← Legal

Privacy Policy

Last updated · 2026-04-28

This Privacy Policy explains what personal information we collect when you use AnyShop, operated at anyshop.io(the "Service"), how we use it, and the choices you have. We aim to collect the minimum needed to run the Service.

1. Roles

For data about sellers (account holders on AnyShop), we are the data controller. For data about buyerswho purchase from a seller's storefront, the seller is the data controller and we are a data processor acting on the seller's behalf.

2. What we collect — sellers

  • Account info: name, email, password hash.
  • Store config: store name, slug, branding, custom domain, fraud thresholds, products, and product metadata.
  • Connected processor credentials (API keys, webhook secrets) — encrypted at rest with AES-256-GCM.
  • Billing info for our $19/mo subscription, processed via Stripe.
  • Usage logs: requests, IP, user-agent, timestamps.

3. What we collect — buyers

When a buyer purchases from a seller's storefront, we record:

  • Email and name (from the seller's Stripe Checkout Session).
  • Order details: product, amount, currency, payment mode.
  • Buyer IP at order creation, used for fraud-velocity scoring on behalf of the seller.
  • Custom checkout-field values the seller asked for (e.g., delivery email, gamertag, etc.).
  • Postmark email-event timestamps for delivery / bounce / spam.

We do not store credit-card numbers. Payment-card data is handled by the seller's connected processor (Stripe / PayPal) and never touches our servers.

4. How we use it

  • To operate the Service for sellers and their buyers.
  • To send transactional email (delivery receipts, license keys, abandoned-cart, password resets, magic links).
  • To compute per-order fraud trust scores.
  • To prevent abuse, fraud, and security incidents.
  • To bill our $19/mo subscription where applicable.

We do not sell personal information. We do not run advertising on the Service. We do not share buyer data with marketers.

5. Sub-processors

  • Vercel — hosting and edge runtime.
  • Neon — managed Postgres database.
  • Postmark — transactional email delivery.
  • Stripe— billing for our $19/mo subscription, and (separately, on the seller's account) buyer payments.

6. Email tracking

We use Postmark's delivery, bounce, and spam-complaint webhooks to surface email status to sellers. We do not track email opens or clicks (TrackOpens is off and TrackLinks is off).

7. Retention

Seller account data is retained for the life of the account. Order records are retained for 7 years after the order date (consistent with typical tax-record requirements). Logs are retained for 90 days and then deleted. You can request earlier deletion via the contact below.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, port, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact privacy@anyshop.io. For buyer data, the seller is the controller — we will route your request to them and assist as required.

9. International transfers

Our infrastructure runs primarily in the European Union (Neon Postgres in eu-central-1, Vercel edge nodes globally). Transfers outside the EU/EEA are made under standard contractual clauses or equivalent safeguards.

10. Security

All connections use TLS. Processor credentials are encrypted at rest with AES-256-GCM. Passwords are hashed with bcrypt. We follow the principle of least privilege internally and review access regularly.

11. Cookies

We use a small number of strictly necessary cookies (auth session, per-product password unlock when used, CSRF) and no third-party analytics cookies. We do not run advertising trackers.

12. Changes

We'll announce material changes by email or in-product notice at least 14 days before they take effect.

13. Contact

Questions can be sent to privacy@anyshop.io.