1. Introduction
True Margin ("we," "our," or "us") operates the True Margin profit analytics platform and browser extension. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
2. Information We Collect
We collect information that you provide directly and data from connected platforms:
- Account Information: Email address, name, and profile image when you create an account.
- Shopify Store Data: Order data, product information, customer names and emails, revenue, refunds, and fees from your connected Shopify store(s).
- Ad Platform Data: Campaign performance data (spend, impressions, clicks, conversions) from connected platforms including Meta, Google, TikTok, and Snapchat.
- Supplier Data: Order costs and shipping data from connected suppliers (CJ Dropshipping, AutoDS, etc.).
- Financial Data: Ad spend entries, expense entries, and cost data that you manually input.
- Referral Data: If you participate in our referral program, we collect your referral code, the IP address of referred users at signup, and referral status. IP addresses are used solely to prevent fraud and abuse of the referral program.
- Device and Access Data: IP address, browser type, and device information when you log in. This is used for security (trusted device verification) and fraud prevention.
3. Browser Extension
The True Margin Amazon Analyzer browser extension collects additional data to provide product research features:
- Amazon Product Data: Product titles, ASINs, prices, ratings, and review text scraped from Amazon product pages you visit while the extension is active.
- Review Analysis: Reviews are sent to our servers for AI-powered analysis. Results are cached by ASIN to improve performance.
- Authentication: Email and an API key stored locally in your browser via Chrome storage. We do not track which pages you visit — data is only collected when you actively trigger an analysis.
- Anonymous Usage: Anonymous users are identified only by IP address to enforce free scan limits. IP addresses are not stored permanently and scan counters expire after 30 days.
- Local Storage: Product watchlists and settings are stored locally in your browser and never sent to our servers.
4. How We Use Your Information
- Calculate and display profit analytics, including revenue, costs, and net profit.
- Generate P&L reports, product analytics, and customer lifetime value metrics.
- Provide attribution analytics to help you understand ad performance.
- Analyze Amazon product reviews to generate customer insights, sentiment analysis, and ad-ready copy.
- Send profit alerts and notifications based on rules you configure.
- Send email reports if you opt in.
- Improve and maintain our service.
5. Data Storage and Security
Your data is stored in a secure PostgreSQL database hosted by Neon. All data is encrypted in transit using TLS/SSL. We use industry-standard security measures including HMAC webhook verification, CSRF protection, and secure session management. Extension API keys are signed using HMAC-SHA256 and validated on every request.
6. Data Sharing
We do not sell, rent, or trade your personal information or business data. We do not share your data with third parties except as necessary to provide the service (e.g., database hosting, email delivery, AI analysis via Anthropic). Data sent to Anthropic for AI analysis is not used to train their models per their data usage policy. We may disclose data if required by law.
7. Data Retention
We retain your data for as long as your account is active. If you disconnect a store or delete your account, we delete associated data within 48 hours. Cached review analyses are retained for up to 60 days and then automatically expire. When a Shopify merchant requests data deletion through Shopify's GDPR process, we comply within the required timeframe.
8. Your Rights
You have the right to:
- Access: Request a copy of the data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data at any time.
- Portability: Export your data via our CSV export features.
- Disconnect: Revoke access to any connected platform at any time from the Settings page.
9. Cookies
We use essential cookies for authentication and session management. We use PostHog for anonymous product analytics. No advertising cookies or third-party trackers are used.
10. GDPR Compliance
We comply with the General Data Protection Regulation (GDPR) and Shopify's mandatory data protection requirements. We process data as a data processor on behalf of merchants (data controllers). We handle customer data request, customer data erasure, and shop data erasure webhooks from Shopify.
11. Shopify App Store
True Margin is a Shopify application. When you install True Margin from the Shopify App Store, the following applies:
- Data Access: We request only the minimum Shopify API scopes necessary to operate: read access to orders, products, customers, analytics, and script tag management for our first-party attribution tracking.
- Token Security: Shopify API access tokens are encrypted at rest using AES-256 encryption before being stored in our database. Tokens are immediately revoked and marked as invalid upon app uninstallation.
- Data on Uninstall: When you uninstall True Margin, we immediately revoke your access token, cancel active subscriptions, and mark your store as disconnected. Full data deletion occurs within 48 hours via Shopify's mandatory GDPR shop/redact webhook.
- GDPR Webhooks: We handle all three mandatory Shopify GDPR webhooks: customer data request (data export), customer data erasure (PII removal), and shop data erasure (full data deletion).
- Billing: Paid subscriptions are managed through Shopify's billing API. We do not collect or store any payment card information. All payment processing is handled by Shopify.
- Free Trial: Paid plans include a 7-day free trial. No charges occur during the trial period. You may cancel at any time during or after the trial.
12. CCPA Compliance
If you are a California resident, you have the right under the California Consumer Privacy Act (CCPA) to request disclosure of data we collect about you, to request deletion of your data, and to opt out of the sale of your personal information. We do not sell personal information. To exercise your rights, contact us at privacy@truemargin.ai.
13. Governing Law
This Privacy Policy is governed by the laws of the State of Wyoming, United States. True Margin Labs LLC is incorporated in Wyoming.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page.