Privacy Policy

1. Controller

The data controller is SCORP. Requests: legal@shopforge.app.

2. Data collected

Account data: name, email, hashed password, avatar, location.

Usage data: auth logs, AI assistant interactions, Etsy API calls.

Commercial data: shops, listings, niches, generated branding.

3. Purposes

Provide the ShopForge service and tailor it to your needs.

Improve our AI models (on anonymized data only).

Send transactional notifications (welcome, publish, wizard resume).

Meet legal and accounting obligations.

4. Sub-processors

Vercel (hosting, US/EU)

Supabase (database, EU)

Cloudflare R2 (image storage)

Anthropic via Vercel AI Gateway (AI, US)

Resend (transactional email, US)

Stripe (payments, US/EU)

Sentry (observability, US/EU)

All transfers outside the EU are governed by Standard Contractual Clauses.

5. Retention

Account data: as long as you use the service, then deleted within 30 days after a deletion request.

Technical logs: 30 days.

Accounting records: 10 years (legal obligation).

6. Your rights

Access, rectification, erasure, portability, objection and restriction.

You can export all your data in JSON from settings.

You can permanently delete your account from settings.

Other requests: legal@shopforge.app.

7. Cookies

Strictly necessary: authentication session, theme and language preferences.

Analytics: only after explicit consent via the banner.

No advertising or cross-site tracking cookies.

8. Security

Passwords are hashed with bcrypt.

All traffic is encrypted over TLS.

Application secrets are managed via Vercel + Supabase.

9. Supervisory authority

You can file a complaint with the CNIL (www.cnil.fr) if you believe your rights are not respected.