FoundByAI

Privacy Policy

Effective date: June 15, 2025  ·  Last updated: June 15, 2025

Overview

FoundByAI ("we", "our", or "us") is a Shopify app that helps merchants measure and improve their product visibility in AI assistant responses (ChatGPT, Claude, Gemini, Perplexity, and similar tools). This Privacy Policy explains what data we collect, how we use it, and your rights regarding your data.

We are committed to handling merchant data responsibly. We do not collect personal consumer data, and we do not sell any data to third parties.

Data We Collect

When you install FoundByAI, we collect and store the following data:

1. Shop Information

  • Your Shopify store domain (e.g., your-store.myshopify.com)
  • Shopify access token (stored securely in our session storage, used to make Admin API calls on your behalf)

2. Product Catalog Data

  • Product titles, descriptions, handles, vendors, types, tags
  • Product prices, inventory counts, and featured image URLs
  • This data is synced from your Shopify store when you click "Sync Products"

3. AI Query Data

  • Buyer prompts generated by FoundByAI from your product catalog
  • Raw text responses from third-party AI services (OpenAI GPT-4o-mini) in response to those prompts
  • Token usage counts from AI API calls

4. Analysis Data

  • Brand names mentioned in AI responses (extracted by AI analysis)
  • Descriptive keywords used by AI assistants to describe recommended products
  • Visibility scores and historical score snapshots
  • JSON-LD schema audit results for your product pages

5. Subscription Data

  • Your current FoundByAI plan name and billing status (Starter, Pro, or Scale)
  • Actual payment processing is handled entirely by Shopify Billing — we never see or store credit card or payment details

What we do NOT collect: We do not collect personal information about your customers (no names, emails, addresses, order histories, or any other consumer PII). FoundByAI operates exclusively on your product catalog and the AI-generated data derived from it.

How We Use Your Data

We use the data described above solely to provide the FoundByAI service:

  • Product catalog data is used to generate buyer prompts, build your llms.txt file, and provide schema audit results
  • AI query data is stored so you can view raw responses and track which AI assistants recommend your products
  • Analysis data (brand mentions, keywords, scores) is used to power the visibility dashboard, keyword gap analysis, and trend charts
  • Subscription data is used to gate features by plan tier and to verify billing status

We do not use your data to train AI models. We do not use your data for advertising. We do not sell, rent, or share your data with third parties for their own purposes.

Third-Party Services

FoundByAI uses the following third-party services to operate:

  • Shopify — Authentication, session management, and billing. Shopify's privacy policy: shopify.com/legal/privacy
  • Supabase — Cloud database where product catalog, prompts, responses, and analysis data are stored. Supabase's privacy policy: supabase.com/privacy
  • OpenAI — AI API used to query GPT-4o-mini with buyer prompts and to extract brands/keywords from responses. OpenAI's privacy policy: openai.com/policies/privacy-policy
  • Railway — Cloud hosting platform where the FoundByAI application server runs. Railway's privacy policy: railway.com/privacy

Buyer prompt text is sent to OpenAI to receive AI responses. We do not send personal customer data to OpenAI — only the AI-generated shopping queries based on your product catalog.

Data Retention

Your data is stored for as long as FoundByAI is installed on your store. When you uninstall the app, Shopify sends us a shop/redact webhook 48 hours after uninstallation. Upon receipt of this webhook, we permanently delete all data associated with your store from our database, including:

  • All synced product catalog data
  • All generated buyer prompts
  • All stored AI responses
  • All brand mentions, keywords, and visibility history
  • All schema audit results
  • Your subscription record

Your Rights — Data Access and Deletion

As a merchant using FoundByAI, you have the right to:

  • Access your data — All data FoundByAI has collected about your store is visible directly inside the app (product catalog, prompts, responses, visibility data).
  • Delete your data — Uninstall FoundByAI from your Shopify admin. Your data will be automatically deleted within 48 hours via the Shopify GDPR shop redact webhook.
  • Request manual deletion — If you need your data deleted before the 48-hour automatic window, contact us at the address below and we will delete it promptly.

Customer data requests: FoundByAI does not store personal data about your customers (shoppers). If a customer requests access to or deletion of their data under GDPR, CCPA, or similar regulations, there is no customer data held by FoundByAI to return or delete.

Security

We take reasonable technical measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption
  • Shopify access tokens are stored in a dedicated session storage database with restricted access
  • Product and AI data is stored in Supabase with row-level access controls scoped to your shop domain
  • We do not log or store your Shopify API credentials beyond what is required to maintain your active session

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of FoundByAI after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, want to request data access or deletion, or have any other privacy concerns, please contact us:

FoundByAI Support
Email: privacy@foundbyai.com
App: foundbyai-production.up.railway.app

We will respond to all privacy inquiries within 5 business days.

© 2026 FoundByAI. All rights reserved.