Legal
Privacy Policy
Last updated: March 2026
Storehaus, Inc., a Delaware corporation ("Storehaus," "we," "us," or "our"), is committed to protecting the privacy of individuals who use our platform at storehaus.ai (the "Platform"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you access or use the Platform, whether as a Seller or a Buyer.
By using the Platform, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Platform.
1. Scope
This Privacy Policy applies to all users of the Platform, including Sellers (merchants who create and manage storefronts), Buyers (end customers who make purchases through Seller storefronts), and Visitors (individuals who browse the Platform without creating an account). This policy covers information collected through the Platform, our website, email communications, and any other interactions with Storehaus.
2. Information We Collect
2.1. Information You Provide Directly
Seller Account Information: When you register as a Seller, we collect your name, email address, business name and registration details, phone number, address, tax identification numbers, bank account or payment information (processed through Stripe), and government-issued identification documents where required for identity verification.
Buyer Information: When Buyers make purchases through Seller storefronts, we collect name, email address, shipping address, billing address, and payment information (processed through Stripe). Note: we do not store full credit card numbers on our servers.
Communications: When you contact us or communicate through the Platform, we collect the content of those communications, including support requests, chat messages, and feedback.
AI Interaction Data: When you use AI-powered features, we collect the prompts, instructions, and inputs you provide, as well as the AI-generated outputs.
2.2. Information Collected Automatically
Usage Data: We automatically collect information about how you interact with the Platform, including pages viewed, features used, actions taken, timestamps, referring URLs, and session duration.
Device and Technical Data: We collect your IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior. See Section 9 for details.
2.3. Information from Third Parties
We may receive information about you from third-party services that you connect to the Platform, including Stripe (payment and identity verification data), authentication providers (for customer login via magic link or one-time passwords), and public business registries.
3. How We Use Your Information
We use the information we collect for the following purposes:
Platform Operations: To provide, maintain, and improve the Platform. To process transactions and settlements. To manage Seller accounts and storefronts. To facilitate communication between Sellers, Buyers, and Storehaus. To provide customer support.
AI Services: To power AI-assisted features, including content generation, store operations, and customer service tools. Your prompts and interaction data may be sent to our AI service provider (Anthropic) for processing. We do not use your personal data to train third-party AI models.
Analytics and Improvement: To analyze usage patterns and improve the Platform experience. To conduct research and development. To monitor and prevent fraud, abuse, and technical issues.
Communications: To send you service-related notifications, including account alerts, transaction confirmations, and settlement reports. To send marketing communications where you have opted in (you may opt out at any time).
Legal and Compliance: To comply with applicable laws, regulations, and legal processes. To enforce our Terms of Service. To protect the rights, property, and safety of Storehaus, our users, and the public.
4. How We Share Your Information
We do not sell your personal information. We share your information only in the following circumstances:
4.1. Service Providers
We share information with third-party service providers who process data on our behalf. These providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database hosting (PostgreSQL) | All account and transactional data |
| Stripe | Payment processing | Payment details, identity verification, bank account information |
| Anthropic (Claude) | AI features | Chat prompts, store content, product data (no payment data) |
| PostHog | Product analytics | Usage events, anonymized behavioral data, device information |
| Sentry | Error monitoring | Technical error logs, device and browser information |
| Resend | Transactional email | Email addresses, message content |
4.2. Sellers and Buyers
When a Buyer makes a purchase, we share the Buyer's name, email, shipping address, and order details with the relevant Seller to enable order fulfillment. Sellers are responsible for handling Buyer data in accordance with applicable privacy laws.
4.3. Legal Requirements
We may disclose your information if required to do so by law, in response to a valid legal process (such as a court order or subpoena), to protect the rights, property, or safety of Storehaus or others, to detect, prevent, or address fraud or security issues, or in connection with a merger, acquisition, or sale of assets (in which case we will notify you).
4.4. With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide services to you. After account termination, we retain data for 30 days to allow for account recovery, then permanently delete it unless retention is required by law (such as tax or financial records, which we retain for up to 7 years), necessary to resolve disputes, or needed to enforce our agreements.
Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for analytical and statistical purposes.
6. Data Security
We implement industry-standard technical and organizational measures to protect your personal information, including encryption in transit (TLS 1.2+) and at rest, access controls and authentication requirements, regular security assessments, and database-level row-level security (RLS) ensuring multi-tenant data isolation.
Despite these measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, and you use the Platform at your own risk.
7. International Data Transfers
The Platform operates primarily in the United States. If you are located outside the United States (including in the Republic of Korea or the European Economic Area), your information will be transferred to and processed in the United States.
For transfers from the European Economic Area (EEA) or the United Kingdom, we rely on Standard Contractual Clauses approved by the European Commission, or other lawful transfer mechanisms. By using the Platform, you consent to the transfer of your information to the United States and other jurisdictions where we or our service providers operate.
8. Your Privacy Rights
8.1. Rights for All Users
Regardless of your location, you have the right to access the personal information we hold about you, correct inaccurate information, delete your account and associated data (subject to legal retention requirements), opt out of marketing communications, and receive a copy of your data in a portable format.
8.2. European Economic Area and United Kingdom (GDPR)
If you are located in the EEA or the UK, you have additional rights under the General Data Protection Regulation (GDPR), including the right to object to processing based on legitimate interests, the right to restrict processing in certain circumstances, the right to data portability, the right to withdraw consent at any time (where processing is based on consent), and the right to lodge a complaint with your local data protection authority.
Our legal bases for processing your personal data include performance of a contract (to provide the Platform and process transactions), legitimate interests (to improve the Platform, prevent fraud, and ensure security), consent (for marketing communications and optional features), and legal obligations (to comply with applicable laws).
8.3. California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with the following rights:
Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purposes for collecting the information, and the categories of third parties with whom we share the information.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing: We do not sell your personal information as defined under the CCPA/CPRA. We do not share your personal information for cross-context behavioral advertising.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
To exercise any of these rights, contact us at support@storehaus.ai. We will verify your identity before processing your request and respond within 45 days (or 90 days with notice of extension).
8.4. Korean Residents (PIPA)
If you are a resident of the Republic of Korea, you have rights under the Personal Information Protection Act (PIPA), including the right to access, correct, delete, and suspend processing of your personal information. To exercise these rights, contact us at support@storehaus.ai.
We process personal information of Korean residents in accordance with PIPA, including obtaining consent where required, providing clear notice of data processing purposes, and implementing appropriate security measures as specified by the Personal Information Protection Commission.
9. Cookies and Tracking Technologies
9.1. Types of Cookies We Use
Essential Cookies: Required for the Platform to function, including authentication, session management, and security. These cannot be disabled.
Analytics Cookies: Used to understand how users interact with the Platform. We use PostHog for product analytics. These cookies collect anonymized usage data.
Preference Cookies: Used to remember your settings and preferences, such as language selection and dashboard configuration.
9.2. Managing Cookies
You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Platform. We honor Do Not Track (DNT) signals from your browser.
10. Children's Privacy (COPPA)
The Platform is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we learn that we have collected personal information from a child under the applicable age, we will take steps to delete such information promptly. If you believe we have collected information from a child, please contact us at support@storehaus.ai.
11. AI-Specific Privacy Disclosures
11.1. When you use AI features on the Platform, your inputs (such as chat messages, product information, and instructions) are transmitted to Anthropic's Claude API for processing. Anthropic processes this data under a data processing agreement with Storehaus and does not use your inputs to train its models.
11.2. AI-generated outputs may be stored in our database as part of your chat history and action records. You may delete your chat history at any time through your account settings.
11.3. We do not use your personal data, product data, or transaction data to train any AI models. AI features process your data in real-time and do not retain it beyond what is necessary to provide the requested service.
12. Third-Party Links and Services
The Platform may contain links to third-party websites or services that are not operated by Storehaus. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through the Platform.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and, where appropriate, by sending you an email notification. The "Last updated" date at the top of this policy indicates when the most recent changes were made. Your continued use of the Platform after changes are posted constitutes your acceptance of the revised policy.
14. Data Protection Officer
For privacy-related inquiries, you may contact us at:
Storehaus, Inc. Email: support@storehaus.ai Subject line: Privacy Inquiry
We will respond to your inquiry within 30 days. If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.
15. Contact Information
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
Storehaus, Inc. Email: support@storehaus.ai