Privacy Policy

Last updated: May 2026

What we collect

Account email and profile name you provide
Shop data you enter: customers, vehicles, jobs, invoices, notes, messages
Technical logs: errors (if monitoring is enabled), authentication events via Supabase

How we use it

To operate the app, send invite emails you request, process subscriptions via Stripe, and improve reliability.

Where data lives

Data is stored in Supabase (PostgreSQL) in the region configured for your project. Static pages are served from your web host (for example Netlify). Service providers may process data in other regions according to their own terms and data processing commitments.

Sharing

We do not sell shop data. Subprocessors include Supabase (database/auth/storage), Stripe (subscription billing), Resend (invite email), and your static host provider.

Retention

Account and shop records remain until account closure or deletion request processing. Soft-deleted or archived records may remain for operational recovery, legal compliance, fraud prevention, and audit history. Backup snapshots may persist for provider-defined backup windows before expiration.

Security measures

ShopHand uses role-based access controls, row-level security in Supabase, tenant scoping by company, signed authentication sessions, and abuse protections such as API rate limiting for sensitive endpoints. No Internet transmission or storage system is guaranteed 100% secure.

Your rights

You can request account data export, correction, or deletion by contacting support. We may request verification of account ownership before processing requests and may retain minimum records required for legal, security, and billing obligations.

Contact

For privacy requests, contact support@shophand.us (update this address if your support mailbox differs).