as names, email addresses, or payment information through our search functionality.

2.3 Account Information

For merchants using our standalone dashboard, we collect email addresses and authentication credentials through AWS Cognito.

3. How We Use Your Information

We use the collected information for the following purposes:

To provide and maintain our AI-powered search service
To generate semantic embeddings for your product catalog using OpenAI
To display search results to your customers
To provide search analytics and insights to merchants
To improve and optimize our search algorithms
To communicate with you about service updates

4. Third-Party Services

We use the following third-party services to provide our functionality:

OpenAI - We send product descriptions to OpenAI's API to generate semantic embeddings. This enables our AI-powered search functionality. OpenAI's privacy policy applies to this data processing.
Shopify - We integrate with Shopify's platform to access your product catalog and provide embedded search functionality.
AWS - We use Amazon Web Services for authentication (Cognito) and infrastructure hosting.
Railway - Our application infrastructure is hosted on Railway's platform.

5. Data Retention

We retain your data as follows:

Product data: Retained while your app is installed and deleted within 30 days of uninstallation.
Search logs: Retained for up to 90 days for analytics purposes, then automatically purged.
Account data: Retained until you request deletion or close your account.

6. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

Encryption of access tokens at rest using industry-standard encryption
HTTPS/TLS encryption for all data in transit
Regular security audits and updates
Access controls and authentication for all systems

7. Your Rights

Depending on your location, you may have the following rights:

Access your personal data we hold
Request correction of inaccurate data
Request deletion of your data
Object to or restrict processing of your data
Data portability
Withdraw consent at any time

To exercise these rights, please contact us at the email address below.

8. GDPR Compliance

For users in the European Economic Area (EEA), we process personal data as a data processor on behalf of merchants (data controllers). Our legal basis for processing includes performance of contract, legitimate interests, and consent where applicable.

9. CCPA Compliance

California residents have additional rights under the California Consumer Privacy Act (CCPA). We do not sell personal information. You may request disclosure of data collected and request deletion by contacting us.

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@understnd.ai