Privacy Policy

Last updated: April 11, 2026

ComplyKit ("we", "us", or "our") is a Shopify application that helps merchants generate compliance warning copy for their product listings. This Privacy Policy explains how we collect, use, and protect information when you use ComplyKit.

1. Information We Collect

When you install ComplyKit, we access the following data from your Shopify store:

• Product titles, descriptions, tags, and categories
• Product metadata necessary for compliance classification
• Shop name and domain for authentication purposes

We do not collect, store, or process any customer personal information, order data, payment information, or any data unrelated to product compliance.

2. How We Use Your Information

We use the information collected solely to:

• Analyze your product catalog for FDA, FTC, and Prop 65 compliance requirements
• Generate compliance warning copy using AI
• Apply approved warning copy back to your product listings
• Improve the accuracy of our compliance classification engine

3. Data Storage and Security

Product data processed by ComplyKit is transmitted securely using TLS encryption. We do not permanently store your raw product data beyond what is required to complete a compliance scan session. Generated compliance copy may be cached temporarily to improve performance.

We use Gadget.dev as our application infrastructure provider. All data is stored and processed in accordance with Gadget's security standards.

4. Third-Party Services

ComplyKit uses the following third-party services:

• Anthropic Claude API — for AI-powered compliance classification and copy generation
• Gadget.dev — for application hosting and data processing
• Shopify API — for reading and writing product data

Each of these providers maintains their own privacy policies and data handling practices.

5. Data Sharing

We do not sell, rent, or share your data with any third parties for marketing or advertising purposes. Product data is only shared with the third-party services listed above as necessary to provide the ComplyKit service.

6. Data Retention

We retain data only as long as necessary to provide the service. Upon uninstalling ComplyKit, your store's data is deleted from our systems within 30 days.

7. Your Rights

You have the right to:

• Request access to the data we hold about your store
• Request deletion of your data at any time
• Uninstall ComplyKit at any time, which will terminate our access to your store

8. Compliance Webhooks

In accordance with Shopify's requirements, ComplyKit implements mandatory GDPR compliance webhooks including shop/redact, customers/redact, and customers/data_request endpoints.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Continued use of ComplyKit after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

[email protected]