Search docs... ⌘K
Legal

Privacy Policy

Last updated May 12, 2026 · 4 min read

Brandmind (“we”, “our”, “the app”) is a Shopify embedded application that provides AI-powered product copywriting and brand content generation for Shopify merchants. This privacy policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

Merchant Store Data

When you install Brandmind, we access and store the following data from your Shopify store:

  • Product catalog data: product titles, descriptions, variants, prices, collections, and product images.
  • Brand profile data: information gathered during the brand research crawl, including your brand name, target audience, tone of voice, and publicly available brand information used to generate on-brand content.
  • Content generation history: the AI-generated outputs (product descriptions, blog posts, etc.) along with the parameters used to produce them.
  • Store configuration: your app preferences such as selected product metafields and tone overrides.

We do not store customer names, emails, addresses, or any customer personally identifiable information (PII).

Merchant Staff Data

To authenticate your Shopify admin session, we store session tokens that may include the staff member’s first name, last name, email address, and locale. This data is provided by Shopify’s OAuth flow and is used solely for authentication.

Data Collected From Merchants’ Customers

We do not collect any data directly from your customers. Brandmind does not use cookies, tracking pixels, browser fingerprinting, or any other tracking technologies on your storefront. We do not access customer navigation logs, session data, or browsing behavior.

Data We Do Not Collect

  • Customer personally identifiable information (names, emails, addresses, phone numbers)
  • Payment or billing information
  • Individual order contents or shipping details
  • Browser cookies or tracking data

2. How We Use Your Data

We use the collected data exclusively to provide app functionality:

  • Generate AI-powered product descriptions, blog posts, and brand content
  • Build and maintain your brand profile for consistent tone and messaging
  • Manage content generation history and preferences

We do not sell, rent, or share your data with third parties. We do not use your data for advertising, profiling, or any purpose beyond the app’s stated functionality.

3. Third-Party AI Processors

Brandmind uses third-party AI services to generate content on your behalf. When you request content generation, we send limited data to these providers:

  • Anthropic (Claude): our primary AI provider. We send product data (title, description, variant info) and brand profile context (tone, audience, brand values) to generate content. Anthropic does not retain your data after processing the request.
  • OpenAI: used as a fallback provider when the primary service is unavailable. The same data scope applies. OpenAI does not retain your data after processing the request.

No customer personal data is ever sent to these providers. Only product catalog data and brand profile context necessary for content generation are transmitted. Both providers process data under our instruction and do not use your data to train their models.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted on Supabase (cloud infrastructure). Supabase acts as a data processor under our instruction and maintains GDPR-compliant infrastructure. All data is transmitted over encrypted connections (TLS/HTTPS). Access to the database is restricted to the application service only.

5. Geographic Data Processing

Brandmind is operated from outside the European Economic Area (EEA). Your data may be stored and processed in the United States and other regions where our infrastructure providers operate:

  • Supabase (database hosting): data is stored in US-based data centers.
  • Anthropic and OpenAI (AI processors): content generation requests are processed in the United States.

By using Brandmind, you consent to the transfer and processing of your data outside the EEA. All transfers are protected by encrypted connections (TLS/HTTPS) and our data processing agreements with each provider.

6. Data Retention and Deletion

  • On app uninstall: session data is deleted immediately. Store data (brand profile, generation history, configurations) is retained for 48 hours in case you reinstall.
  • After 48 hours: Shopify sends a shop redaction request, and all data associated with your store is permanently and irreversibly deleted from all tables.
  • On request: you can request immediate deletion of all your store data at any time from the Settings page within the app. This performs the same complete data erasure as the post-uninstall process.

7. GDPR Compliance

We comply with the EU General Data Protection Regulation (GDPR):

  • Customer data requests: since we do not store any customer PII, there is no customer data to disclose or export.
  • Customer data erasure: since we do not store any customer PII, there is no customer data to delete.
  • Shop data erasure: upon receiving Shopify’s shop redaction webhook, all data for your store is permanently deleted.

8. Shopify API Access

Brandmind requests the following Shopify API permissions:

  • write_products — to read your product catalog and push updated product descriptions back to Shopify
  • write_content — to create and update blog posts in your Shopify store

9. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will update the “Last updated” date at the top of this page and notify merchants via the app interface or the email address on file.

10. Contact

If you have questions about this privacy policy or your data, please contact us at support@brandmindapp.com.

Last updated May 12, 2026