Privacy Policy

We collect information in the following categories:

Account Information. When you register, we collect your name, email address, and password. Shop owners provide additional business information such as shop name, address, phone number, and logo.

Shop Data. Data you enter into ShopMind as part of normal business operations — including customer profiles, vehicle records, job details, invoices, parts inventory, employee information, appointment records, and communications — is stored on our platform.

Payment Information. When you add a payment method, billing details are processed and stored by our payment provider, Stripe. We do not store full credit card numbers on our servers. We retain billing history such as invoice amounts and transaction dates.

Usage Data. We automatically collect information about how you interact with the Service, including pages viewed, features used, session duration, device type, browser type, and IP address. This data helps us improve the platform and troubleshoot issues.

Communications. If you contact our support team or respond to emails from us, we retain those communications to provide support and improve our services.

We use the information we collect to:

• Provide, operate, and maintain the ShopMind platform and all features you access.
• Process payments, send billing confirmations, and manage subscriptions.
• Send you transactional emails such as invoice delivery, appointment reminders, trial expiration notices, and account security alerts.
• Respond to support requests and troubleshoot issues with your account.
• Improve, personalize, and expand the Service based on aggregate usage patterns.
• Train and improve AI features using aggregated, de-identified data. We do not use your individually identifiable shop data to train AI models without your consent.
• Send product updates, feature announcements, and promotional communications (you may opt out at any time).
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with applicable laws and respond to lawful requests from government authorities.

Your data is stored on servers operated by Supabase, our database and infrastructure provider. Supabase infrastructure is hosted on AWS (Amazon Web Services) in the United States.

We implement the following security measures to protect your data:

• Encryption at rest — all database storage is encrypted using AES-256.
• Encryption in transit — all data transmitted between your browser and our servers uses TLS 1.2 or higher.
• Tenant isolation — each shop's data is completely isolated using row-level security. No shop can access another shop's data.
• Access controls — role-based access ensures team members only see data appropriate to their role.
• Audit logging — all significant actions within the platform are logged with timestamps and actor identities.

While we take reasonable steps to protect your information, no method of electronic storage or internet transmission is completely secure. We cannot guarantee absolute security.

We do not sell your data. We do not sell, rent, trade, or otherwise share your personal information or shop data with third parties for their own marketing or commercial purposes.

We share data only in the following limited circumstances:

• Service providers. We use trusted third-party vendors who process data on our behalf, including Supabase (database), Stripe (payments), Twilio (SMS), Resend (email delivery), and Google Cloud (AI features). These providers are contractually bound to protect your data and may not use it for other purposes.
• Legal requirements. We may disclose data if required to do so by law, regulation, legal process, or governmental request.
• Business transfers. If ShopMind is involved in a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.
• With your consent. We may share data in other ways with your explicit consent.

We use cookies and similar tracking technologies to operate the Service and understand how you use it.

• Essential cookies — required for authentication and core functionality. These cannot be disabled.
• Analytics cookies — used to understand usage patterns and improve the platform. These may be provided by third-party analytics tools.
• Preference cookies — used to remember your settings and preferences.

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

Depending on your location, you may have the following rights regarding your personal data:

• Access. You may request a copy of the personal data we hold about you.
• Correction. You may update inaccurate information directly in your account settings or by contacting us.
• Export. You may export your shop data (customers, vehicles, jobs, invoices) in CSV format from within the platform at any time.
• Deletion. You may request deletion of your account and associated data. Upon account closure, we will delete your data within 30 days, except where retention is required by law or legitimate business necessity.
• Opt out of marketing. You may unsubscribe from non-essential communications using the unsubscribe link in any email or by contacting us.
• Restriction of processing. In certain circumstances, you may request that we restrict how we process your data.

To exercise these rights, contact us at privacy@shopmindhq.com. We will respond within 30 days. We may need to verify your identity before processing certain requests.

We retain your data for as long as your account is active or as needed to provide the Service. If you cancel your account, we will retain your data for 30 days before permanent deletion, giving you time to export anything you need.

Some data may be retained for longer periods where required by law (such as financial records) or for legitimate business purposes such as fraud prevention, dispute resolution, or enforcement of our agreements.

Aggregated, de-identified data that cannot be used to identify you may be retained indefinitely for analytics and product improvement purposes.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly.

If you believe we may have collected information from a child under 18, please contact us at privacy@shopmindhq.com.

GDPR (European Users). If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to data portability, the right to object to processing, and the right to lodge a complaint with your local supervisory authority.

Our legal bases for processing your personal data include: contract performance (to provide the Service you signed up for), legitimate interests (to improve and secure the Service), and consent (for optional communications). Where we rely on consent, you may withdraw it at any time.

CCPA (California Residents). If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to delete personal information, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

To submit a verifiable CCPA request, contact us at privacy@shopmindhq.com. We will respond within 45 days.

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top of this page and, for material changes, notify you by email or through a prominent notice within the Service at least 30 days before the change takes effect.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries from EEA residents, or CCPA requests from California residents, please include your request type in the subject line so we can route it appropriately.